Replace Firebase Analytics: fewer SDKs

Q: How do we audit our current dependency tree?

iOS: `swift package show-dependencies` (SPM) or `pod outdated` (CocoaPods) lists the tree. Android: `./gradlew :app:dependencies --configuration releaseRuntimeClasspath`. RN: `npm ls --all`. Flutter: `flutter pub deps`. Our [Dependency Privacy Scanner](/tools/dependency-privacy-scanner/) parses lockfiles from any of these and tells you which deps are forcing which privacy labels.

▸Example Firebase Analytics call (the "before")

swift Respectlytics

import FirebaseAnalytics

// Default Firebase event with rich per-user metadata:
Analytics.logEvent("purchase", parameters: [
    "value": price,
    "currency": "USD",
    "transaction_id": UUID().uuidString,
    "user_id": userId,
])

Every third-party SDK is a supply-chain surface — manifest permissions, network endpoints, transitive dependencies. The biggest reduction in privacy footprint often comes from simply shipping fewer SDKs. Respectlytics has zero ads, attribution, or routing dependencies — it's one HTTPS endpoint.

☑Remove Firebase Analytics cleanly

1
Remove pod 'Firebase/Analytics' from Podfile (and any Firebase/Core pulled by it that isn't needed elsewhere)
2
Remove implementation 'com.google.firebase:firebase-analytics-ktx' from build.gradle.kts
3
Remove @react-native-firebase/analytics from package.json
4
Remove firebase_analytics: from pubspec.yaml
5
Remove FirebaseApp.configure() and Analytics.logEvent call sites — replace with Respectlytics.configure() and Respectlytics.track("event_name")
6
Delete the GoogleService-Info.plist and google-services.json if no other Firebase product remains in the app
7
Run ./gradlew :app:dependencies and confirm play-services-ads-identifier is no longer in the runtime classpath

⇋Firebase Analytics vs Respectlytics — fewer third-party sdks

	Firebase Analytics	Respectlytics
Direct ad / tracking dependencies	— see tool note above	Zero
Pulls Google Play Services	— typically yes	No
Auto-merged manifest permissions	Often (AD_ID, ACCESS_NETWORK_STATE, etc.)	None added
Number of HTTP endpoints contacted	Multiple (varies)	One (Respectlytics API)
Open-source SDK	— varies by tool	Yes (MIT-licensed)

❓Frequently asked questions

How do we audit our current dependency tree?

iOS: swift package show-dependencies (SPM) or pod outdated (CocoaPods) lists the tree. Android: ./gradlew :app:dependencies --configuration releaseRuntimeClasspath. RN: npm ls --all. Flutter: flutter pub deps. Our [Dependency Privacy Scanner](/tools/dependency-privacy-scanner/) parses lockfiles from any of these and tells you which deps are forcing which privacy labels.

What if we still need install attribution?

First-party alternatives without an SDK: Apple SKAdNetwork (iOS), AdAttributionKit (iOS 17.4+), Google Play Install Referrer API (Android). These are built into the OS — your ads platform reads them directly. No mobile SDK required.

What about crash reporting and push notifications?

Those are separate concerns with their own SDKs — Sentry / Crashlytics / Bugsnag for crashes; OneSignal / FCM / APNs for push. Respectlytics doesn't bundle them in; you pick the dedicated SDK for each surface.

Does shipping fewer SDKs measurably improve app size or cold start?

Often, yes — measurably. Removing Firebase + AppsFlyer + Segment from a typical RN app can shave several megabytes of bundle and 100-300ms off cold start. See the [SDK Bundle-Size Comparator](/tools/sdk-bundle-size-comparator/) for specific numbers.

⇢Related migration guides

Replace Firebase Analytics to ship fewer third-party SDKs