▸Example Branch call (the "before")
import BranchSDK
Branch.getInstance().initSession(launchOptions: launchOptions) { params, error in
// Branch fingerprint + IDFA matching happens here.
if let referringLink = params?["~referring_link"] as? String {
// Route the user based on the deep link...
}
}
Branch.getInstance().userCompletedAction("Paywall Purchase", withState: [
BranchStandardEventTransactionId: orderId,
"revenue": price,
])Every third-party SDK is a supply-chain surface — manifest permissions, network endpoints, transitive dependencies. The biggest reduction in privacy footprint often comes from simply shipping fewer SDKs. Respectlytics has zero ads, attribution, or routing dependencies — it's one HTTPS endpoint.
☑Remove Branch cleanly
-
1
Remove Branch from your build (
Branch/io.branch.sdk.android:library/react-native-branch/flutter_branch_sdk) -
2
Remove
Branch.getInstance().initSession(...)anduserCompletedAction(...)call sites -
3
Decide what replaces Branch's deep-link routing — Universal Links + App Links are first-party alternatives (no SDK; OS-handled)
-
4
Remove Branch URL schemes from your
Info.plistandAndroidManifest.xml -
5
Delete the Branch app dashboard entry once events stop flowing
⇋Branch vs Respectlytics — fewer third-party sdks
| Branch | Respectlytics | |
|---|---|---|
| Direct ad / tracking dependencies | — see tool note above | Zero |
| Pulls Google Play Services | — typically yes | No |
| Auto-merged manifest permissions | Often (AD_ID, ACCESS_NETWORK_STATE, etc.) | None added |
| Number of HTTP endpoints contacted | Multiple (varies) | One (Respectlytics API) |
| Open-source SDK | — varies by tool | Yes (MIT-licensed) |
❓Frequently asked questions
How do we audit our current dependency tree?
iOS: swift package show-dependencies (SPM) or pod outdated (CocoaPods) lists the tree. Android: ./gradlew :app:dependencies --configuration releaseRuntimeClasspath. RN: npm ls --all. Flutter: flutter pub deps. Our [Dependency Privacy Scanner](/tools/dependency-privacy-scanner/) parses lockfiles from any of these and tells you which deps are forcing which privacy labels.
What if we still need install attribution?
First-party alternatives without an SDK: Apple SKAdNetwork (iOS), AdAttributionKit (iOS 17.4+), Google Play Install Referrer API (Android). These are built into the OS — your ads platform reads them directly. No mobile SDK required.
What about crash reporting and push notifications?
Those are separate concerns with their own SDKs — Sentry / Crashlytics / Bugsnag for crashes; OneSignal / FCM / APNs for push. Respectlytics doesn't bundle them in; you pick the dedicated SDK for each surface.
Does shipping fewer SDKs measurably improve app size or cold start?
Often, yes — measurably. Removing Firebase + AppsFlyer + Segment from a typical RN app can shave several megabytes of bundle and 100-300ms off cold start. See the [SDK Bundle-Size Comparator](/tools/sdk-bundle-size-comparator/) for specific numbers.