▸Install the Flutter SDK
# pubspec.yaml
dependencies:
flutter:
sdk: flutter
respectlytics_flutter: ^3.0.0Pure Dart — no platform channels for analytics. Same code on every platform Flutter compiles to (iOS, Android, web, macOS, Windows, Linux). On web, events are sent via the REST API; mobile platforms use the same path.
▸Initialize Respectlytics in Flutter
import 'package:flutter/material.dart';
import 'package:respectlytics_flutter/respectlytics_flutter.dart';
Future<void> main() async {
WidgetsFlutterBinding.ensureInitialized();
await Respectlytics.configure(appKey: '<YOUR_APP_KEY>');
runApp(const MyApp());
}Initialize in main() after WidgetsFlutterBinding.ensureInitialized() and before runApp(). The future completes immediately on configuration; events queued before completion are flushed once the network is available.
✦Privacy & implementation notes
Firebase Analytics on Android typically ships ~15–25 transitive dependencies, including ad-tech libraries (Google Mobile Ads, play-services-ads-identifier) that contribute permissions to the merged manifest. Most teams discover this only after Google Play flags the Data Safety form. Respectlytics's dependency-light architecture means the merged manifest doesn't grow.
A useful audit habit: search your build output for any User-Agent string emitted by SDKs you didn't intentionally install. Branch, AppsFlyer, Adjust, Singular, mParticle, and others emit identifiable User-Agents — if your build has them and you didn't add the SDK, something transitive pulled it in.
The Flutter SDK is pure Dart. No MethodChannel, no platform-specific iOS or Android plugin code. The same code runs on every platform Flutter supports — including web and desktop targets. This eliminates one common audit surface ("what's the Android implementation doing?").
Always initialize after WidgetsFlutterBinding.ensureInitialized() and before runApp(). If you skip the binding step, the configure call will throw on platforms that need a binding for asynchronous I/O. The SDK documentation example uses this pattern by default.
⇋How this compares to other analytics SDKs
| SDK supply chain | Firebase Analytics | Mixpanel | AppsFlyer | Respectlytics |
|---|---|---|---|---|
| Direct ad/tracking dependencies | Many (FCM, Google Mobile Ads, …) | Few | Many (Branch, partner SDKs) | Zero |
| Pulls Google Play Services | Yes (mandatory) | No | Yes | No |
| Adds `AD_ID` to merged manifest | Yes (auto) | Conditional | Yes | No |
| Network calls outside the analytics path | Yes (FCM, Crashlytics, …) | Yes (campaign tracking) | Yes (referrer SDKs) | No |
| Number of HTTP endpoints contacted | 5+ | 2–3 | 3+ | 1 |
❓Frequently asked questions
How do we verify the dependency tree?
On iOS: swift package show-dependencies (Swift Package Manager) lists the entire transitive tree. On Android: ./gradlew :app:dependencies --configuration releaseRuntimeClasspath shows everything in the release classpath. On RN: npm ls --all. On Flutter: flutter pub deps. Respectlytics's tree should be a single node with no children outside the standard library.
What about `URLSession` / `OkHttp` / `fetch`?
Those are platform standard libraries, not third-party trackers. They ship with the OS or the framework. Respectlytics uses them directly and doesn't introduce additional HTTP libraries on top.
Is open-sourcing the SDK enough to verify this?
Helpful but not sufficient. The dependency manifests (Package.swift, build.gradle, package.json, pubspec.yaml) are the authoritative source — those say what gets pulled at build time. Reading those is a 5-minute audit; reading the source is helpful for behavioral verification but not necessary for the dependency claim.
Are there any optional dependencies (Crashlytics-style) we'd need?
No. Respectlytics doesn't bundle crash reporting, push notification, feature flags, or experiments — those are separate concerns with their own SDKs (e.g., Sentry, OneSignal, GrowthBook). You can pair Respectlytics with whichever you need; we don't bundle them in to inflate the surface.