FAQ
If you have questions not answered here, please ask! Both filing an issue or asking on Discord work.
We use the term “release” to mean preparing a binary for the app stores. In
order to later generate a patch Shorebird needs to know the exact binary that
was shipped to the app stores. The shorebird release command is used to
prepare a binary for the app stores which includes the Shorebird updater.
We use the term “patch” to mean a binary that can be applied to a release to
update it to new code. The shorebird patch command is used to generate
a patch from your new local code which is then diffed with the release binary
to generate a patch which is then shipped to your users.
We explain more of these terms in Overview.
We have not attempted to restrict access to Shorebird from any country.
We recognize that some countries have restrictions on what urls can be accessed from within the country. Shorebird currently uses Google Cloud for hosting, including Google Cloud Storage and Google Cloud Run.
The following URLs are used by Shorebird:
- https://console.shorebird.dev — used to interact with Shorebird’s services via the web.
- https://api.shorebird.dev — used by the
shorebirdcommand line tools to interact with the Shorebird servers as well as the Shorebird updater on users’ devices to check for updates. - https://download.shorebird.dev — used by the
shorebirdcommand line tool to download Flutter artifacts for building releases and patches. - https://storage.googleapis.com — used by the
shorebirdcommand line tool to upload and download release and patch artifacts, and by the Shorebird updater on user’s devices to download the patches.
Shorebird also uses Microsoft or Google OAuth login, which have their own required urls for login (e.g. login.microsoftonline.com or oauth.google.com).
All traffic to and from Shorebird servers travels over https (port 443) and is encrypted using standard Transport Security Layer / Secure Sockets Layer (TSL/SSL) protocols.
If all of those URLs are accessible from your country, then Shorebird should work.
If your region requires use of FLUTTER_STORAGE_BASE_URL Shorebird may not work for you at this time as we also use that environment variable as part of our implementation. We have plans to remove this restriction, let us know if this is important to you.
Yes.
The Play Store offers two restrictions relating to update tools.
- Updates must use an interpreter or virtual machine (Shorebird uses the Dart Virtual Machine). https://support.google.com/googleplay/android-developer/answer/9888379?hl=en
An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (such as dex, JAR, .so files) from a source other than Google Play. *This restriction does not apply to code that runs in a virtual machine or an interpreter* where either provides indirect access to Android APIs (such as JavaScript in a webview or browser).
Apps or third-party code, like SDKs, with interpreted languages (JavaScript, Python, Lua, etc.) loaded at run time (for example, not packaged with the app) must not allow potential violations of Google Play policies.- Changes to the app must not be deceptive (e.g. changing the purpose of the app via update). https://support.google.com/googleplay/android-developer/answer/9888077 Please be clear with your users about what you are providing with your application and do not violate their expectations with significant behavioral changes through the use of Shorebird.
Shorebird is designed to be compatible with the Play Store guidelines. However Shorebird is a tool, and as with any tool, can be abused. Deliberately abusing Shorebird to violate Play Store guidelines is in violation of the Shorebird Terms of Service and can result in termination of your account.
Code push services are widely used in the industry (all of the large apps I’m aware of use them) and there are multiple other code push services publicly available (e.g. expo.dev & appcenter.ms). This is a well trodden path.
Microsoft also publishes a guide on how their React Native “codepush” library complies with the app stores: https://github.com/microsoft/react-native-code-push#store-guideline-compliance
Yes.
Similar to the Play Store, the App Store offers both technical and policy restrictions.
3.2.2... interpreted code may be downloaded to an Application but only so long assuch code:(a) does not change the primary purpose of the Application by providingfeatures or functionality that are inconsistent with the intended andadvertised purpose of the Application as submitted to the App Store,(b) does not create a store or storefront for other code or applications, and(c) does not bypass signing, sandbox, or other security features of the OS.Shorebird uses a custom Dart interpreter to comply with the interpreter-only restriction for updates on iOS. So long as your application is not engaging in deceptive behavior via updates (e.g. changing the purpose of the app via update), updating via Shorebird (or any other code push solution) is standard industry practice and compliant with App Store guidelines.
Deliberately abusing Shorebird to violate App Store guidelines is in violation of the Shorebird Terms of Service and can result in termination of your account.
