-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is firebase required for Android ? #5
Comments
Hi! Firebase is needed for the scanning of codes in Android. We use Firebase ML kit (https://firebase.google.com/docs/ml-kit/) which is the "newer version" of Google's Vision (https://developers.google.com/vision/). In iOS it isn't needed because it has native support for scanning codes. I will add something explaining this in the readme, thank you! |
Does this make a lot of overhead in terms of speeds ? |
I don't know, maybe in very low end devices. I have Firebase in all of my apps in production because you need it for basic stuff like push notifications. Adding Firebase is something more or less standard nowadays. When the app launches it downloads the models needed to scan the codes you want. There's a way of making this faster for the user that downloads it from the Play Store, I will add this too in the readme. |
Thanks! I can now start using this library with the clarifications. :) |
Why ML kit? It will bar your plugin from many scenarios, eg. from personal id document scans in Europe. Have you considered zxing? It is able to process 1D and 2D codes since android api13. There are two zxing plugin attempts, both defunct now: More zebra crossing: :) PS. I know that ML its easier if your app already has dependencies on it. But please look at a standalone reader possibilities. Thx. |
According to this: https://firebase.google.com/support/privacy/#firebase_is_gdpr_ready is it GDPR compliant? I don't really know much about GDPR, but isn't more Google trustful than zxing? |
@facundomedica Good point! While zxing and derivatives are opensourced the effort of compiling them tells me that all but a few would use :aar path. So - yes, indeed. Google's code, even closed, might have higher level of trust. |
I'll keep this issue opened and will try to do some tests. Not having to install Firebase might improve the onboarding experience |
It is a nice plugin but it not working on device without Google Play Service supported. |
I suggest using Google Mobile Vision instead. I imagine that would address the trust issue and remove the firebase dependency. |
Or, would anyone be interested in helping port the QR portion of the zxing library to Dart? (Someone did it for JS years ago). |
Can we use without ML dependency ?? |
The dependency on an opaque library for decoding the image is a problem for me too. I'd much rather an open-source library was used, instead of one that might (now or in the future) send unwanted telemetry or training data to Google. (I realise scanning codes usually isn't that critical an area, but if it's scanning things like encryption keys that can be quite an issue for some people.) So I'd be keen on a a Flutter solution that didn't depend on Firebase or Play Services. I like a lot about this library though. It's hard to find a QR decoder for Flutter that uses a Preview widget instead of taking over the entire screen, and a Preview widget is exactly what I'm after. I've had some success with the com.journeyapps:zxing-android-embedded library mentioned above. Adding these two dependencies:
to the Android part allowed me to get the QR code (or not) from an image file with the following code:
(It's not production-ready but I had difficulty finding any useful samples so I thought it might be useful here. And the reason for loading it from a file is because the default Camera plugin can only take pictures by saving to a file...) Is there anything I can do to encourage removing of the Firebase dependency? I don't have the skills to implement the pull request but if I can help... |
@krolaw Google Mobile Vision is deprecated. @tangxiucai2 no, sorry. @OpinionatedGeek thanks for the analysis. According to Google the data is analyzed in-device, meaning that they are not doing anything with your data on the cloud. I agree that for more secure use cases you should have an open source library with its version pinned (to avoid an addition of a backdoor/tracking/malicious code). Anyway, I can't guarantee the security of either options, so I'm not sure what are the next steps. Maybe the way to go is to encourage reading carefully the terms of privacy of ML Kit? |
@facundomedica Thanks for your speedy reply! Yeah, you're right about pinning the version. I'd also be reluctant to depend on a service like ML Kit that's updated independently of my app - I'd hate to be in the situation where I release my app and all's well for a while, then Google change the binary and T&Cs of ML Kit and suddenly my installed app is depending on privacy behaviour that no longer exists. I guess this means I need to go further with my zxing experiments, and hook it up to the camera output somehow. Thanks for your response - I do appreciate it. |
I agree with @OpinionatedGeek about sensitive uses of QR/Aztec codes. ML is a big no-no for this.
Unfortunately Google nowadays can pull this carpet from under your feet any next day. (In testing cohort, after rolling user may not opt-out) |
ML Kit is up! |
I have one question. Why is the firebase plugin required for this to work ?
At the beginning it sounded suspicious, but after looking at your code i didn't find anything bad.
So, i wanted to ask it first, why do i need it ?
It could be a good thing to explain it on the homepage plugin and on the doc, for people who need the fastest app for critical applications (like me) and cannot add "junk" to the app without a real reason.
Thanks
The text was updated successfully, but these errors were encountered: