@kmicu we will verify with the development team; there was a patch to remove the non-free dependencies a while ago, but it would be good to make sure it's in that website build. We install the APK on systems that don't have GCM or MicroG installed regularly, but it may be that some things are broken that aren't obvious. Stay tuned.
@kmicu that all said, we work with many people who don't have free platforms (almost all of them). We recommend Copperhead OS where we can (though it supports only Nexus and Pixel phones) and LineageOS, but have a hard time convincing anyone to use Replicant on the models it currently supports, especially if it requires a USB dongle for wifi.
@kmicu so, it's a tough problem. We try to encourage methods with least friction and fewest compromises, which Wire definitely is. We also want to respect privacy during the process of connecting users (we have strong reservations about sharing phone #'s between contacts, let alone signing up with one, which we also don't recommend in Wire).
Localytics hosts can be found in classes*.dex. Tracking seemed to handle by https://github.com/wireapp/wire-android/blob/5589bdca6cbe981b275470aa523b78a26db3d4a8/app/src/main/scala/com/waz/zclient/tracking/GlobalTrackingController.scala
@kmicu @U039b libspotify is also in the manifest for that APK, which is definitely not necessary for the app to function (though obviously would kill the spotify features, which isn't a problem). More importantly, it would seem the license terms here wouldn't allow it to be distributed under GPLv2 or 3: https://developer.spotify.com/technologies/libspotify/#terms-of-use
glad to be looking at this now. if still interested, please help me collect info in this pad: https://pad.riseup.net/p/wire-app-issues
@privacylab I prefer to trust the source code. Where is a source code for the standalone APK? Code in Wire’s Github repo *bundles* Google’s binary blobs. Am I my missing something? Please, do not confuse *using GCM* with *bundling GCM*. Wire can work on a phone without a GCM/GooglePS, but it can still bundle Google binary blobs. For example that’s the case with Signal:
@kmicu we'll get to the bottom of this, but know the difference (paid very close attention to the loong Signal / LibreSignal / Noise debates). It is a surprise to us that the APK uses GCM, but it's worth doing some testing to see if those services are running etc. Like you said, the source is most important here.