Microsoft also publishes a guide on how their react native “codepush” library complies with the app stores: https://github.com/microsoft/react-native-code-push#store-guideline-compliance
We try to keep: https://docs.shorebird.dev/status up to date with the status of the project.
Our project boards are also public an found at: https://github.com/orgs/shorebirdtech/projects
Our team also operates in the public, so you can see what we’re working on at any time. We’re happy to answer any questions you have about our roadmap or priorities via GitHub issues or Discord.
No. Shorebird has no current plans to offer on-prem, self-host or cloud-prem offerings. We would be happy to discuss with you any and all ways in which we can improve our centrally hosted solution to best match your needs.
Yes! The Shorebird free “Hobby” tier only supports a single developer, but all other plans support unlimited developers.
See Organizations for more information.
No. Shorebird servers never see your source code. When you run
shorebird release or shorebird patch the shorebird tool only uploads the
same compiled app binary that you send to the app stores. Shorebird servers
never store your source code at any time.
See also our privacy policy: https://shorebird.dev/privacy
Yes. Shorebird is intended to be used from CI systems. We’ve published a guide for GitHub Actions, other CI systems should be similar.
Please don’t hesitate to reach out over GitHub issues or Discord if you encounter any issues.
Code push allows adding new code / replacing code on the device. Firebase Remote Config and Launch Darkly are both configuration systems. They allow you to change the configuration of your app without having to ship a new version. They are not intended to replace code.
I haven’t measured recently, but I expect the code push library to add less than
one megabyte to Flutter apps. flutter build apk --release vs.
shorebird build apk --release should give you a rough idea. We know of ways
we can make this smaller when that becomes a priority. If size is a blocker
for you, please let us know!
Yes. There is no limit on the size of the application that can be patched with code push. As noted in Overview, Shorebird can change any Dart code in your application no matter of size.
We’ve seen a variety of uses, including:
- Emergency fixes to production apps.
- Shipping bug fixes to users on older versions of your app.
- Shipping constantly (e.g. every hour).
Note that most app stores prohibit shipping code that changes the behavior of the app in a significant way. Please see below for more information.
As above, Shorebird should not be used to violate app store polices. Please see below for more information.
Also Shorebird does not support changing native code (e.g. Java/Kotlin on Android or Objective-C/Swift on iOS). The tool will warn you during an attempted patch if you have changed native code.
Shorebird can be used to update any Dart code including pure Dart packages. Note that depending on how you distribute your apps, some store agreements expect feature changes to go through store review. Notably Apple’s App Store requires that an update “does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application.” Also note that patch sizes correlate with the total amount of Dart changed from the original released app. Each patch is a diff against the released dart code, not a diff to the previous patch.
Shorebird does not currently support submitting to the app stores on your behalf. We have plans to add this in the future, but for now you will need to continue to use your existing processes to submit to the app stores. https://github.com/shorebirdtech/shorebird/issues/257
The Shorebird updater (included in your application when you build your app with
Shorebird) caches the latest downloaded patch in the same cache directory that
Flutter uses for caching compiled shaders or compiled Dart code. On Android,
this is located in /data/user/0/com.example.app/code_cache/shorebird_updater
although the base of that path is provided by the Android system and can change
dynamically at runtime. On iOS devices, data is stored under
Library/Application Support/shorebird.
Shorebird stores only a few files, one is state.json which contains the state
information for the updater. When a patch is downloaded a directory will be
created for that patch. These directories contain the inflated copies of the
patches, which will be about the same size as the compiled Dart code in your
application (e.g. ~10 mb each). There will only be at most 2 patches downloaded
on the device at a given time. When a new patch is successfully installed and
launched, the previous patch is deleted.
The Shorebird command line tools (e.g. shorebird patch) are installed on disk
in $HOME/.shorebird, including bringing a copy of Flutter and Dart as well as
the Shorebird release tools themselves. This is similar to how the flutter
command works.
These copies of Flutter can be 100s of megabytes each. Shorebird will keep a
copy of Flutter $HOME/.shorebird/bin/cache/ for each version of Flutter you
have used. Currently this number is unbounded. These can be removed at any time
with shorebird cache clear.
