▸Install the Kotlin (Android) SDK
// build.gradle.kts (app module)
dependencies {
implementation("com.respectlytics:respectlytics-kotlin:3.0.0")
}Pure Kotlin coroutines implementation. No Java dependencies, no Google Play Services dependencies. ~300KB DEX overhead — compare to roughly 3.8MB for Firebase Analytics (a measurable cold-start improvement on lower-end devices).
▸Initialize Respectlytics in Kotlin (Android)
import com.respectlytics.android.Respectlytics
class MyApplication : Application() {
override fun onCreate() {
super.onCreate()
Respectlytics.configure(this, appKey = "<YOUR_APP_KEY>")
}
}Initialize once in Application.onCreate. No additional permissions in the manifest — INTERNET is sufficient. The SDK does not request AD_ID, does not query AdvertisingIdClient, and does not declare ACCESS_NETWORK_STATE.
✦Privacy & implementation notes
Open-source SDKs are the ground truth for security audits — a closed-source SDK requires you to trust vendor claims about behaviour, while an open one lets your security team verify behaviour from source. For regulated industries, this is often a procurement-gating requirement.
MIT (SDK) + AGPL (server) is the same license split used by GitLab, Sentry, MinIO, and other source-available SaaS. The pattern lets you ship the SDK with maximum permissiveness (no obligations on the consumer) while protecting the server from being forked into closed-source competing services.
Many teams discover the com.google.android.gms.permission.AD_ID permission in their merged manifest only after Google Play flags them — usually because a transitive dependency dragged it in. Respectlytics's Kotlin SDK has no Google Play Services dependency at all, so it cannot contribute to that merge.
The SDK is implemented as pure Kotlin coroutines with no Java sources, no RxJava, and no platform channels. Events are queued in a Channel<Event> buffered to a small ring (RAM-only), drained by a coroutine that flushes every 30 seconds or on backgrounding. There is no SharedPreferences usage.
⇋How this compares to other analytics SDKs
| SDK source availability | Firebase Analytics | Mixpanel | Amplitude | Respectlytics |
|---|---|---|---|---|
| Source publicly available | Partial | Yes (Apache 2.0) | Yes (MIT) | Yes (MIT) |
| Build artifacts match public source | Partial | Yes | Yes | Yes |
| Fork-and-modify allowed | Limited | Yes | Yes | Yes |
| Compile from source for audit | Limited | Yes | Yes | Yes |
| Public commit history | Limited | Yes | Yes | Yes |
❓Frequently asked questions
Where are the SDK repositories?
Each SDK has its own public repository under the Respectlytics organisation on GitHub. The repo URLs are linked from [/sdk/](https://respectlytics.com/sdk/). The repos contain source, tests, release tags, and CI configuration.
Are the published binaries reproducible from source?
Yes. Build instructions in each repo's README produce artifacts that match the published packages (CocoaPods/SPM/Maven Central/npm/pub.dev). The CI pipeline that publishes uses the same build commands. Reproducible builds are a goal we test against; if you observe a discrepancy, please file an issue.
Can we modify the SDK and ship our fork?
Yes — the MIT license allows it without restriction. Many enterprises fork to adjust logging, add internal tracing, or vendor the SDK into their build. The license covers this entirely.
What about the SERVER — is it also open source?
The server is AGPL-3.0 (a stronger copyleft license than the SDK's MIT). See the self-hosted-option page for details. SDK is MIT; server is AGPL — that's the standard split for source-available SaaS.