I created a very basic React Expo application and compiled it to an Android APK. In the Google Play Store I stated that my application does not collect any user data. To be save I installed the APK on my Android device and searched for trackers with TrackerControl. I was shocked to see that the App is sending data to Amazon and Facebook, although I am 100% sure that I did not implement this!
Is there a way to get rid of this dammit sniffing? I can't put in all the effort to reimplement everything in another framework...
Update:
Let me give a reproducible tutorial. First I created a simple expo navite application in Ubuntu 20.04 LTS with
expo init my-app
cd my-app
Then I build the APK with
expo build:android -t apk
This will print a web link to the console from where I can download the APK after about one hour. I Download it directly with my Android Phone and install it. Then I check which Tracker control and it recognized a lot of tracker software!
Translated to English: "Recognized tracker libraries:
Amplitude
Facebook Ads
Facebook Analytics
Facebook Login
Facebook Share
Google AdMob
Google Analytics
Google Firebase Analytics
Google Firebase Analytics
Google Play Install Referrer
Segment
"
And it immediately starts sending data to Amazon.com and Facebook.com:
It shows writes that sending data to Amazon.com is necessary (which it is not!) and the social tracker for Facebook which I also never installed! How can I remove all these trackers and at what point are they added? Maybe during the build process? Because it builds on some server where I lose control about the build process.
To get rid of these libs, you could switch to EAS Build (free tier with some limits like 30 lower prio builds/month, ...). We regarded this rather acceptable and I can confirm, that there are no trackers left using that approach:
Related
For automation testing purposes presently I am downloading the latest build from appcenter and storing it in my local. And in the script I am getting it installed on the android device. But this will not workout when I want to run the script through pipeline.
Is there any way to get the apk downloaded directly from appcenter and have it installed into the device.
App Center is a continuous integration, delivery, and testing solution for Android, iOS, macOS, and Windows apps. App Center let developers to ship apps faster and with more confidence by automating the development life cycle.
You can't directly download from app center and install it to android device. But you can upload your application binary package to app center and distribute it. You can distribute releases to individual testers or groups of testers. Azure DevOps uses the App Center Distribute Task for this.
Check Build, test, and deploy Android apps - Azure Pipelines document for more information.
This might be helpful in your case if you would like to upload the build from app center and run your test on real device or simulator:
https://www.browserstack.com/docs/app-automate/appium/integrations/app-center
so currently we are exporting APK to the play store and we are using Firebase app distribution for our testing track but now we want to start using App bundles instead of APK but the issue here that Firebase app distribution does not support App bundles, I thought of deploying an APK for the testing track and then publish an App bundle for play store release, but I think there is a risk here since the app bundle is not tested and may contain undiscoverable issue, our options are to migrate the testing track to the internal app sharing in the play console, is there a way to make Firebase app distribution support App Bundles or any other options?
Update May 2021: This is now available with Firebase App Distribution! You have to link Firebase to your Google Play account and then distribute .aab files without problems 👍
More info: https://firebase.google.com/docs/app-distribution/troubleshooting?platform=android#distribute-aabs
That's actually the only way for now. You have to upload AAB to playstore and APK to app distribution. Using app bundle will not cause any kind of testing issues or undiscoverable problems. I have worked at two mass-scale product companies, both are using the same formats and haven't faced any issue.
The best solution I have for now is to use Bundletool to create a universal .apk from my app bundle.
For our team, it was necessary to do this, since we had a dynamic feature module with <dist:fusing dist:include="true"/>, so ./gradlew assemble would not include this module in the build.
The command in CI looks something like this:
java -jar bundletool-all-1.0.0.jar build-apks --bundle=PATH_TO_YOUR_BUNDLE_FILE --mode=universal --output=zip.apks --ks=PATH_TO_KEYSTORE_FILE --ks-key-alias=YOUR_KEY_ALIAS --ks-pass=pass:YOUR_KEYSTORE_PASSWORD
Firebase App Distribution supports Android App Bundles (AAB)
This is documented on Firebase Distribute Android apps to testers using the Firebase console, just click the AAB button.
This guide describes how to upload Android App Bundles (AABs) to App Distribution and distribute generated APKs using the Firebase console. To follow this guide, you'll need to have access to a Google Play account for which you're an Admin or Owner, and an app that's been published on the Play account.
