APK size & non-fee libs

[IzzySoft]

Today's release unfortunately makes the app no longer compliant with the inclusion criteria of my repo, so I might have to remove it.

First, APK size doubled; as you didn't send me an in-advance warning, my updater took a random pick and fetched the x86 version, but even armeabi comes with 42 MB while the per-app limit in my repo is 30 MB.

Next, the app now has 2 non-free components included:

Offending libs:
---------------
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep

2 offenders.

That combination is a no-go. So for now I've reverted the update (switched back to the previous release and disabled updates) until we either find a solution, or I have to remove the app.

Possible solution: you set up a separate flavor coming without those two libs. That might mean a flavor coming without MPV (if removing those two dependencies is not possible otherwise). Then please provide the APK(s) of that release as well, and I tell my updater to fetch those. Could you please do that?

[yuroyami]

Thank you for bringing these matters to my attention. Regarding the APK size, I plan to address it by adding a flavor exclusively for Exoplayer, which means removing mpv. This change should help reduce the app's size back to its original state.

As for the inclusion of non-free libraries, it's surprising to see Firebase and GMS (Google Mobile Services) imported since my app doesn't require any connection to Firebase or Play services. I have thoroughly checked the dependencies and their subdependencies, and none of them appear to have any association with Firebase or Play services. I will need to investigate this further to understand why these libraries are being included.

Overall, I will keep you updated once I have resolved these issues. In the meantime, version 0.11.1 should be satisfactory, and updates can be disabled until a solution is found.

[IzzySoft]

I plan to address it by adding a flavor exclusively for Exoplayer, which means removing mpv. This change should help reduce the app's size back to its original state.

Great, thanks! I'm confident that flavor won't have those two libs then either, because…

it's surprising to see Firebase and GMS (Google Mobile Services) imported since my app doesn't require any connection to Firebase or Play services.

From the beginning, my suspicion is they were "dragged in" by MPV. You write you already have checked dependencies, so I guess you're aware of gradle :app:dependencies?

Overall, I will keep you updated once I have resolved these issues.

Much appreciated, thanks! Do you already have an ETA for that build flavor? Then I'd set myself a reminder to check back with you without annoying you with too many pings :wink:

[yuroyami]

I ran gradle : app:dependencies and it did the trick!

`+--- androidx.core:core-google-shortcuts:1.1.0 | --- com.google.android.gms:play-services-appindex:16.1.0

A dependency I recently added to add support for app shortcuts... Thanks for the handy Gradle command. I will see how I can work around using this dependency while keeping Firebase and GMS excluded.

My pace is quite inconsistent working on FOSS, so don't mind me, I will be the one pinging you for any further inquiries. Thank you sincerely for the valuable assistance!

[IzzySoft]

androidx.core:core-google-shortcuts

Rings a bell – vaguely remember this culprit from another project quite a while ago. Glad that Gradle command turned it up!

And OK, I'll be waiting for your ping then. Updates are disabled until end of this month (to be more precise: I've just shifted your app to the "slow track" which is updated monthly), so latest at July 1st/2nd my updater will send me a reminder, as the same problems will show up again :see_no_evil:

Until then: :crossed_fingers:

[IzzySoft]

Any news on this? As the month is over, the updater just brought in the same APK again here. I'd appreciate if I hadn't to revert that every month :wink:

[yuroyami]

@IzzySoft My sincere apologies. I understand that this situation has become burdensome, but regrettably, my busy schedule over the past month has prevented me from dedicating time to work on the app and address the ongoing issues. Nevertheless, rest assured that I'm currently wrapping up my current tasks and will give immediate attention to our APK-related problem as soon as circumstances allow 🫡

[IzzySoft]

OK, I know that feeling… So I keep my fingers crossed you can get it fixed before the updater kicked in again :crossed_fingers:

[yuroyami]

@IzzySoft Ping-ping, Neat changes to the APK flavoring have been done. Whenever a new release is uploaded, there'll be 4 ABI-specific APKs and one native-free APK (only Exoplayer included). This change will apply to all upcoming releases. You can already see it in action with the latest release 0.12.0. Just look for the APK named syncplay-0.12.0-exo-only.apk – that's the one without any mpv libs.

As for the non-free dependencies, I stripped androidx.core:core-google-shortcuts from its google gms dependencies. So anything with the group name com.google.android.gms is out of the picture.

Regarding Firebase... I went through gradle app:dependencies a few times, but no traces of it found. It's still a bit puzzling to me, I suspect the google shortcuts library might be playing some tricks but who knows, it might still be there.

Let me know how things go, and if there's anything else I can do. Thanks for your patience.

[IzzySoft]

Thanks, that sounds promising! I can give the APK a check when it's there – currently, the latest release is still the one from June.

[yuroyami]

@IzzySoft Precisely, there hasn't been a release since that one. I added a new exoplayer-only APK to that release with the name syncplay-0.12.0-exo-only.apk which should be free from mpv libs, as well as com.google.android.gms.

[IzzySoft]

Ah, now… Thanks, confirming size fits and offenders gone with that one. Just pulled it manually and added it to my repo (will show up with the next sync around 6 pm UTC), and told my updater to only consider APKs matching '/exo-only/i`. Re-enabling daily update checks then – please keep attaching that variant with future releases :smiley: (as "ack", you can close this issue then I guess – mission accomplished)

[yuroyami]

Excellent, much appreciated ! And apologies for the extra mile. I will have the variant attached with the future releases containing the same suffix, and I'm glad the offender libraries are gone (Oddly enough, the library functions the same way as it used to be, seems like some kind of data-collection thing Google is performing via these libraries... weirdos). Closing this issue for now, have a great day.

[IzzySoft]

seems like some kind of data-collection thing Google is performing via these libraries...

Surprise :see_no_evil: Not really, or? That's why I never trust their libraries to do only what they advertise them for. Collecting and selling data is their core business.

Closing this issue for now, have a great day.

Thanks, you too!