nowinandroid icon indicating copy to clipboard operation
nowinandroid copied to clipboard

Published 20 hours ago verified publisher icon android

upgrade to Firebase BoM 32.5.0 and remove Firebase KTX

Open thatfiredev opened this issue 1 year ago • 6 comments

Thanks for submitting a pull request. Please include the following information.

What I have done and why This PR should:

  • upgrade Firebase to v32.5.0
  • migrate from Firebase KTX to the main modules, per https://firebase.google.com/docs/android/kotlin-migration

Do tests pass?

  • [x] Run local tests on DemoDebug variant: ./gradlew testDemoDebug
  • [x] Check formatting: ./gradlew --init-script gradle/init.gradle.kts spotlessApply

Is this your first pull request?

  • [x] Sign the CLA
  • [x] Run ./tools/setup.sh
  • [x] Import the code formatting style as explained in the setup script.

thatfiredev avatar Oct 31 '23 22:10 thatfiredev

@thatfiredev Apologies for the noise on this PR. You have some formatting errors and I'm trying to setup our CI so it can fix them automatically, then commit the changes to your fork.

dturner avatar Nov 02 '23 14:11 dturner

@thatfiredev This change adds the following permissions and properties to the app manifest:

uses-permission: name='android.permission.ACCESS_ADSERVICES_ATTRIBUTION
uses-permission: name='android.permission.ACCESS_ADSERVICES_AD_ID
property: name='android.adservices.AD_SERVICES_CONFIG' resource='res/xml/ga_ad_services_config.xml'

These seem related to advertising but the app has no ads. Please could you explain why these entries are necessary? Or how they can be removed if they are not.

dturner avatar Nov 02 '23 19:11 dturner

@dturner that was added to the Firebase Analytics SDK in v21.5.0 to support the Android Privacy Sandbox.

Since they're unrelated to the original intention of this PR, I went ahead and removed the permissions with tools:node="remove". I'm just not sure how to remove that property - how much of a concern is it to keep it? If it causes trouble, we can file a bug for the SDK team to not include it.

thatfiredev avatar Nov 03 '23 14:11 thatfiredev

Thanks for making the changes.

I'm just not sure how to remove that property - how much of a concern is it to keep it?

I guess that's the point, we don't know. Does it have any impact on what is shown in the Play Store? Or on the user's device at install or runtime? As this property is being added by a 3rd party library (Firebase) it makes sense for that library provider to justify the impact of any public facing changes to the app.

Seems related to the Privacy Sandbox. Docs are here: https://developer.android.com/design-for-safety/privacy-sandbox/setup-api-access#configure-api-specific. Any chance you could investigate and let me know the impact of adding, or whether we should take steps to remove?

dturner avatar Nov 06 '23 10:11 dturner 

Any chance you could investigate and let me know the impact of adding, or whether we should take steps to remove?

Can do :) Will post my findings soon

thatfiredev avatar Nov 09 '23 22:11 thatfiredev

Any update here @thatfiredev?

dturner avatar Mar 05 '24 20:03 dturner

Spent some more time today researching android.adservices.AD_SERVICES_CONFIG and why it's added by Firebase. As I understand it (which I barely do), it seems this is just a pointer to placeholder file which could be used to configure fine-grained access to the various Ad services APIs.

Seems innocuous enough so I'm adding it to badges so this PR can be merged to unblock other development.

dturner avatar Jul 05 '24 09:07 dturner

@dturner Sorry for the radio silence, I totally forgot to look into this, but it seems like the engineering team is looking at it internally: b/340307974

thatfiredev avatar Jul 05 '24 14:07 thatfiredev

No worries, thanks for the link. It enabled me to figure out how to remove the property. Done in #1539

dturner avatar Jul 08 '24 18:07 dturner