exodus icon indicating copy to clipboard operation
exodus copied to clipboard
verified publisher icon Exodus-Privacy

Update download function to download from the right source

Open Jean-BaptisteC opened this issue 3 years ago • 6 comments

Issue detected on submit function on Exodus app (2.2.0)

  • Get app links from Fdroid (app never analysed and only available on Fdroid) and use submit function
  • Exodus app open link with browser (https://reports.exodus-privacy.eu.org/analysis/submit/# + app id)
  • On website =>source = Google Play
  • Exodus check if app id exists models.py
  • Exodus find app on Fdroid but download apk from Google Play
  • Exodus return Unable to download the APK

Change detection function and download rules

If source = Google Play and app id match on Google Play

  • Then download from Google Play

If source = Google Play and app id match on Fdroid

  • Then download from Fdroid

If source = Fdroid and app id match on Fdroid

  • Then download from Fdroid

If source = Fdroid and app id match on Google Play

  • Then download from Google Play

If source = Google Play or Fdroid and app id no match

  • Then return The application cannot be found

Algorithm can be optimize

Jean-BaptisteC avatar Feb 16 '22 19:02 Jean-BaptisteC

If source = Google Play   If app id match on Google Play     Then download from Google Play   If app id match on Fdroid     Then download from Fdroid   Else (no match app id)     Then return The application cannot be found Else (source = Fdroid)   If app id match on Fdroid     Then download from Fdroid   If app id match on Google Play     Then download from Google Play   Else (no match app id)     Then return The application cannot be found

Jean-BaptisteC avatar Feb 16 '22 19:02 Jean-BaptisteC

I'm not sure we want to do that, I think we need to respect the user's choice of source.

If the user says they want to check an app from Google Play, I'm not sure we want to try downloading this app from F-Droid (that would imply a lot of unnecessary downloads). Beside, which report do we send back if we start 2 analysis in the same time.

I think what we need to do is that the android app should tell us the source.

It could be by redirecting to https://reports.exodus-privacy.eu.org/analysis/submit/#<full_url>

For instance https://reports.exodus-privacy.eu.org/en/analysis/submit/#https://f-droid.org/packages/org.eu.exodus_privacy.exodusprivacy/

Currently that does not work perfectly in the exodus website but can be fixed quickly

pnu-s avatar Feb 17 '22 07:02 pnu-s

Ok you can change for solution more easy If source = Google Play If app id match on Google Play Then download from Google Play Else (no match app id) Then return The application cannot be found on GP Else (source = Fdroid) If app id match on Fdroid Then download from Fdroid Else (no match app id) Then return The application cannot be found on fdroid

Jean-BaptisteC avatar Feb 17 '22 11:02 Jean-BaptisteC

To make sure I understand your proposal, what you mean is that we could check that an app exists in the desired store (F-Droid or Google Play) before trying to download it?

pnu-s avatar Feb 17 '22 11:02 pnu-s

Yes, actually you check with function validate_handle if app matched on Google Play and Fdroid. But like explain in past. If handle doesn't match, on Fdroid, exodus doesn't check if handle match on Google Play.

Jean-BaptisteC avatar Sep 28 '22 19:09 Jean-BaptisteC

Don't forget that some applications are on more than one store and maybe slightly different so whenever you submit an app it has to be downloaded and scanned for all stores.

yoshimo avatar Sep 28 '22 19:09 yoshimo