β FAQ
If you have questions not answered here, please ask! Both filing an issue or asking on Discord work.
What is the difference between a patch and a release?β
We use the term "release" to mean preparing a binary for the app stores. In
order to later generate a patch Shorebird needs to know the exact binary that
was shipped to the app stores. The shorebird release command is used to
prepare a binary for the app stores which includes the Shorebird updater.
We use the term "patch" to mean a binary that can be applied to a release to
update it to new code. The shorebird patch command is used to generate
a patch from your new local code which is then diffed with the release binary
to generate a patch which is then shipped to your users.
We explain more of these terms in Concepts.
Can I use Shorebird in my country?β
We have not attempted to restrict access to Shorebird from any country.
We recognize that some countries have restrictions on what urls can be accessed from within the country. Shorebird currently uses Google Cloud for hosting, including Google Cloud Storage and Google Cloud Run.
The following URLs are used by Shorebird:
- https://api.shorebird.dev -- used by the
shorebirdcommand line tools to interact with the Shorebird servers as well as the Shorebird updater on users' devices to check for updates. - https://download.shorebird.dev -- used by the
shorebirdcommand line tool to download Flutter artifacts for building releases and patches. - https://storage.googleapis.com -- used by the
shorebirdcommand line tool to upload and download release and patch artifacts.
If all of those URLs are accessible from your country, then Shorebird should work.
If your region requires use of FLUTTER_STORAGE_BASE_URL Shorebird may not work for you at this time as we also use that environment variable as part of our implementation. We have plans to remove this restriction, let us know if this is important to you.
Does Shorebird comply with Play Store guidelines?β
Yes.
The Play Store offers two restrictions relating to update tools.
- Updates must use an interpreter or virtual machine (Shorebird uses the Dart Virtual Machine). https://support.google.com/googleplay/android-developer/answer/9888379?hl=en
An app distributed via Google Play may not modify, replace, or update itself
using any method other than Google Play's update mechanism. Likewise, an app
may not download executable code (such as dex, JAR, .so files) from a
source other than Google Play. *This restriction does not apply to code
that runs in a virtual machine or an interpreter* where either provides
indirect access to Android APIs (such as JavaScript in a webview or
browser).
Apps or third-party code, like SDKs, with interpreted languages (JavaScript,
Python, Lua, etc.) loaded at run time (for example, not packaged with the
app) must not allow potential violations of Google Play policies.
- Changes to the app must not be deceptive (e.g. changing the purpose of the app via update). https://support.google.com/googleplay/android-developer/answer/9888077 Please be clear with your users about what you are providing with your application and do not violate their expectations with significant behavioral changes through the use of Shorebird.
Shorebird is designed to be compatible with the Play Store guidelines. However Shorebird is a tool, and as with any tool, can be abused. Deliberately abusing Shorebird to violate Play Store guidelines is in violation of the Shorebird Terms of Service and can result in termination of your account.
Code push services are widely used in the industry (all of the large apps I'm aware of use them) and there are multiple other code push services publicly available (e.g. expo.dev & appcenter.ms). This is a well trodden path.
Microsoft also publishes a guide on how their React Native "codepush" library complies with the app stores: https://github.com/microsoft/react-native-code-push#store-guideline-compliance
Does Shorebird comply with App Store guidelines?β
Yes.
Similar to the Play Store, the App Store offers both technical and policy restrictions.
3.2.2
... interpreted code may be downloaded to an Application but only so long as
such code:
(a) does not change the primary purpose of the Application by providing
features or functionality that are inconsistent with the intended and
advertised purpose of the Application as submitted to the App Store,
(b) does not create a store or storefront for other code or applications, and
(c) does not bypass signing, sandbox, or other security features of the OS.
Shorebird uses a custom Dart interpreter to comply with the interpreter-only restriction for updates on iOS. So long as your application is not engaging in deceptive behavior via updates (e.g. changing the purpose of the app via update), updating via Shorebird (or any other code push solution) is standard industry practice and compliant with App Store guidelines.
