quran_android
quran_android copied to clipboard
quran
Help with placing software on F-droid
assalamu alaikum
May Allah reward all those who worked on this great software for their efforts.
Truly, a great piece of software, mashalah.
I recommended this software to f-droid.org, which is an android repository of open source apps.
They are strict about the apps being open source and free from any closed source blob, and they gave me this reply.
"We have the metadata for this app since 2013-03-01, but unfortunately, we are unable to build. While the licensing issue has been fixed, it still uses non-free crashreporting software. They have a switch to disable it being used (which would be acceptable), but it still is required for building the app (which is not)."
This is the link to the mentioned post: https://f-droid.org/forums/topic/quran-for-android/
Can anyone help with this "small" issue :-)
Jazakum allah khair wa alaikum assalam
Hello, is there any progress on this issue? This small fix would be very nice, as a righteous app such as this should also be free as in freedom. :-)
i'll replace Crashlytics with Firebase Crashlytics which is open source. that should fix the problem and allow submission of the app there in sha' Allah.
السٌَلامُ عَلَيْكُمْ وَ رَحْمَةُ اللهِ وَ بَرَكاتُهْ any progress on this :) ?
Wa alaikum assalam.
Crashlytics is already replaced with Firebase Crashlytics. So, in theory, the app should be compatible with F-Droid now.
in that case i urge the dev to submit the app at : https://gitlab.com/fdroid/rfp
Assalaamu alaykum
Yes please. It would be great to have it there.
On January 19, 2021 12:32:09 PM GMT+02:00, bingoxo [email protected] wrote:
in that case i urge the dev to submit the app at : https://gitlab.com/fdroid/rfp
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/quran/quran_android/issues/755#issuecomment-762752982
Wa alaikum salam.
Sorry, apparently, Firebase Crashlytics is also not acceptable.
https://f-droid.org/docs/Inclusion_Policy/:
We cannot build apps using proprietary tracking/analytic dependencies like Crashlytics and Firebase.
wa3laikum alsalam,
Firebase Crashlytics is not hard to toggle on/off - this isn't a big issue to do. The bigger problem here is that the app has some code (mostly resource files) that come from a separate (private) repo. This is likely against the terms of F-Droid. Building without this (optional) repo means the version in F-droid would only have 2 reciters, no extra page types, etc. If this restriction of building without this library is ok, I can make Firebase Crashlytics optional.
Alternative to Firebase?
It's not opensource, but ACRA or Bugsnag are.
Private repos? Yeah, that's a showstopper
wa3laikum alsalam,
Firebase Crashlytics is not hard to toggle on/off - this isn't a big issue to do. The bigger problem here is that the app has some code (mostly resource files) that come from a separate (private) repo. This is likely against the terms of F-Droid. Building without this (optional) repo means the version in F-droid would only have 2 reciters, no extra page types, etc. If this restriction of building without this library is ok, I can make Firebase Crashlytics optional.
are you the maintainer of the private source repo ? how can we make it open ? aren't most resources available openly on the internet ? i read some old post about people forking it to add ads and make money of it , is that what's holding all this back ?
yes, I am the maintainer of the private repo. It used to be part of this repo.
The problem isn't just a personally annoying aspect of "adding ads and making money", there are other problems:
- given that this is a religious app, there's an aspect of respect Muslims have towards the Quran, and it's disrespectful to add ads surrounding these words, especially when they're things violating the text as in many cases is the case.
- these resources are large mp3 files that live on servers the team pays for. people who re-share this are using our resources (servers and bandwidth) and costing us money in addition to making themselves money.
- people keep our support email address in the built app, so we get confusing bug reports, people cursing us out for being disrespectful (because they're using an app they think is ours but isn't), and so on.
I had 2 choices - completely close the source moving forward (that's what happened with the iOS app, for example), or keep things open but close out the resources to discourage people from inflicting this harm. hence I went with the second approach - the app you can build here is 100% functional, it just limits the set of available (out of the box) recitations to 3 recitations and the available page types to 1 page type if I only compile with the open source code.
@ahmedre Salam alaykum! As for servers (for both audible content and ayahs), you might want to try this public CDN: https://alquran.cloud/cdn - there are API instructions there, and there are no license restrictions on the content. If we use a public CDN, at least for the FOSS version, then shouldn't this issue be gone for good? For contact details, you might want to implement a system that hashes the APK, sends the hash to a server operated by the app's team (could be a free-tier Heroku instance and a Node.js script), then only files a ticket if the hash of the APK matches an official release. (Or you could possibly remove the "submit ticket" option from the open-source version) And finally, for ads ... this is one tough nut to crack. Perhaps you can file Play Store copyright takedown requests on the offending apps?
I'd love to hear what you think about these options.
wa3laikum alsalam, the problem is the bandwidth cost of transferring the mp3s - api is extremely lightweight and only accessed very rarely, so can run off a $5/mo virtual server (even with several folds the traffic). the hashing solution could work for mp3s for example but would have to figure out a way for it to work in a backward compatible manner.
my question is would a Quran for Android version that lives in F-droid with only a handful of Qaris be better than nothing being there? if so we can make this happen pretty easily (just have to fix making Crashlytics optional for compilation). this would be the fastest way to make it happen. walsalam 3alaikum.
