Goswin
‘Their own repo’ means you can download the app from their own server, and that it is signed by them, not by F-Droid people as it is the case with the official F-Droid repository, which is the main criticism made against using F-Droid.

For instance, you could use Obtainium with its F-Droid Third-Party Repo function to add the Threema repo:
https://releases.threema.ch/fdroid/repo/?fingerprint=5734E753899B25775D90FE85362A49866E05AC4F83C05BEF5A92880D2910639E

There are seemingly other issues with F-Droid as a whole, you can find more info there, although not everything is explained: https://discuss.grapheneos.org/d/14452-how-to-explain-why-accrescent-over-f-droid
I don’t have the technical knowledge to understand all the issues with F-Droid as a whole.

The one I would not recommend is this one: https://f-droid.org/en/packages/ch.threema.app.libre/, since it is not signed by Threema. By the way, currently, the latest version on this one is 5.6.1l, while the Threema repo has the latest version, 5.8.0l.

For most people, I’ll say that the Play Store route is deemed the safest, as long as you trust Google enough with delivering you an untampered messaging app.
If not on par with the Play Store, the Threema repo is the second safest, in my opinion, with the bonus of thinking less about what Google might be really doing…

Many people feel safer knowing their messaging app has nothing to do with Google; yes, that’s a feeling, again I don’t have the knowledge to objectively explain why the Threema repo would not be secure enough…

At this point, I’m like you… if anyone can chime in.

    Sorry, I was unaware fdroid third party repositories existed and that they weren't subject to the same criticism as the official fdroid repository. Thank you for clarifying.

    So basically the main options for this approach is to copy the link
    ( https://releases.threema.ch/fdroid/repo/ ) into Obtainium, Fdroid app, or Neostore etc...
    Are any of these options better or worse, or is it just personal preference at this point?

    Have also noticed that the fingerprint that's provided in the link does not match up in the Appverifier app.

    Is this because they are different numbers or formats?

    Is checking checksums, fingerprints or signatures a necessary step? (don't fully understand what they are)

    Thanks again

    For Threema Libre from the Threema third party Fdroid repository.

    Link shows:

    57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E

    Appverifier app shows:

    ch.threema.app.libre
    05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41

      tango

      If wanting a second signal account in the same user profile would signal be the best option?

      Downloaded from Github and updated by Obtainium.
      (Self update only works over WiFi I believe)

      Thanks for your reply

          • Ttango

            • Post #12

            Goswin

            Can you explain a bit more what you would like to achieve? Do you know you can only have one Signal account per phone number? You can for example install Molly from Accrescent and link devices.

                • GGoswin

                  • Post #13
                  • Edited

                  tango

                  Molly account with a phone number.
                  Signal account with a different phone number.
                  Same user profile.
                  No WiFi only data.

                  Considering signal apk only updates over WiFi.
                  Is signal from github kept up to date with Obtainium a solution?

                  (Sorry by second signal account I meant the first account was Molly)

                      • DDumdum

                        • Post #14
                        • Edited

                        Goswin Link shows:

                        57 34 E7 53 89 9B 25 77 5D 90 FE 85 36 2A 49 86 6E 05 AC 4F 83 C0 5B EF 5A 92 88 0D 29 10 63 9E

                        This is specifically the fingerprint for the Fdroid repository (as stated on the linked page). This is to verify with the fingerprint that is shown when looking at the repository settings in-app (which I can see in Droid-ify as a correct match with the 57 34 E7 [...] fingerprint).

                            Goswin

                            Thats fine, If you get the Signal APK direct from their website signal.org and drop that into Obtainium you should be good to go!

                                Dumdum

                                Ah OK, so that fingerprint is for the actual Threema F-droid Repo and not for the downloaded threema libre app?

                                Did you have a look in Appverifier app as well by any chance?

                                  Goswin

                                  Its the same thing so that is fine yes.

                                    10 days later

                                    Goswin ch.threema.app.libre
                                    05:08:B5:3F:F1:02:B5:38:91:9C:83:4E:9E:6B:6A:FB:A0:46:ED:F6:7E:17:CA:4D:1C:E7:A4:B9:C3:82:37:41

                                    Sorry if I'm missing something obvious here.
                                    But does anyone know where else this "fingerprint?" Can be found so that it can be manually verified in the AppVerifier App?