Best way to download Threema? (And possibly other apps)
Goswin Does "their own repo" mean the Threema Shop? I think Libre is exclusive to F droid which doesn't seem to be widely recommended atm.
Threema has its own F-Droid repo, see second part of the page starting with "For faster updates": https://threema.ch/en/faq/libre_installation. In addition, you can download the APK from the Threema Shop (https://shop.threema.ch/de/download). Both are valid options if you want Threema Libre.
If you want Threema with Google Play Services then download it via Play Store.
I use Threema Libre and do not see a delay in push messages (been using before for several years the Google Play version).
Goswin
‘Their own repo’ means you can download the app from their own server, and that it is signed by them, not by F-Droid people as it is the case with the official F-Droid repository, which is the main criticism made against using F-Droid.
For instance, you could use Obtainium with its F-Droid Third-Party Repo function to add the Threema repo:
https://releases.threema.ch/fdroid/repo/?fingerprint=5734E753899B25775D90FE85362A49866E05AC4F83C05BEF5A92880D2910639E
There are seemingly other issues with F-Droid as a whole, you can find more info there, although not everything is explained: https://discuss.grapheneos.org/d/14452-how-to-explain-why-accrescent-over-f-droid
I don’t have the technical knowledge to understand all the issues with F-Droid as a whole.
The one I would not recommend is this one: https://f-droid.org/en/packages/ch.threema.app.libre/, since it is not signed by Threema. By the way, currently, the latest version on this one is 5.6.1l, while the Threema repo has the latest version, 5.8.0l.
For most people, I’ll say that the Play Store route is deemed the safest, as long as you trust Google enough with delivering you an untampered messaging app.
If not on par with the Play Store, the Threema repo is the second safest, in my opinion, with the bonus of thinking less about what Google might be really doing…
Many people feel safer knowing their messaging app has nothing to do with Google; yes, that’s a feeling, again I don’t have the knowledge to objectively explain why the Threema repo would not be secure enough…
At this point, I’m like you… if anyone can chime in.
Sorry, I was unaware fdroid third party repositories existed and that they weren't subject to the same criticism as the official fdroid repository. Thank you for clarifying.
So basically the main options for this approach is to copy the link
( https://releases.threema.ch/fdroid/repo/ ) into Obtainium, Fdroid app, or Neostore etc...
Are any of these options better or worse, or is it just personal preference at this point?
Have also noticed that the fingerprint that's provided in the link does not match up in the Appverifier app.
Is this because they are different numbers or formats?
Is checking checksums, fingerprints or signatures a necessary step? (don't fully understand what they are)
Thanks again
For Threema Libre from the Threema third party Fdroid repository.
Link shows:
57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E
Appverifier app shows:
ch.threema.app.libre
05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41
- Edited
Molly account with a phone number.
Signal account with a different phone number.
Same user profile.
No WiFi only data.
Considering signal apk only updates over WiFi.
Is signal from github kept up to date with Obtainium a solution?
(Sorry by second signal account I meant the first account was Molly)
- Edited
Goswin Link shows:
57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E
This is specifically the fingerprint for the Fdroid repository (as stated on the linked page). This is to verify with the fingerprint that is shown when looking at the repository settings in-app (which I can see in Droid-ify as a correct match with the 57 34 E7 [...] fingerprint).
Am unable to get the ( https://signal.org/android/apk/ ) URL to work in obtainium
It only seems to work specifically from github
Is that also suitable?
Goswin ch.threema.app.libre
05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41
Sorry if I'm missing something obvious here.
But does anyone know where else this "fingerprint?" Can be found so that it can be manually verified in the AppVerifier App?