Yes, but there are different likelihoods involved.
The SDK mentioned upthread isn't a random animation framework, it's a library for sending user data. Today it sends just crash reports, but it's a small step for them to send more.
> when it comes to clients, they don't pay me to spend time reinventing the wheel, nor to setup some infrastructure that will also later have to be maintained. Heck, it's often hard enough to convince them to let me add tests
Do they pay you for including random unchecked dependencies and potentially turning them into malware vendors or exposing them to legal liability? Think of event-stream fiasco in the JS land.
As a user, if you ask me if you could send crash reports, I might say yes. If you don't ask or at least inform me up-front, and I learn that you send the data, I'll uninstall your app, period. Might even throw in a bad review just to make a point.
I wouldn't call something built by fabric (formerly owned by Twitter, now Google) some "random unchecked" dependency. Nor consider it could turn into malware.
I'll look that event-stream fiasco though. Thanks!
I stand corrected, this is not a random dependency (I only dabble in Android apps from time to time, so I didn't recognize the name; then again, your users won't recognize it either). But I'm sure it has plenty of fly-by-night competitors :).
In context of data management, being owned by Twitter and Google is not reassuring (as you yourself note upthread).
Well, at least I can be somewhat sure it's properly and safely stored, with a low likelihood of getting out in the open or being sold to some random third-party.
But yeah, the acquisition by Google made me twitch
The SDK mentioned upthread isn't a random animation framework, it's a library for sending user data. Today it sends just crash reports, but it's a small step for them to send more.
> when it comes to clients, they don't pay me to spend time reinventing the wheel, nor to setup some infrastructure that will also later have to be maintained. Heck, it's often hard enough to convince them to let me add tests
Do they pay you for including random unchecked dependencies and potentially turning them into malware vendors or exposing them to legal liability? Think of event-stream fiasco in the JS land.
As a user, if you ask me if you could send crash reports, I might say yes. If you don't ask or at least inform me up-front, and I learn that you send the data, I'll uninstall your app, period. Might even throw in a bad review just to make a point.