@ahmedre That CDN does exactly that - it has MP3 files available for public use. You can integrate URLs from that website in your app (since it's license-restriction-free) instead of MP3 files from your server - you'd essentially slash MP3 hosting costs to zero. You can redirect the current links on your own server to links that point to that other server - this way, backward compatibility is preserved. If it comes down to either nothing or an open-source version with just a handful of qaris, then the latter is definitely better, but let's hope we can figure out a more functional alternative! :-D
they have 5 different Qari types (and all gapped not gapless) whereas the app today ships with a lot more. same thing about shipping with a limited audio subset if so would apply here.
@ahmedre How about this one? https://mp3quran.net Sample URL: https://server11.mp3quran.net/yasser/024.mp3 They also have a BitTorrent service: https://www.mp3quran.net/ar/quran-download I couldn't find a license for the content, but the website is up for the sole purpose of service Quran MP3 files, so I can't see how they would object to this being used in an open-source app.
Otherwise, we could go ahead with a very limited selection, or to implement moar verification. But verification is a cat-and-mouse game, and there's no way it would be backward-compatible (older versions would lose access, possibly compounding the issue)
Can @bingoxo or whomever has access to the F-Droid ticket explain the situation to them and ask them if we can get an exception?
For this reason, source-built applications are the preferred method for the main F-Droid repository, although occasionally for technical or historical reasons, exceptions are made to this policy.
https://f-droid.org/en/docs/Signing_Process/
Yes. In all but a very few cases (for technical or historical reasons), we build all applications directly from the source code.
https://f-droid.org/en/docs/FAQ_-_App_Developers/#will-my-app-be-built-from-source
just for clarity, our content is also free (as far as we know, we take anything down whenever we get copyright notices about it), and we're hosting anyway and don't plan on changing that in sha' Allah whether on F-Droid or not.
i think the point is people taking the app and abusing it (disrespecting the Qur'an) on one hand, while also using our resources and bandwidth on the other hand. realistically, the financial cost to us from these apps is likely negligible. i don't want to make this easy for people and as we've seen time and time again on both iOS and Android, people being able to clone and re-ship the project as is with all features and things makes the barrier to doing this extremely low, thereby increasing how often this happens.
i'd vote for a limited set of qaris - but yeah if whoever has access to F-Droid can give an exception for just having a set of URLs not being part of the open source build, that'd make things easier.
also, for people who can't / don't want to install Google Play, we always have apks on our Github releases page.
is the apk on release page the 1:1 copy of the one in playstore ? from a privacy standpoint is there a benefit to get it from there instead of play store ?
as for the exception on f-droid , maybe @licaon-kter can again give more insight
Exceptions? No we can't... the app could just download the assets on first start or ask the user to provide them locally?
@bingoxo To me, the primary useful feature of F-droid is updates, and given the app is relatively mature, I don't need automatic updates, and can just check the releases every once in a while.
If you have a trust issue, either
- find another app on the store that you trust (this statement is not a praise nor offense to any app).
- or build the available code yourself.
- or better yet, use a printed Mushaf :)
Here is another suggestion: Would you be happier having an apk on releases without Crashlytics for example (yes, I think the apk is the same on playstore)? (Not sure if @ahmedre likes this option)
@licaon-kter
Exceptions? No we can't... the app could just download the assets on first start or ask the user to provide them locally?
While we can possibly try to ask for an exception (they very clearly said "technical reasons"), the solution that you provided (make the open source version load the assets from local storage) is better, especially since the required assets can be compressed and uploaded to any static file host, or even a peer-to-peer file sharing website. However, a multitude of online-Quran-MP3 websites exist, why not just leverage these as an alternative?
@benomaire Is FOSS all about trust and nothing more?
Yes. Many people put their trust in FOSS. So it mainly depends upon trust and community development.
ٱلسَّلَامُ عَلَيْكُمْ وَرَحْمَةُ ٱللَّٰهِ وَبَرَكَاتُهُ I would vouch for a trimmed down version on FDroid, that would atleast be a start.
I think a good interim solution for users could be the IzzyOnDroid repo, the APKs are taken directly from GitHub releases, and it can be added to F-Droid so users get automatic updates and don't have to use Google Play: https://apt.izzysoft.de/fdroid/index/apk/com.quran.labs.androidquran
@IzzySoft can you add the other apks (in release page , there are 4 versions for every tag) to your repo please ?
@abdulocracy
it can be added to F-Droid so users get automatic updates
Note that they won't be able to update from Izzy's (Github version) to F-Droid version since they are signed by different keys.
@abdulocracy
it can be added to F-Droid so users get automatic updates
Note that they won't be able to update from Izzy's (Github version) to F-Droid version since they are signed by different keys.
there is no f-droid version at the time , he probably meant add izzy's repo to fdroid