Deliberately abusing Shorebird to violate App Store guidelines is in violation of the Shorebird Terms of Service and can result in termination of your account.
Microsoft also publishes a guide on how their react native "codepush" library complies with the app stores: https://github.com/microsoft/react-native-code-push#store-guideline-compliance
What is the roadmap?β
We try to keep: https://docs.shorebird.dev/status up to date with the status of the project.
Our project boards are also public an found at: https://github.com/orgs/shorebirdtech/projects
Our team also operates in the public, so you can see what we're working on at any time. We're happy to answer any questions you have about our roadmap or priorities via GitHub issues or Discord.
Can I self-host Shorebird?β
Not currently. We intend to offer cloud-prem and on-prem hosting as an option on enterprise plans. Please contact us if such is required for your adoption.
Can I use Shorebird with my team?β
Yes! The Shorebird free "Hobby" tier only supports a single developer, but all other plans support unlimited developers.
See Teams for more information.
Does Shorebird store my source code?β
No. Shorebird servers never see your source code. When you run
shorebird release or shorebird patch the shorebird tool only uploads the
same compiled app binary that you send to the app stores. Shorebird servers
never store your source code at any time.
See also our privacy policy: https://shorebird.dev/privacy
Can I use Shorebird from my CI system?β
Yes. Shorebird is intended to be used from CI systems. We've published a guide for GitHub Actions, other CI systems should be similar.
Please don't hesitate to reach out over GitHub issues or Discord if you encounter any issues.
How does this relate to Firebase Remote Config or Launch Darkly?β
Code push allows adding new code / replacing code on the device. Firebase Remote Config and Launch Darkly are both configuration systems. They allow you to change the configuration of your app without having to ship a new version. They are not intended to replace code.
How big of a dependency footprint does this add?β
I haven't measured recently, but I expect the code push library to add less than
one megabyte to Flutter apps. flutter build apk --release vs.
shorebird build apk --release should give you a rough idea. We know of ways
we can make this smaller when that becomes a priority. If size is a blocker
for you, please let us know!
Does code push work with large applications?β
Yes. There is no limit on the size of the application that can be patched with code push. As noted in Concepts, Shorebird can change any Dart code in your application no matter of size.
What can I use Shorebird code push for?β
We've seen a variety of uses, including:
- Emergency fixes to production apps.
- Shipping bug fixes to users on older versions of your app.
- Shipping constantly (e.g. every hour).
Note that most app stores prohibit shipping code that changes the behavior of the app in a significant way. Please see below for more information.
What can't we use Shorebird code push for?β
As above, Shorebird should not be used to violate app store polices. Please see below for more information.
Also Shorebird does not support changing native code (e.g. Java/Kotlin on Android or Objective-C/Swift on iOS). The tool will warn you during an attempted patch if you have changed native code.
Can I use Shorebird for all my Dart changes?β
Shorebird can be used to update any Dart code including pure Dart packages. Note that depending on how you distribute your apps, some store agreements expect feature changes to go through store review. Notably Apple's App Store requires that an update "does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application." Also note that patch sizes correlate with the total amount of Dart changed from the original released app. Each patch is a diff against the released dart code, not a diff to the previous patch.
Does Shorebird submit to the stores for me?β
Shorebird does not currently support submitting to the app stores on your behalf. We have plans to add this in the future, but for now you will need to continue to use your existing processes to submit to the app stores. https://github.com/shorebirdtech/shorebird/issues/257
What does Shorebird store on disk and where?β
The Shorebird updater (included in your application when you build your app with
Shorebird) caches the latest downloaded patch in the same cache directory that
Flutter uses for caching compiled shaders or compiled Dart code. On Android,
this is located in /data/user/0/com.example.app/code_cache/shorebird_updater
although the base of that path is provided by the Android system and can change
dynamically at runtime. On iOS devices, data is stored under
Library/Application Support/shorebird.
The Shorebird command line tools (e.g. shorebird patch) are installed on disk
in $HOME/.shorebird, including bringing a copy of Flutter and Dart as well as
the Shorebird release tools themselves. This is similar to how the flutter
command works.
