I feel like these trackers (Firebase Analytics and Visual Studio Crash Reporting) need to be looked at in context of the data they actually send and who they report to. According to the thread

> In the Mobile apps, Firebase Cloud Messaging (often mistaken for a tracker) is used only for push notifications related to sync and performs absolutely no tracking functions. Microsoft Visual Studio App Center is used for crash reporting on a range of mobile devices. In the Web Vault, Stripe and PayPal scripts are used for payment processing only on payment pages.

Compare this to LastPass where it was feeding data to Google Analytics and MixPanel, which do much more invasive levels of analysis in general.

Crash reporting within a password manager is a serious liability considering memory dumps would often contain secrets or encryption keys.

Firebase is Google. I don't know why they deserve different levels of trust. If Firebase has your permission to harvest your sync info, there is no reason to think this doesn't get copied right on over into googles 'track every click and movement' apparatus.

Firebase is Google, yes, and the name of a suite of mobile-related products. They have ML Kit, Crash analytics, configuration management, auth etc.

Also, Firebase Cloud Messaging is the only way to have push notifications on Android.

Using either of their products ( outside of Firebase Analytics and maybe Firebase Auth) isn't tracking users and isn't harvesting user data. It's using tools to make apps, that's it.

This assumes you're trusting Google. Technically you are still sending a lot of data to them (IP address and persistent identifier, which would allow them to correlate other info they gather from other sources) and they have the capability to use it for nefarious purposes if they decide.

Google is a malicious actor as a result of their business model and has already demonstrated their willingness to breach the GDPR with the non-compliant tracking consent prompts they use on their services, so it isn't that far-fetched to believe they can also use data from other services in ways you don't expect, especially when they can have plausible deniability.

The Firebase Data Processing and Security Terms [1] (section 5.2.1) limit Google's usage of any data they obtain through Firebase and would seem to prevent that sort of tracking.

[1] https://firebase.google.com/terms/data-processing-terms#5.pr...

Also in the same thread, you can download the no tracker version from F-droid.