exodus icon indicating copy to clipboard operation
exodus copied to clipboard

Published 20 hours ago verified publisher icon Exodus-Privacy

Exodus can't download apps that are only offered for specific devices

Open yoshimo opened this issue 5 years ago • 5 comments

When you try to update the analysis for some apps, like taxi.android.client exodus says "report already exists for the downloaded version" which may be true but the scan service doesn't get all version. According to the playstore you can or cannot offer a certain app version depending on the device.

Current Version Varies with device

Therefore the download service should have a fluent identity and mask as different devices with different properties like rooted, vendor, size, android version and so on.

yoshimo avatar Jun 01 '19 18:06 yoshimo

After some offline discussions, it seems this is due to the priority given to the servers downloading the apps, which go in ascending Android API order. Inverting this order could help newer devices, but then it could prevent older versions from being downloaded. It's not trivial to know which version to get without having the Android version, or asking the user to provide a version number. In both cases the interface becomes more complex. Maybe an "expert submission" mode could help with that.

maroneze avatar Jun 30 '19 14:06 maroneze

Maybe you could also do an apk upload as expert mode. Rooted devices can carve out the application from the file system . That might also help with scanning apps that people paid for. Those can still include trackers as i noticed recently.

yoshimo avatar Jun 30 '19 15:06 yoshimo

Maybe you could also do an apk upload as expert mode. Rooted devices can carve out the application from the file system . That might also help with scanning apps that people paid for.

We developed a tool for that purpose: https://github.com/Exodus-Privacy/exodus-standalone This is not 100% ideal but it should do the trick. I think anyone who is able to carve out an application from its file system can use exodus-standalone to scan it :).

pnu-s avatar Jun 30 '19 16:06 pnu-s

It probably keeps the results local too which won't benefit other users, will it?

yoshimo avatar Jun 30 '19 16:06 yoshimo

@yoshimo You're exactly right. What I meant is that the possibility to scan these apps exists, although it is not ideal.

This being said, I'm not sure an "apk upload" feature is really something we want to implement because of all the complexity it would imply (note that I'm just talking for myself here).

pnu-s avatar Jul 01 '19 11:07 pnu-s

Although this is the oldest issue, I'll close this one and keep the discussions in #547

pnu-s avatar Jan 16 '24 09:01 pnu-s