Uninstall has details on how to remove Shorebird from your system should you choose.
How does this relate to Flutter Hot Reload?β
Flutter's Hot reload is a development-time-only feature. Code push is for production.
Hot reload is a feature of Flutter that allows you to change code on the device during development. It requires building the Flutter engine with a debug-mode Dart VM which includes a just-in-time (JIT) Dart compiler.
Code push is a feature that allows you to change code on the device in production. We will use a variety of different techniques to make this possible depending on the platform. Current demos execute ahead-of-time compiled Dart code and do not require a JIT Dart compiler.
Does Shorebird support Flutter Web?β
Code push isn't needed for Flutter web. When a user opens a web app it downloads the latest version from the server if needed.
If you have a use case for code push with Fluter web, we'd love to know!
What platforms does Shorebird support?β
Shorebird supports iOS and Android today. We plan to support all other Flutter platforms over time.
Use of Shorebird on each platform is an independent decision. For example You can
use shorebird release to ship to Google Play and an ipa built with
flutter build to the App Store or vice versa.
Shorebird can (relatively easily) be made to support desktop or embedded targets. If those are important to you, please let us know.
What OS versions does Shorebird support?β
Shorebird supports the same versions of Android that Flutter supports.
Flutter currently supports Android API level 21+ and iOS 16.0+: https://docs.flutter.dev/reference/supported-platforms
What versions of Flutter does Shorebird support?β
Android is supported on Flutter 3.10.0 or later.
iOS is supported on Flutter 3.16.9 or later.
See https://docs.shorebird.dev/flutter-version for more information.
Shorebird tracks Flutter stable and generally updates within a few hours of any stable release. Our system for doing these updates is automated takes a few minutes to run. We then do an extra manual verification step before publishing to our servers.
Does code push require the internet to work?β
Yes. One could imagine running a server to distribute the updates separately from the general internet, but some form of network connectivity is required to transport updates to the devices.
How is Shorebird affected by lack of network connectivity?β
Shorebird updater (included in your application when you build your app with Shorebird) is designed to be resilient to network connectivity issues.
In the default update behavior, when the application launches it alerts the Shorebird updater, which spawns a separate thread to make a network request to Shorebird's servers and ask for an update. We intentionally use a separate thread to avoid affecting blocking anything else the application might be doing. If the network request fails or times out, the updater will simply try to check again next time the application launches.
Shorebird command line tools (e.g. shorebird patch) require network
connectivity to function. If you are using Shorebird to distribute your app,
you should ensure that your CI system has network connectivity.
What happens if a user doesn't update for a long time and misses an update?β
Our implementation always sends an update specifically tailored for the device that is requesting it updating the requestor always to the latest version available. Thus if a user doesn't update for a while they will "miss" intermediate updates.
The update server could be changed to support responding with either the next incremental version or the latest version depending on your application's needs. Please let us know if alternative update behaviors are important to you.
How does Shorebird relate to Flutter?β
Shorebird is a fork of Flutter that adds code push. Shorebird is not a replacement for Flutter, but rather a replacement for the Flutter engine. You can continue to use the Flutter tooling you already know and love.
shorebird uses a fork of Flutter that includes the Shorebird updater. We track
the latest stable release of Flutter and replace a few of the Flutter engine
files with our modified copies.
To implement our fork, we use FLUTTER_STORAGE_BASE_URL to point to
https://download.shorebird.dev instead of download.flutter.dev. We pass
through unmodified output from the flutter tool so you will see a warning from
Flutter:
Flutter assets will be downloaded from http://download.shorebird.dev. Make sure you trust this source!
For more information about why we had to fork Flutter see architecture.md.
When do updates happen?β
By default, the Shorebird updater checks for updates on app startup. It runs on a background thread and does not block the UI thread. Any updates will be installed while the user is using the app and will be applied the next time the app is restarted.
It is also possible to run the Shorebird updater manually using package:shorebird_code_push, through which it is possible to trigger updates at any time, including via a push notification.
See update-strategies for more information about how to configure this behavior.
