Permissions for Firebase Analytics and Crash
I used
//Analytics
compile 'com.google.firebase:firebase-core:9.2.1'
// Crash
compile 'com.google.firebase:firebase-crash:9.2.1'
and obtained those guys in my generated manifest:
<!-- Required permission for App measurement to run. -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<!-- Optional permission for App measurement to run. -->
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
Then we have the following block
<permission
android:name="my.package.name.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="my.package.name.permission.C2D_MESSAGE" />
My questions:
If I use only Firebase Analytics and Crash and don't need any messaging functional, is it Ok to remove the second block as follows:
<uses-permission android:name="my.package.name.permission.C2D_MESSAGE" tools:node="remove" />
What does it mean "Optional permission for App measurement to run" in the first block? Is it safe to remove that too?
Answer
Firebase Analytics uses FirebaseInstanceId. This can be seen by running the dependencies task in the Android Studio tool window for Gradle. This portion of the output shows the dependency on FirebaseInstanceId :
+--- com.google.firebase:firebase-core:9.2.1
| \--- com.google.firebase:firebase-analytics:9.2.1
| +--- com.google.android.gms:play-services-basement:9.2.1
| | \--- com.android.support:support-v4:24.1.0
| | \--- LOCAL: internal_impl-24.1.0.jar
| +--- com.google.firebase:firebase-common:9.2.1
| | +--- com.google.android.gms:play-services-basement:9.2.1
| | | \--- com.android.support:support-v4:24.1.0
| | | \--- LOCAL: internal_impl-24.1.0.jar
| | \--- com.google.android.gms:play-services-tasks:9.2.1
| | \--- com.google.android.gms:play-services-basement:9.2.1
| | \--- com.android.support:support-v4:24.1.0
| | \--- LOCAL: internal_impl-24.1.0.jar
| \--- com.google.firebase:firebase-analytics-impl:9.2.1
| +--- com.google.android.gms:play-services-basement:9.2.1
| | \--- com.android.support:support-v4:24.1.0
| | \--- LOCAL: internal_impl-24.1.0.jar
| +--- com.google.firebase:firebase-iid:9.2.1 <== FirebaseInstanceId
| | +--- com.google.android.gms:play-services-basement:9.2.1
| | | \--- com.android.support:support-v4:24.1.0
| | | \--- LOCAL: internal_impl-24.1.0.jar
| | \--- com.google.firebase:firebase-common:9.2.1
| | +--- com.google.android.gms:play-services-basement:9.2.1
| | | \--- com.android.support:support-v4:24.1.0
| | | \--- LOCAL: internal_impl-24.1.0.jar
| | \--- com.google.android.gms:play-services-tasks:9.2.1
| | \--- com.google.android.gms:play-services-basement:9.2.1
| | \--- com.android.support:support-v4:24.1.0
| | \--- LOCAL: internal_impl-24.1.0.jar
| \--- com.google.firebase:firebase-common:9.2.1
| +--- com.google.android.gms:play-services-basement:9.2.1
| | \--- com.android.support:support-v4:24.1.0
| | \--- LOCAL: internal_impl-24.1.0.jar
| \--- com.google.android.gms:play-services-tasks:9.2.1
| \--- com.google.android.gms:play-services-basement:9.2.1
| \--- com.android.support:support-v4:24.1.0
| \--- LOCAL: internal_impl-24.1.0.jar
The C2D_MESSAGE permission comes from the manifest associated with the firebase-iid library. My guess is that without it, FirebaseAnalytics would not be able to obtain a unique ID for the device and would be unable to report data.
Regarding the WAKE_LOCK permission, see this related answer.
I doubt it is safe to remove any of the permissions. You could find out by running without them and seeing if analytics reports any events.