Uninstall has details on how to remove Shorebird from your system should you choose.
Flutter’s Hot reload is a development-time-only feature. Code push is for production.
Hot reload is a feature of Flutter that allows you to change code on the device during development. It requires building the Flutter engine with a debug-mode Dart VM which includes a just-in-time (JIT) Dart compiler.
Code push is a feature that allows you to change code on the device in production. We will use a variety of different techniques to make this possible depending on the platform. Current demos execute ahead-of-time compiled Dart code and do not require a JIT Dart compiler.
Code push isn’t needed for Flutter web. When a user opens a web app it downloads the latest version from the server if needed.
If you have a use case for code push with Fluter web, we’d love to know!
Shorebird supports iOS and Android today. We plan to support all other Flutter platforms over time.
Use of Shorebird on each platform is an independent decision. For example You can
use shorebird release to ship to Google Play and an ipa built with
flutter build to the App Store or vice versa.
Shorebird can (relatively easily) be made to support desktop or embedded targets. If those are important to you, please let us know.
Shorebird supports the same versions of Android that Flutter supports.
Flutter currently supports Android API level 21+ and iOS 16.0+: https://docs.flutter.dev/reference/supported-platforms
Android is supported on Flutter 3.10.0 or later.
iOS is supported on Flutter 3.16.9 or later.
See https://docs.shorebird.dev/flutter-version for more information.
Shorebird tracks Flutter stable and generally updates within a few hours of any stable release. Our system for doing these updates is automated takes a few minutes to run. We then do an extra manual verification step before publishing to our servers.
Yes. One could imagine running a server to distribute the updates separately from the general internet, but some form of network connectivity is required to transport updates to the devices.
Shorebird updater (included in your application when you build your app with Shorebird) is designed to be resilient to network connectivity issues.
In the default update behavior, when the application launches it alerts the Shorebird updater, which spawns a separate thread to make a network request to Shorebird’s servers and ask for an update. We intentionally use a separate thread to avoid affecting blocking anything else the application might be doing. If the network request fails or times out, the updater will simply try to check again next time the application launches.
Shorebird command line tools (e.g. shorebird patch) require network
connectivity to function. If you are using Shorebird to distribute your app,
you should ensure that your CI system has network connectivity.
A user will always get the latest patch available for their version of the app, regardless of which patch (if any) they currently have installed. A patch will always reflect the state of the codebase at the time when the patch was built so as long as newer patches also contain the changes from older patches, users will always be up to date and there is no need to worry about users “missing” patches.
Shorebird is a fork of Flutter that adds code push. Shorebird is not a replacement for Flutter, but rather a replacement for the Flutter engine. You can continue to use the Flutter tooling you already know and love.
shorebird uses a fork of Flutter that includes the Shorebird updater. We track
the latest stable release of Flutter and replace a few of the Flutter engine
files with our modified copies.
To implement our fork, we use FLUTTER_STORAGE_BASE_URL to point to
https://download.shorebird.dev instead of download.flutter.dev. We pass
through unmodified output from the flutter tool so you will see a warning from
Flutter:
Flutter assets will be downloaded from http://download.shorebird.dev. Make sure you trust this source!For more information about why we had to fork Flutter see architecture.md.
By default, the Shorebird updater checks for updates on app startup. It runs on a background thread and does not block the UI thread. Any updates will be installed while the user is using the app and will be applied the next time the app is restarted.
It is also possible to run the Shorebird updater manually using package:shorebird_code_push , through which it is possible to trigger updates at any time, including via a push notification.
See update-strategies for more information about how to configure this behavior.
No. The app_id is included in your app and is safe to be public. You can
check it into version control (even publicly) and not worry about someone
else accessing it.
Someone who has your app_id can fetch the latest version of your app from
Shorebird servers, but they cannot push updates to your app or access any
other aspect of your Shorebird account.
Yes. The shorebird command line tool passes through all Dart defines to the
flutter tool. For example,
shorebird release android -- --dart-define=MY_DEFINE=foo and
shorebird release android -- --dart-define-from-file=config.json will both
work as expected. Because Dart defines are compiled into your app’s Dart code,
they can be updated via patches.
