Questions about Obtainium

Clark

Aeon you sound just like me and now I'm done reinstalling all my apps via Github/Obtainium, feeling better than using Fdroid.

AlphaElwedritsch

Are there any users here who have ever had problems because they used fdroid?
Is there any solid evidence or solid reports that it has ever happened to anyone?
Or is this all just hypothetical assumptions?
I'm asking this seriously. You read about the fear everywhere. Everyone advises against it. But no one can name it with real examples.
I used fdroid. And I will continue to use it.

Clark

AlphaElwedritsch that is a valid question. And to be honest, I can't point you to any concrete evidence. But to me, it makes sense that it's more secure to download apps from the original source rather than using a third party repository. Fdroid isn't bad. I just think it depends on threat models.

[deleted]

AlphaElwedritsch

I've never heard of a problem with F-Droid and, until there is a documented case, it's hypothetical.
I also continue to use F-Droid.

On the other hand, it seems every week or two there is another news article about malware infected apps on Google Play. I'm reading an article now about how Google Play had over 600 million cases of malware in 2023.

There are far more dangerous sources for apps than F-Droid.

jackFang

Haven't used obtainium but it seems all you do is reference link to follow app updates? Curious what happens when a repository is deleted and then reused with the same name https://github.com/orgs/community/discussions/131258. Does that raise any concerns?

23Sha-ger

jackFang
How would that happen? Depends if a developer of a particular app got compromised, or handed it over
the repository to a 3d party. Those are different cases . Already happened with "Simple Mobile Tools" suite:
https://github.com/SimpleMobileTools/General-Discussion/issues/241

A fork came a month later, but that's not the scope of the question.

When it happens to a popular project, the community on Github might respond to it quicker.
I don't see how F-Droid will push an update to blacklist a 3d party repository. They do build the project
on their obscure build systems hosted on Hetzner which adds another potential 3d party. I do see how Obtanium
will possibly take this route in order to protect users. The F-Droid project is just a stagnating, "too big
to fail" thing from the early 2010s and many things changed since then.
Personally when I see the donate button on their site I know they will never run out of resources, just because people trust them historically, without apparent reason to do so, they were never transparent about their project.

Dumdum

jackFang Does that raise any concerns?

I don't think so? Any app distributed in a "recycled" repo would have to somehow be signed with the same keys that the original repo used. As long as the keys are different, then Obtainium would reject the update and inform users about a mismatch.

Clark

Another question about Obtainium:
Is there a major difference in adding an app with an apk link, searching for it on Github, or first finding it on Obtainium's website? Or is it all the same source they are using?

Clark

Clark bump

Another question about Obtainium:
Is there a major difference in adding an app with an apk link, searching for it on Github, or first finding it on Obtainium's website? Or is it all the same source they are using?

AlphaElwedritsch

I'm going to get everything from fdroid. Only the apps, I cannot get there, I use playstore (3 Apps). The less, the better...

There are other aspects too.
davx5, for example, costs money in the play store. Not on fdroid.... And there are many more...

Clark

Clark Clark bump

Another question about Obtainium:
Is there a major difference in adding an app with an apk link, searching for it on Github, or first finding it on Obtainium's website? Or is it all the same source they are using?

bump 2x

ErnestThornhill

Clark Is there a major difference in adding an app with an apk link, searching for it on Github, or first finding it on Obtainium's website?

I'm not sure what you're asking here. If an app's APK is available on GitHub, all you need to do is copy the link/URL to the release page, paste it in the Obtainium app to add it and then click on "Install."

Clark

ErnestThornhill I know. I'm asking if there's any difference between the way you add apps to Obtainium i.e. via the Github link or Obtainium's website.

ErnestThornhill

Clark You can't add apps to Obtainium using Obtainium's website...

Schiller

ErnestThornhill I think he's referring to this site: https://apps.obtainium.imranr.dev

Clark The difference is that you have to trust another site to be redirected

DeletedUser217

Schiller The difference is that you have to trust another site to be redirected

All that website provides is app configurations for Obtanium. The apps are still downloaded directly from the app developers github which can be easily verified so there really isn't another party to trust.

ErnestThornhill

Schiller Thank you for specifying. What they were saying made zero sense.

nandohyphen1

Stephan-P Expect app builds to differ between F-droid and the github releases that obtanium fetches, in which case you will have to uninstall the app first and reinstall afterwards.
In order to keep your data, you will need the app's export/import if available.

(I went this route when replacing F-droid with Obtainium)

So I actually have to uninstall every app and reinstall it? I want to switch, but that would be a major inconvenience for me. I just want to be notified for new updates because Aurora Store doesn't notify and I've had app problems because I didn't know they needed to be updated (they were many updates behind!).

n3t_admin

nandohyphen1 you need to test this out yourself. If the app signature is the same, it will just install like an update and you can use Obtainium from then on. If the app does indeed have 2 different builds/signature, you will have to reinstall (make sure to backup any data first).

Dumdum

nandohyphen1 I just want to be notified for new updates

Obtainium allows apps to be set to track-only.

nandohyphen1

n3t_admin Thank you I'm going to try it. ;)

« Previous Page