Wikimedia Apps/Team/Android/Third Party Libraries

Here are practices the Android apps team will follow with respect to evaluating third party libraries.


 * Pin versions in the build.gradle file (avoid the + suffix on version numbers). Builds should be reproducible. Update explicitly.
 * Watch licenses and include the license in the About Activity.
 * Put the actual license text in a file under the assets/licenses directory
 * Add a link to it in the "libraries_list" string in the values/credits.xml file.
 * Check if library-specific ProGuard rules are needed.
 * In case new libraries are needed, team members will do the following:
 * Email mobile-l with the following points addressed, pointing to a page on mediawiki.org for further discussion:
 * Is the license permissive?
 * Is the library ubiquitous?
 * Is it actively maintained?
 * Is the library artifact in a public repo? (so we can just pull it in via Gradle; ideally in Maven Central; fallback JCenter)
 * What are the library's dependencies?
 * What is the impact on binary size?
 * Are special ProGuard rules needed for this library?