Best way to download Threema? (And possibly other apps)

Ttango · 5 Feb

Signal APK is fine to download from their official website signal.org .... You also have the option of Molly, a hardened Signal fork from the accrescent store which is recommended by GOS.

I have never used Threema so wont advise you on that sorry.

Ddokmaistr · 5 Feb

Goswin Does "their own repo" mean the Threema Shop? I think Libre is exclusive to F droid which doesn't seem to be widely recommended atm.

Threema has its own F-Droid repo, see second part of the page starting with "For faster updates": https://threema.ch/en/faq/libre_installation. In addition, you can download the APK from the Threema Shop (https://shop.threema.ch/de/download). Both are valid options if you want Threema Libre.

If you want Threema with Google Play Services then download it via Play Store.

I use Threema Libre and do not see a delay in push messages (been using before for several years the Google Play version).

leafnose · 5 Feb

Goswin
‘Their own repo’ means you can download the app from their own server, and that it is signed by them, not by F-Droid people as it is the case with the official F-Droid repository, which is the main criticism made against using F-Droid.

For instance, you could use Obtainium with its F-Droid Third-Party Repo function to add the Threema repo:
https://releases.threema.ch/fdroid/repo/?fingerprint=5734E753899B25775D90FE85362A49866E05AC4F83C05BEF5A92880D2910639E

There are seemingly other issues with F-Droid as a whole, you can find more info there, although not everything is explained: https://discuss.grapheneos.org/d/14452-how-to-explain-why-accrescent-over-f-droid
I don’t have the technical knowledge to understand all the issues with F-Droid as a whole.

The one I would not recommend is this one: https://f-droid.org/en/packages/ch.threema.app.libre/, since it is not signed by Threema. By the way, currently, the latest version on this one is 5.6.1l, while the Threema repo has the latest version, 5.8.0l.

For most people, I’ll say that the Play Store route is deemed the safest, as long as you trust Google enough with delivering you an untampered messaging app.
If not on par with the Play Store, the Threema repo is the second safest, in my opinion, with the bonus of thinking less about what Google might be really doing…

Many people feel safer knowing their messaging app has nothing to do with Google; yes, that’s a feeling, again I don’t have the knowledge to objectively explain why the Threema repo would not be secure enough…

At this point, I’m like you… if anyone can chime in.

GGoswin · 6 Feb

Sorry, I was unaware fdroid third party repositories existed and that they weren't subject to the same criticism as the official fdroid repository. Thank you for clarifying.

So basically the main options for this approach is to copy the link
( https://releases.threema.ch/fdroid/repo/ ) into Obtainium, Fdroid app, or Neostore etc...
Are any of these options better or worse, or is it just personal preference at this point?

Have also noticed that the fingerprint that's provided in the link does not match up in the Appverifier app.

Is this because they are different numbers or formats?

Is checking checksums, fingerprints or signatures a necessary step? (don't fully understand what they are)

Thanks again

GGoswin · 6 Feb

For Threema Libre from the Threema third party Fdroid repository.

Link shows:

57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E

Appverifier app shows:

ch.threema.app.libre
05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41

GGoswin · 6 Feb

tango

If wanting a second signal account in the same user profile would signal be the best option?

Downloaded from Github and updated by Obtainium.
(Self update only works over WiFi I believe)

Thanks for your reply

Ttango · 6 Feb

Goswin

Can you explain a bit more what you would like to achieve? Do you know you can only have one Signal account per phone number? You can for example install Molly from Accrescent and link devices.

GGoswin · 6 Feb

tango

Molly account with a phone number.
Signal account with a different phone number.
Same user profile.
No WiFi only data.

Considering signal apk only updates over WiFi.
Is signal from github kept up to date with Obtainium a solution?

(Sorry by second signal account I meant the first account was Molly)

DDumdum · 6 Feb

Goswin Link shows:

57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E

This is specifically the fingerprint for the Fdroid repository (as stated on the linked page). This is to verify with the fingerprint that is shown when looking at the repository settings in-app (which I can see in Droid-ify as a correct match with the 57 34 E7 [...] fingerprint).

Ttango · 6 Feb

Goswin

Thats fine, If you get the Signal APK direct from their website signal.org and drop that into Obtainium you should be good to go!

GGoswin · 6 Feb

Dumdum

Ah OK, so that fingerprint is for the actual Threema F-droid Repo and not for the downloaded threema libre app?

Did you have a look in Appverifier app as well by any chance?

GGoswin · 6 Feb

tango

Am unable to get the ( https://signal.org/android/apk/ ) URL to work in obtainium

It only seems to work specifically from github

Is that also suitable?

Ttango · 6 Feb

Goswin

Its the same thing so that is fine yes.

GGoswin · 2025-02-16T15:52:46+00:00

Goswin ch.threema.app.libre
05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41

Sorry if I'm missing something obvious here.
But does anyone know where else this "fingerprint?" Can be found so that it can be manually verified in the AppVerifier App?