Good podcast app that can be downloaded through Obtainium (unlike AntennaPod)

gvprtskvni

AntennaPod is only available on F-droid and Google Play, and is pretty much the only reason why I need to have Aurora Store on the main profile. Does anyone know if there's good alternative app that you can get from Github or its official website instead?

Dumdum

gvprtskvni
I mean, do you simply want to avoid the Fdroid client specifically, or all Fdroid APKs?

Going off of the post title, you can just use Obtainium to install AntennaPod from Fdroid.

NEQA

gvprtskvni I use Podicini.X. Its interface is not as nice as Antennapod's, but it works (for me). https://github.com/XilinJia/Podcini.X

neotux

You don't want to use F-droid?

There is https://github.com/amugofjava/anytime_podcast_player/releases
which you can add to Obtainium if you want.

gvprtskvni

neotux The GOS devs recommend against using F-droid. I don't know enough to have a qualified opinion on the matter. In any case, since I've already set up everything else I need through Obtainium I'd have the same situation again where I need a whole app store for this one app.

Thanks for the recommendation, I'll check it out!

neotux

gvprtskvni The GOS devs recommend against using F-droid.

Ah, I didn't know this. I guess I'll need to do some research. If you have more info on this please share. I would appreciate it.

dcc

gvprtskvni

I believe the general recommendation is to be cautious about F-Droid builds as they are signed by F-Droid developers, but nobody can really vouch for them being safe except F-Droid, or that they're safer than Google Play builds, which are considered very secure from outside malicious actors.

In other words, your apk is probably 'real' if you get it direct from the developer (if they offer it, and if you're sure their github credentials weren't stolen).

It's also likely real and not a malicious apk if you get the version that Google signs and offers on the Play Store (since the chances of Google being hacked and swapping out an apk with malicious code are pretty minimal). The same would apply to Aurora Store apks since they're just the ones signed by Google.

Closely third in line is if you get a signed version from F-Droid. The online community generally trusts F-Droid but I think that's only based on faith in their sincerity, not any innate security practices - I'm not sure though. However I don't believe there's been an instance yet of F-Droid signing a malicious app, but again, anyone can correct me if I'm wrong. Also F-Droid builds tend to lag behind Play Store builds since the apps have to wait for F-Droid to rebuild and sign them. For instance, Signal recommends you install directly from the Play Store for security rather than offering their own apk or using F-Droid.

Then finally, if you want to continue this thought process, the least secure route is sourcing apks from various websites or Telegram channels. You can still find real apks from those sources, but the chances of you accidentally downloading a malicious apk are higher.

However, I think these security concerns are pretty minimal for the average user who isn't being targeted by a state actor. I use a mix of Play Store, F-Droid, and apks sourced directly from github. However, it pays to know a little about how you get your apps, especially if you're venturing away from the Play Store.

Off topic maybe, but I will say that I think a risk with Obtainium is that users tend to search github/etc and then pick the first result, without really verifying the app. What I'm thinking of is someone could fork an app, make it malicious, offer it on Github under the same name, and Obtainium users may install it.

gvprtskvni

Dumdum All (I think) I know is that people take issue with the way F-droid distributes apps and that one should use Google Play or, as in my case where I don't want anything Google related on that profile, get them directly from Github or wherever the developers publish it.

As I said in the other post, I don't know enough to be able to judge for myself whether F-droid is good or bad, I'm just going with what the general consensus seems to be.

1qkv9ddu3so2irvz

dcc a risk with Obtainium is that users tend to search github/etc and then pick the first result, without really verifying the app

What I do is I only install apps that are also included in the fdroid repository. So I go there, copy the link to the source code into obtainium and see if it can get an apk directly from there, e.g. github. If not, I look for alternatives, but if I really want that specific app I then accept to get it from fdroid.

Exhort14

This works for AntennaPod in Obtanium:
https://f-droid.org/packages/de.danoeh.antennapod/