Caution: When you register your app with Firebase, make sure to enter the same package name as the app you're distributing. The package name value is case-sensitive and cannot be changed for your app in Firebase after it's registered with your Firebase project.
PS: Just upload your App Bundle (with caveats). That's what I'm gonna do now :)
I am having trouble getting Android permissions and/or Play Store code signing to work correctly with my Flutter app, which accesses Google Fit data.
My configuration:
I'm still just doing internal releases, so have not yet requested Google "verification" of my app.
I have two build flavors: flavor_alpha and flavor_dev, which connect to different Firebase databases.
For both flavors, the app attempts to access Google Fit data on the local device.
Each flavor has its own google-services.json, containing:
valid Firebase project info (project number, id, etc.)
"client_info" and "oauth_client" data which references the correct (I think!) client_id, package_name, certificate_hash.
For "local" testing, I build/install the app using a variety of mechanims. Behavior is the same for each:
directly via VS Code
flutter build apk; flutter install
flutter build appbundle; bundletool build-apks; bundletool install-apks
For "Play Store" testing, I build using "flutter build appbundle" then drag/drop the appbundle onto the Play store release upload webpage.
Behavior with flavor_alpha:
Access to Firebase project id: mydb-alpha
successfully authenticates via firebase_auth using email/password
successfully accesses data in Cloud Firestore
Access to device's Google Fit data (via "fit_kit" package)
successful access for locally installed build
unsuccessful if downloaded via Google Play
I assume this difference is due to re-signing that Google Play does. I have read and re-read the documentation related to keys and code signing, and I have tried changing the keys in google_services.json, but have not managed to resolve the problem. There's some detail I'm missing or not understanding fully. Also, due to the permissions problems I have with the other flavor (see below), I am not 100% convinced it is due to re-signing.
Behavior with flavor_dev:
Access to Firebase project id: mydb-dev-123
successfully authenticates via firebase_auth using email/password
successfully accesses data in Cloud Firestore
Access to device's Google Fit data (via "fit_kit" package)
fails to access in all cases (installed locally and via Play, debug and release)
Suggestions?
I don't understand why I am seeing different behavior for flavor_dev. Since it behaves differently from flavor_alpha, it seems I may have multiple things configured incorrectly in the build.
Can anyone point me in the right direction to resolve this, or at least help me confirm what is actually causing the problem(s)?
I am developing an Android game and currently trying to integrate with Google Play Game Services. I got stuck at the sign-on feature.
I use GoogleSignIn, getIntent, startActivityForResult etc. - all as described in Google manual. I think all's setup correctly, because when I build the app, deploy to Google Store (Internal Tests), and then I install it from there, all looks good: onActivityResult is called with result.isSuccess()==true and GoogleSignIn.getLastSignedInAccount returns != null.
The problem is when I try to run the app from Android Studio (or install APK manually). In this case, onActivityResult is called with SIGN_IN_REQUIRED and getLastSignedInAccount is always null. I am pretty sure all's setup fine (APK is signed, Android Studio is configured to sign the APKs etc.).
To ensure it's not about my Android Studio setup, I have installed manually exactly the same APK which I uploaded to Google Store but again - result is the same. When installed from Google Store, it's OK, when installed manually it's not (again: exactly the same APK binary).
Can you please help me? Theoretically I could continue development, but each I'd like to test something I'd need to upload new version to Google Store...
Thank you
Hmmm...its usual DEVELOPER ERROR, what you can do it..add your SHA1 code on firebase console, and it will work, it is showing this behaviour caus your signed key SHA1 is already added, that why it is working on release build and not on debug build, add your systems SHA1
How to get SHA1?
usually right side of android studio have a bar which says gradle click on it, expand it got to app>Tasks>android>signing report double click it...it will give you your SHA1, paste it on firebase console, wait for 1-2 minutes and check. It will work.
I am new to react-native app development. I wanted to know how can a developed app be shared between other developers without having a local dependency. Is an apple developer account needed for a test build to be shared in ios as well? How can the test build be created?. I wanted the build to be created and downloaded on any ios device or android for testing purpose and without having depending any of the local code changes.So the build downloaded should not get updated after any code change done after that.
Is there an easy way to do it?
To share a release build for Android please follow this guide Generating Signed APK.
But for iOS you gonna need a Apple Developer account, I don't know the whole process exactly.