AndroidApkAnalyzer icon indicating copy to clipboard operation
AndroidApkAnalyzer copied to clipboard

Published 20 hours ago verified publisher icon MartinStyk

Alternative download source

Open IzzySoft opened this issue 7 years ago • 12 comments

Would you mind attaching the .apk to the corresponding releases/ for folks avoiding Playstore (or having no access to it)? I'd offer to pick it then and provide it via my F-Droid compatible repository if you'd agree. That way, updates would be available via the F-Droid client within approx. 24h of your creating a new release and attaching the .apk to it – of course provided the user has my repo added to the client's list.

IzzySoft avatar Jan 15 '18 21:01 IzzySoft

Hi @IzzySoft, I am not sure how does it work with signatures? I use Google Play app signing, so I am unable to release apk with same signature as apk from Google Play

MartinStyk avatar Jan 15 '18 21:01 MartinStyk

No idea about that. Don't Android devs sign their packages themselves (unless compiled by e.g. F-Droid from the sources, who then do the signing using their key)? I'd rather not trust any third party with my private keys. If that's the case with "Google Play app signing" (taking control from the devs), the idea behind that seems to be binding devs to their walled garden – which isn't a good idea for FOSS software at all.

But of course the app must be signed so end-users can install them. All the other 350+ apps in my repo are signed by their resp. developers – with the same key as in Playstore, if their app is there (not all of the apps are present at Play – some are pretty much "exclusive" to my repo, apart from Github).

If you hadn't Firebase inside your app, we could approach F-Droid to compile from your sources; but Firebase is a show-stopper there (for good reasons). My repo has slightly relaxed rules in comparison, though I have set limits, too :wink:

IzzySoft avatar Jan 15 '18 23:01 IzzySoft

#16

Samsua avatar Jan 20 '18 14:01 Samsua

@Samsua yes? That link goes here ("self-reference") :wink:

IzzySoft avatar Jan 20 '18 19:01 IzzySoft

F-Droid is copiously documented.

rmenessec avatar Jan 26 '18 18:01 rmenessec

Hi, sorry for late response. Currently I am not able to sign the Apk Analyzer with the key used in Google Play(I use google play app signing). I'll try to find more info about this and we'll see what can be done.

MartinStyk avatar Jan 26 '18 20:01 MartinStyk

@MartinStyk maybe you go back to signing packages yourself in general (for playstore, too). If I'd develop for Android, I'd certainly not trust any third party with my private key – nor let me be immured anywhere. Well, my special distrust concerning Google is because of my tin-foil hat – so no, NO third party :wink: Up to you of course.

IzzySoft avatar Jan 26 '18 22:01 IzzySoft

We can't include this app due to firebase (non free component).

Would it be possible to have a build variant with only free and open source component.

This app really has to be in the main F-Droid repository.

Poussinou avatar Feb 11 '22 16:02 Poussinou

If you generated your signing key with Play App Signing you won't be able to download the key. https://support.google.com/googleplay/android-developer/answer/9842756?hl=en In this article Google recommends you install the apk from Google play console and then you can add it to the releases.

il-av avatar May 02 '22 20:05 il-av

Nice, eh? It's your private key, but it's kept from you. Guess why. (Security reasons, yeah – but whose security?)

IzzySoft avatar May 03 '22 00:05 IzzySoft

Hi @MartinStyk

Any chance we can get an apk in the releases section at least for the last version, for people without Play Store like us?

Poussinou avatar Jul 30 '22 20:07 Poussinou

As I don't know what features of Firebase you need here, maybe switching to appwrite or Supabase as replacements would be an option making your app eligible for F-Droid.org? If not, the only option left would be using a different signing key yourself.

IzzySoft avatar Jul 30 '22 22:07 IzzySoft