mwdat-core AAR manifest leaks app-level startup initializers #64
Description
Summary
The mwdat-core AAR's manifest includes an androidx.startup.InitializationProvider with initializer entries that don't belong in a library:
<provider
android:name="androidx.startup.InitializationProvider"
android:authorities="${applicationId}.androidx-startup"
android:exported="false">
<meta-data
android:name="androidx.emoji2.text.EmojiCompatInitializer"
android:value="androidx.startup" />
<meta-data
android:name="androidx.lifecycle.ProcessLifecycleInitializer"
android:value="androidx.startup" />
<meta-data
android:name="androidx.profileinstaller.ProfileInstallerInitializer"
android:value="androidx.startup" />
</provider>These are app-level initializers that appear to have leaked into the published AAR from the build environment. A library shouldn't be contributing these — they're concerns of the consuming application, not the SDK.
This causes a crash at app startup when emoji2 isn't on the consumer's runtime classpath (which it won't be unless pulled in by another dependency):
java.lang.RuntimeException: Unable to get provider androidx.startup.InitializationProvider:
androidx.startup.StartupException: java.lang.ClassNotFoundException:
androidx.emoji2.text.EmojiCompatInitializer
The same risk applies to ProfileInstallerInitializer.
Workaround
Consuming apps can remove the offending entries from the merged manifest:
<provider
android:name="androidx.startup.InitializationProvider"
android:authorities="${applicationId}.androidx-startup"
android:exported="false"
tools:node="merge">
<meta-data
android:name="androidx.emoji2.text.EmojiCompatInitializer"
tools:node="remove" />
</provider>Affected version
com.meta.wearable:mwdat-core:0.4.0