Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
com.mparticle:android-button-kit
Advanced tools
Hello! This is the public repo of the mParticle Android SDK. mParticle's mission is straightforward: make it really easy to use all of the great services in the app ecosystem. Our SDKs and platform are designed to be your abstraction layer and data hub, and we do the work of integrating with each individual app service so you don't have to.
The platform has grown to support 100+ partners in the ecosystem, including developer tools, analytics, attribution, marketing automation, and advertising services. We also have a powerful audience engine that sits atop our platform to let you action on all of your data - learn more here!
mParticle's Android integration is powered by a Core library, which supports mParticle's server-side integrations and audience platform.
You can grab the Core SDK via Maven Central. Please see the badge above and follow the releases page to stay up to date with the latest version.
dependencies {
implementation 'com.mparticle:android-core:5.58.2'
}
Several integrations require additional client-side add-on libraries called "kits." Some kits embed other SDKs, others just contain a bit of additional functionality. Kits are designed to feel just like server-side integrations; you enable, disable, filter, sample, and otherwise tweak kits completely from the mParticle platform UI. The Core SDK will detect kits at runtime, but you need to add them as dependencies to your build:
dependencies {
implementation (
'com.mparticle:android-example-kit:5.58.2',
'com.mparticle:android-another-kit:5.58.2'
)
}
Kits are deployed as individual artifacts in Maven Central, and each has a dedicated repository if you'd like to view the source code. Review the table below to see if you need to include any kits:
The Google Play Services Ads framework is necessary to collect the Android Advertisting ID. AAID collection is required by all attribution and audience integrations, and many other integrations. Include the -ads
artifact, a subset of Google Play Services:
implementation 'com.google.android.gms:play-services-ads-identifier:18.0.1'
If your app does not declare this permission when targeting Android 13 or higher, the advertising ID is automatically removed and replaced with a string of zeroes.
When apps target Android 13 or above, you will need to declare a Google Play services permission in the manifest file as follows:
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
For more information, please check out this link: https://support.google.com/googleplay/android-developer/answer/6048248?hl=en
mParticle supports several marketing automation and push messaging integrations. These require that mParticle register for an instance id using the Firebase Cloud Messaging framework:
implementation(platform("com.google.firebase:firebase-bom:29.1.0"))
implementation("com.google.firebase:firebase-messaging")
//optional
implementation("com.google.firebase:firebase-iid")
In order for attribution, deep linking, and many other integrations to work properly, the mParticle SDK collects the Google Play Install referrer string, which tracks the original link that brought the user to Google Play.
Since google has deprecated the "INSTALL_REFERRER" broadcast intent, you will need to add a the Play Install Referrer Library
Google now supports a library that surface the referrer string:
Simply add this dependency to your app and the mParticle SDK will detect it:
implementation 'com.android.installreferrer:installreferrer:1+'
Grab your mParticle key and secret from your workspace's dashboard and construct an MParticleOptions
object.
Call start
from the onCreate
method of your app's Application
class. It's crucial that the SDK be started here for proper session management. If you don't already have an Application
class, create it and then specify its fully-qualified name in the <application>
tag of your app's AndroidManifest.xml
.
package com.example.myapp;
import android.app.Application;
import com.mparticle.MParticle;
public class MyApplication extends Application {
@Override
public void onCreate() {
super.onCreate();
MParticleOptions options = MParticleOptions.builder(this)
.credentials("REPLACE ME WITH KEY","REPLACE ME WITH SECRET")
.logLevel(MParticle.LogLevel.VERBOSE)
.identify(identifyRequest)
.identifyTask(
new BaseIdentityTask()
.addFailureListener(this)
.addSuccessListener(this)
)
.build();
MParticle.start(options);
}
}
Warning: It's generally not a good idea to log events in your
Application.onCreate()
. Android may instantiate yourApplication
class for a lot of reasons, in the background, while the user isn't even using their device.
Proguard is a minification/optimization/obfuscation tool that's extremely useful, and it can also cause some sticky bugs. The mParticle SDK is already minified so there's no need to...double-minify it. If you're using Gradle there's nothing to do - we include a consumer-proguard
rules file inside our AAR
which Gradle will automatically include in your build. If you're not using Gradle, please add those same rules manually - see here for the latest.
requires
node
andnpm
The Android SDK provides the ability to enforce your Data Plan via linting. Currently, this feature is beta-level, but it only runs in the build environment, so there is no chance that it affects the runtime behavior of the mParticle SDK.
To enable Data Plan validation via linting, you must first download your Data Plan according to these steps
We recommended you add the Data Plan in your application's root level directory, but it can be located anywhere in your project directory since dataPlanFile
accepts a relative file path
The next step is to configure the mParticle Gradle Plugin. In your root build.gradle
use the following code to add the plugin dependency to your buildscript:
buildscript {
repositories {
mavenCentral()
}
dependencies {
...
classpath 'com.mparticle:android-plugin:5.12.10'
}
}
Next, apply the plugin in your project-level build.gradle
apply plugin: 'com.mparticle'
Either configure the mParticle Plugin object
mparticle {
dataPlanFile 'mp-dataplan.json' //(required) accepts filename or path
resultsFile 'mp-dp-results.json' //(optional) accepts filename or path
disabled false //(optional) defaults to "false"
verbose false //{optional) defaults to "false"
}
Or
provide an mp.config
config file in the project-level directory
{
"dataPlanFile": "./mp-dataplan.json", //(required) accepts filename or path
"resultsFile": "./mp-dp-results.json", //(optional) accepts filename or path
"disabled": "false", //(optional) defaults to "false"
"verbose": false //(optional) defaults to "false"
}
Install the mParticle CLI. More documentation is available in it's Github repo
./gradlew mpInstall
Note: Any changes to your dataplan are not applied until the Gradle Project Syncs
Validation Errors surface in multiple locations.
resultsFile
, if you configured one in the mParticle plugin./gradlew lint
This SDK contains a number of custom link checks. These are designed to make the development process simpler and more integrated.
If at any time, they become too intrusive, they can easily switch off by including the Lint ID in the following block of your build.gradle
:
android {
lintOptions {
disable {LINT_ISSUE_ID_1}, {LINT_ISSUE_ID_2}, {LINT_ISSUE_ID_3}...
}
}
Lint Issue ID | Description |
---|---|
MParticleVersionInconsistency | mParticle dependencies should, but do not have, matching versions |
MParticleInitialization | mParticle.start() is not being called in Application.onCreate(), or may be being called multiple times |
MParticleInstallRefReceiver | ReferrerReceiver is present, but has been removed |
Lint Issue ID | Description |
---|---|
DataplanViolation | DataPlan violations |
NodeMissing | The required node dependency is not present in the $PATH variable |
DataPlanMissing | Unable to fetch you DataPlan, could be a problem with credentials or network connectivity |
For information on regarding this topic please read our Onboarding Document
Just by initializing the SDK you'll be set up to track user installs, engagement, and much more. Check out our doc site to learn how to add specific event tracking to your app.
FAQs
android-button-kit for the mParticle SDK
We found that com.mparticle:android-button-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.