▸Install the Swift (iOS) SDK
// Package.swift
dependencies: [
.package(url: "https://github.com/respectlytics/respectlytics-swift.git", from: "3.0.0")
]
// Or via Xcode → File → Add Packages → paste the URL above.The SDK ships only via Swift Package Manager. CocoaPods and Carthage are not published — fewer integration paths means fewer surfaces to keep audited.
▸Initialize Respectlytics in Swift (iOS)
import Respectlytics
@main
struct MyApp: App {
init() {
Respectlytics.configure(appKey: "<YOUR_APP_KEY>")
}
var body: some Scene { WindowGroup { ContentView() } }
}Call configure once at app launch — typically in your App struct's init. No Info.plist keys are required: the SDK does not call ATTrackingManager and does not request the IDFA, so NSUserTrackingUsageDescription should NOT be added.
✦Privacy & implementation notes
Firebase Analytics on Android typically ships ~15–25 transitive dependencies, including ad-tech libraries (Google Mobile Ads, play-services-ads-identifier) that contribute permissions to the merged manifest. Most teams discover this only after Google Play flags the Data Safety form. Respectlytics's dependency-light architecture means the merged manifest doesn't grow.
A useful audit habit: search your build output for any User-Agent string emitted by SDKs you didn't intentionally install. Branch, AppsFlyer, Adjust, Singular, mParticle, and others emit identifiable User-Agents — if your build has them and you didn't add the SDK, something transitive pulled it in.
Apple rejected approximately 3% of apps in 2024 for incorrectly omitting NSUserTrackingUsageDescription when ATT was required by the SDKs they shipped. Respectlytics doesn't trigger ATT. The corollary is also true: do not add the key on Respectlytics's account — its presence implies you track across apps, even if your code never calls requestTrackingAuthorization.
Internally the Swift SDK uses Swift Concurrency: events are queued in an actor-isolated buffer (RAM-only), flushed on a 30-second timer and on UIApplication.willResignActiveNotification. Force-quit before flush drops queued events — by design. There is no UserDefaults or file backing.
⇋How this compares to other analytics SDKs
| SDK supply chain | Firebase Analytics | Mixpanel | AppsFlyer | Respectlytics |
|---|---|---|---|---|
| Direct ad/tracking dependencies | Many (FCM, Google Mobile Ads, …) | Few | Many (Branch, partner SDKs) | Zero |
| Pulls Google Play Services | Yes (mandatory) | No | Yes | No |
| Adds `AD_ID` to merged manifest | Yes (auto) | Conditional | Yes | No |
| Network calls outside the analytics path | Yes (FCM, Crashlytics, …) | Yes (campaign tracking) | Yes (referrer SDKs) | No |
| Number of HTTP endpoints contacted | 5+ | 2–3 | 3+ | 1 |
❓Frequently asked questions
How do we verify the dependency tree?
On iOS: swift package show-dependencies (Swift Package Manager) lists the entire transitive tree. On Android: ./gradlew :app:dependencies --configuration releaseRuntimeClasspath shows everything in the release classpath. On RN: npm ls --all. On Flutter: flutter pub deps. Respectlytics's tree should be a single node with no children outside the standard library.
What about `URLSession` / `OkHttp` / `fetch`?
Those are platform standard libraries, not third-party trackers. They ship with the OS or the framework. Respectlytics uses them directly and doesn't introduce additional HTTP libraries on top.
Is open-sourcing the SDK enough to verify this?
Helpful but not sufficient. The dependency manifests (Package.swift, build.gradle, package.json, pubspec.yaml) are the authoritative source — those say what gets pulled at build time. Reading those is a 5-minute audit; reading the source is helpful for behavioral verification but not necessary for the dependency claim.
Are there any optional dependencies (Crashlytics-style) we'd need?
No. Respectlytics doesn't bundle crash reporting, push notification, feature flags, or experiments — those are separate concerns with their own SDKs (e.g., Sentry, OneSignal, GrowthBook). You can pair Respectlytics with whichever you need; we don't bundle them in to inflate the surface.