Do I need to keep my app_id secret?β
No. The app_id is included in your app and is safe to be public. You can
check it into version control (even publicly) and not worry about someone
else accessing it.
Someone who has your app_id can fetch the latest version of your app from
Shorebird servers, but they cannot push updates to your app or access any
other aspect of your Shorebird account.
Can I use Dart defines with Shorebird?β
Yes. The shorebird command line tool passes through all Dart defines to the
flutter tool. For example,
shorebird release android -- --dart-define=MY_DEFINE=foo and
shorebird release android -- --dart-define-from-file=config.json will both
work as expected. Because Dart defines are compiled into your app's Dart code,
they can be updated via patches.
What information is sent to Shorebird servers?β
Although Shorebird connects to the network, it does not send any personally identifiable information. Including Shorebird should not affect your declarations for the Play Store or App Store.
See also our privacy policy: https://shorebird.dev/privacy
Requests sent from the app to Shorebird servers include:
- app_id (specified
shorebird.yaml) - channel (optional in
shorebird.yaml) - release_version (versionName from AndroidManifest.xml)
- patch_number (generated as part of
shorebird patch android) - arch (e.g. 'aarch64', needed to send down the right patch)
- platform (e.g. 'android', needed to send down the right patch)
That's it. The code for this is in: https://github.com/shorebirdtech/updater/blob/main/library/src/network.rs
How does Shorebird interact with Play Testing Tracks or Apple TestFlight?β
Each of the app stores have separate mechanisms for distributing apps to limited groups of users (e.g. "internal testing", "closed beta", etc.). These are all mechanisms for segmenting your users into groups and distributing specific versions of your apps to each.
Unfortunately, these not all of these mechanisms allow 3rd parties to detect when apps are installed in any specific Test Track or via TestFlight. Thus, we do not have reliable visibility into composition of these groups, and cannot reliably gate access to Shorebird patches based on these groups. https://stackoverflow.com/questions/53291007/can-an-android-application-identify-the-test-track-within-google-play https://stackoverflow.com/questions/26081543/how-to-tell-at-runtime-whether-an-ios-app-is-running-through-a-testflight-beta-i
If you'd like to segment availability of Shorebird patches, there are 4 potential options:
- Use separate binaries / bundle ids for each group. This is the most straightforward approach, but requires you to manage multiple binaries. On Android the easy way to accomplish this is through flavors. You may already have a dev flavor and prod flavor with different availability. You can thus patch your dev flavor, verify it and then separately patch your prod flavor. We recommend using branches / tags in your version control to help keep track of the sources associated with each release.
- Track your own set of opt-in users, disable automatic updates, and trigger updates only for certain users via package:shorebird_code_push. This works today, but requires you to manage your own opt-in list.
- Shorebird could create its own opt-in mechanism on a per-device basis (similar to Test Tracks or TestFlight, just platform agnostic). This could allow your QA team to opt-in to patches before they're promoted to the general public. If this is important to you, please let us know: https://github.com/shorebirdtech/shorebird/issues/498
- Shorebird plans to add percentage based rollouts. This does not let you choose which devices to send to, but can help you roll out incrementally and roll-back on sight of any problems. https://github.com/shorebirdtech/shorebird/issues/497
Billingβ
How do I upgrade or downgrade my plan?β
You can upgrade or downgrade your plan at any time by running shorebird
account upgrade or shorebird account downgrade.
When does my billing period reset?β
Billing periods are reset automatically every month on the month you first subscribed to Shorebird. For example, if you subscribed on the 15th of the month, your billing period will reset on the 15th of every month.
How do I cancel my subscription?β
You can cancel your subscription at any time by running shorebird account
downgrade. You will continue to have all the features of a paid account until
the end of your billing period.
Can I pay for a year in advance?β
Currently we have not yet implemented yearly billing. We don't expect it will be hard, we just aren't quite sure what customers expect in terms of overage charges on a yearly plan. If you have thoughts on this, please let us know: https://github.com/shorebirdtech/shorebird/issues/733
What counts as a "patch install" for Shorebird?β
A "patch install" is counted when a patch is successfully installed on a user's device.