[deleted]
User2288 Fdroid also is both a REPOSITORY and an APP.
F-Droid also allows developers to make their own repositories, which could be helpful for Game developers since they won't have to abide by an app store's arbitrary rules.
What is a good appstore to use on graphene considerations?
[deleted]
- Edited
User2288 I would suggest instead of digging around so much, You can just use the following:
- Google Play store
- APK from Developer's website
- APK Developer's F-Droid repo in a modern F-Droid client (like Neo Store)
- APK from Developer's official github/gitlab repo's releases
For downloading old versions of apps, APKmirror can be used only after verifying checksums, to distrust APKmirror
My Setup.
Both supports automatic app updates, every time i check the app store all of my apps are up to date.
1.Google Play store - Almost everything is installed from here including most of the opensource apps.
2.Neo Store - If the app is not available in Playstore, apps are mostly from IzzyOnDroid F-Droid Repository or Official F-Droid Repository.
[deleted]
[deleted] I forgot to include Accrescent, you can use It too; but It only has a few apps.
Are there differences between apps downloaded from playstore vs neostore in terms of tracking or including more google reliance?
[deleted]
applesbana It depends on the app.
This kind of discussion comes up every 4 days and always ends the same way. Read these articles instead.
https://wonderfall.space/marches-android-alternatifs/
I didn't read the entire thread because there are too many messages, but if we do a dumb tier list of most secure ways to retrieve an app, here we go :
- Accrescent
- Play Store
- Obtainium
That said, F-Droid is awesome to search for FOSS apps, you can go f-droid website and search apps from there, then you should either download from accrescent first, play store or obtainium.
[deleted]
Ixirup The developers sign their apk expressly for obtainium?
No.
Ixirup Obtainium checks the sources?
Obtanium does not check the 'source code', It only checks for APKs via many sources:
Currently supported App sources:
GitHub
GitLab
Codeberg
F-Droid
IzzyOnDroid
Mullvad
Signal
SourceForge
SourceHut
APKMirror (Track-Only)
APKPure
Third Party F-Droid Repos
Jenkins Jobs
Steam
Telegram App
VLC
Neutron Code
"HTML" (Fallback)
Any other URL that returns an HTML page with links to APK files (if multiple, the last file alphabetically is picked)
For more info, Read https://github.com/ImranR98/Obtainium/blob/main/README.md
Ixirup Obtainium is just a fancy and easier way for installing .apk manually.
So instead of going on github and download apk then install it, then using Feeder to track new version of your downloaded app , you can use Obtainium to do that for you, you just giving him the github url or whatever source you have, and Obtainium will fetch and download apk for you, then it will also track new version and will notify you so you can update it.
88dotorg
Thank you i stumbled across the same video the same evening and must say: really excellent video. Really like how he explains things!
- Edited
Man thank you for that extensive write up!! So much things i think the same like it is important that it is not to complicate to update Apps from a source. That it is important to get the download right in the beginning, since the keys might differ. That the search of Github is broken, how i found out. That the easy fix is to use DuckDuckgo as Some1 pointed out too.
Your comments on APKmirror and APKpure answered thinks i wondered about too..
So all in all thank you. I willd do more studying i already stumbled on SideOfBurritos, great explanatioins....
So really thanks for all of this!
And yes for me it is important to find reliable sources to download AND make Updates not to complicated. That is exactly what my thoughts are about. So indeed Github/lab + Obtainium is one idea i like.
you need to confirm it from other web sources as similar a lot of similar entries exist that you should NOT trust.
Fdroid website shows official links to any app's official website and source code. A great way to verify and find the proper "source".
I can't find the links on the F-droid Website for the website of the Neo store project. Am i overlooking something? Or is it for Neo store not there...
Do you use any other site recommendation for verifications purposes? besides F-droid I would love to hear, still big topic for me to verify downloads...
Greetings!
Ixirup
For the first 2 Articles: i don't speak french and i don't want to autotranslate...
The last one i did read, thanks for this. That lead to my decision to not use Fdroid as primary source of downloads....
[deleted]
SpeakYourMind Do you use any other site recommendation for verifications purposes? besides F-droid
What do you mean by verification purposes?
Another source of truth. Like i search in DuckDuckGo for "neostore" it shows me a github/lab page for download with files on it and a hash for the download file.
So another reliable site to check that the github page and file is legit and not set up by a hacker...
User2288 here isn't any security risk in this that we know of. But if the particular app heavily relies on the google account as the method to verify you and the app's instance, then this could become a security problem.
I thought about it a how the account sharing poses maybe a security thread a little more and tried to read up on it more, but i couldn't find anything useful.
Apps might rely on the google account maybe more than it is wise to indentify a user. In europe we use undergrounds and trains more. The apps for this e. g. are more regional and the companies are nto really professional with their IT.
So this is a good example to ask the question. Would the account sharing pose somewhat the risk that some hacker could restore my account or somehow else extract the data with the credit card data in it, due to the account sharing on Aurora?
That the app itself is not that secure is a risk i have been living well the last 7-8 years and i am OK with. Focus here is if the Account sharing adds another layer of risk and how large that is, given the fact that the app might not be programmed very wise or relies more heavy on the google account than it should be.
Is it more of a tiny risk or a medium to larger one?