Kotlin 1.9+ • minSdk 26 • JitPack 3.8.0+
Android SDK
First-party Kotlin SDK with full deep linking, attribution, auth, push, Live Updates, geofences, passkeys.
What's included
- Deep links (Branch parity): same `links.*` surface as iOS / RN — typed `LinkError` sealed class, `prewarm`, `revoke`, `getStats`, canonical `computeDeviceFingerprint()`.
- Auth Service: parity with iOS minus passkeys-via-Credential-Manager (in progress for s60).
- Push: FCM with auto-extracted project id, Live Updates via FCM data-only + `NotificationCompat.ProgressStyle` (API 34+).
- Geofences via `GeofencingClient` (Google Play Services), 100 regions cap.
- `EncryptedSharedPreferences` (AES256-GCM, AndroidKeyStore master) for `userId` + `deviceId`.
- Ships `networkSecurityConfig` that disables cleartext traffic library-wide.
Install
// settings.gradle.kts
dependencyResolutionManagement {
repositories {
mavenCentral()
maven { url = uri("https://jitpack.io") }
}
}
// app/build.gradle.kts
dependencies {
implementation("com.github.sendoracloud:sdk-android:3.8.0")
}Quickstart
// Application.onCreate
SendoraCloud.init(this, apiKey = "pk_prod_...", projectId = "<uuid>")
SendoraCloud.consent.grant()
// Identify + track
SendoraCloud.identify(
userId = "user_123",
traits = mapOf("email" to "u@e.co"),
)
SendoraCloud.trackEvent("purchase", mapOf("amount" to 29.99))
// Deep links — warm path (Activity)
override fun onNewIntent(intent: Intent) {
super.onNewIntent(intent)
intent.data?.let { SendoraCloud.links?.handleAppLink(it) }
}Security posture
- Secret-key refusal — `init()` aborts on `sk_*`.
- HTTPS only — library-level `networkSecurityConfig` disables cleartext + `ApiClient` refuses non-HTTPS.
- Identity tokens — HMAC anti-spoof.
- Encrypted storage — `EncryptedSharedPreferences` (AES256-GCM, AndroidKeyStore master).
- Backup exclusion — ships `sendora_backup_rules.xml` so the SDK's prefs are excluded from Auto Backup.
- Input validation — event name regex + property depth 5 + 32 KB cap + `__proto__` / `constructor` / `prototype` keys blocked.