11 Jun 2020 |
Bubu | I don't think there are any false positives | 20:01:54 |
Bubu | this is going to take a lot of cleanup... | 20:05:26 |
wb9688 | Bubu: How are they even on F-Droid? | 20:05:08 |
Bubu | f-droids scanner isn't that clever | 20:06:04 |
Bubu | or say gradle has gotten a lot cleverer in pulling in dependencies without fdroid notiing | 20:06:20 |
Bubu | transitive dependencies of some popular libraries probably | 20:06:38 |
wb9688 | But why would "some popular libraries" even include a dependency on proprietary Google crap? | 20:08:00 |
wb9688 | And what will you do with the APKs that F-Droid already hosts including that crap? | 20:08:24 |
Bubu | because nobody cares | 20:08:28 |
Bubu | wb9688: maybe you want to double check, that I'm not doing something stupid | 20:09:17 |
Bubu | take https://f-droid.org/repo/com.corona_info_12.apk | 20:09:52 |
Bubu | and run it through $ANDROID_HOME/tools/bin/apkanalyzer dex packages | grep com.google.android.gms | 20:10:33 |
Bubu | * and run it through $ANDROID_HOME/tools/bin/apkanalyzer dex packages com.corona_info_12.apk | grep com.google.android.gms | 20:10:51 |
Bubu | I might be misinterpreting these results, but to me it looks like these classes are included in the package | 20:11:58 |
cdesai | Bubu: dex packages Prints the class tree from DEX. | 20:13:39 |
cdesai | P,C,M,F: indicates packages, classes methods, fields | 20:13:39 |
cdesai | x,k,r,d: indicates removed, kept, referenced and defined modes | 20:13:39 |
cdesai | they're all 'r' here. | 20:14:02 |
cdesai | but that looks like something (looks like mapbox from a decompile) is trying to use gms | 20:14:25 |
Bubu | im.pattle.app_791.apk has a lot of d s | 20:15:25 |
Bubu | I'm going to need to read what references mean | 20:16:04 |
Bubu | *means | 20:16:07 |
wb9688 | Bubu: Could you check if NetGuard 2.281 includes Google IAB? | 20:16:55 |
wb9688 | (I'm not on PC rn) | 20:17:08 |
Bubu | wb9688: nope | 20:19:04 |
Bubu | cdesai: I guess we only care about "defined"? | 20:22:02 |
wb9688 | Bubu: Hmm… it seems like it just uses https://github.com/M66B/NetGuard/blob/2.281/app/src/main/aidl/com/android/vending/billing/IInAppBillingService.aidl i.e. there's no proprietary Google crap. Some tool I was using to check recognizes that as the library being included though. | 20:23:36 |
wb9688 | Sorry for bothering you with that | 20:24:07 |
Bubu | no problem | 20:24:20 |
Bubu | The billing stuff is in AOSP I think | 20:24:34 |