Awesome app. Specially good for fast developing apps like all the Lemmy clients popping up get updated faster than anywhere else.
Definetly!
Used it for the first time this week to install liftoff, it's such a cool idea!
The idea is cool, no doubt. But the implementation is so good that I'm surprised. Praise to the developer! ❤️
It's be nice if it would scan my apps and auto import.
Yeah, it would be great but really hard to implement.
I was wondering do they have any way to verify the integrity of the packages they downloaded? AFAIK there is no consistent way for developers to provide hashes/signature of their releases.
To me it seems like grapheneos community have a tendency to be unnecessarily harsh about security on other projects. And in this case, side of burrito's suggestion to download app from github directly instead of fdroid, really is a suggestion that is hard for me to understand...
It is obviously true that fdroid's security model is bit behind, especially with index-v1, but they do provide basic functionality like verifying developer signature and hash of the package downloaded. However, I seriously doubt this app is doing that with github releases, since I am simply not sure how verifying the signature/hash of a release when there is no way to provide such information systematically on GitHub.
It is obviously a great app if you use it for its convenience, but I personally wouldn't use it to enhance security. Or maybe I am just ignorant on the matter, I would highly appreciate anyone o point out any mistake I made.
I am using it definetly because of convenience. Not all apps on F-Droid (izzyondroid), Play Store. For me it is unnecessary middleman. But everyone has their own way of publishing apks. So yeah, it is really convenient to have all app updates in one place. Also you can add apps from F-Droid and update them regularly from this app. Incredible work!
This is a good question and a valid concern. However, I wonder if the app really makes in worse then it's already is. GitHub has no way to share checksums with the builds. The only way to do that is to upload a checksum file alongside the binary. But if an attacker is able to upload/replace a malicious binary, they would be able to replace its checksum file as well. So you wouldn't be able to recognize this anyway, even when downloading it GitHub, would you?
And your can export import the app list, thing that you can't do with F-Droid and makes a pain a smartphone change
Have you tried F-droid alternatives like Neo Store or Aurora Droid? Maybe they fit your needs.
I'm using NeoStore, it's not bad, but the problem is when I get a new smartphone: there's no way to export the list of the app that it installs, while with Obtanium it's possible
Awesome ability!
Most of the time when I add a repository it says that it can't find a suitable release (for example Signal or Nextcloud Deck). How can I solve this problem?
Open Source
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.