Although Shorebird connects to the network, it does not send any personally identifiable information. Including Shorebird should not affect your declarations for the Play Store or App Store.
See also our privacy policy: https://shorebird.dev/privacy
Requests sent from the app to Shorebird servers include:
- app_id (specified
shorebird.yaml) - channel (optional in
shorebird.yaml) - release_version (versionName from AndroidManifest.xml)
- patch_number (generated as part of
shorebird patch android) - arch (e.g. ‘aarch64’, needed to send down the right patch)
- platform (e.g. ‘android’, needed to send down the right patch)
That’s it. The code for this is in: https://github.com/shorebirdtech/updater/blob/main/library/src/network.rs
Each of the app stores have separate mechanisms for distributing apps to limited groups of users (e.g. “internal testing”, “closed beta”, etc.). These are all mechanisms for segmenting your users into groups and distributing specific versions of your apps to each.
Unfortunately, these not all of these mechanisms allow 3rd parties to detect when apps are installed in any specific Test Track or via TestFlight. Thus, we do not have reliable visibility into composition of these groups, and cannot reliably gate access to Shorebird patches based on these groups. https://stackoverflow.com/questions/53291007/can-an-android-application-identify-the-test-track-within-google-play https://stackoverflow.com/questions/26081543/how-to-tell-at-runtime-whether-an-ios-app-is-running-through-a-testflight-beta-i
If you’d like to segment availability of Shorebird patches, there are 4 potential options:
- Use separate binaries / bundle ids for each group. This is the most straightforward approach, but requires you to manage multiple binaries. On Android the easy way to accomplish this is through flavors. You may already have a dev flavor and prod flavor with different availability. You can thus patch your dev flavor, verify it and then separately patch your prod flavor. We recommend using branches / tags in your version control to help keep track of the sources associated with each release.
- Track your own set of opt-in users, disable automatic updates, and trigger updates only for certain users via package:shorebird_code_push . This works today, but requires you to manage your own opt-in list.
- Shorebird could create its own opt-in mechanism on a per-device basis (similar to Test Tracks or TestFlight, just platform agnostic). This could allow your QA team to opt-in to patches before they’re promoted to the general public. If this is important to you, please let us know: https://github.com/shorebirdtech/shorebird/issues/498
- Shorebird plans to add percentage based rollouts. This does not let you choose which devices to send to, but can help you roll out incrementally and roll-back on sight of any problems. https://github.com/shorebirdtech/shorebird/issues/497
Yes. Apps built with Shorebird will continue to function normally (as if they had been built without Shorebird), including those that have had patches installed.
Because patching and releasing are independent operations, it is possible to create both a patch and a release with the same code changes.
Different customers have used different policies to decide whether to create a release, a patch, or both. I’ll enumerate a few of these here:
-
Push a patch immediately to update all existing users, while also simultaneously submitting a release to the stores so that new users to their product will get the latest code on first launch after a store install.
-
Use patching as a mechanism to ship changes on a high frequency (e.g. daily or weekly) and only go through a full release process on a lower cadence (e.g. monthly).
-
Continue to only use releases for shipping code changes, and only patch to fix critical bugs or make other emergency changes.
In the end, it comes down to what works for your business. We see most of our current customers choosing option 2.
No. Shorebird can be used with any app distribution method, including side-loading or carrier provided stores.
Shorebird is not itself a store. Your users will need to install your app initially through some method other than Shorebird, but Shorebird can then be used to patch (update) your app after that initial install.
You can upgrade or downgrade your plan at any time by running shorebird account upgrade or shorebird account downgrade.
Billing periods are reset automatically every month on the month you first subscribed to Shorebird. For example, if you subscribed on the 15th of the month, your billing period will reset on the 15th of every month.
You can cancel your subscription at any time by running shorebird account downgrade. You will continue to have all the features of a paid account until
the end of your billing period.
Currently we have not yet implemented yearly billing. We don’t expect it will be hard, we just aren’t quite sure what customers expect in terms of overage charges on a yearly plan. If you have thoughts on this, please let us know: https://github.com/shorebirdtech/shorebird/issues/733
A “patch install” is counted when a patch is successfully installed on a user’s device.