I have not installed it and cannot read any code. I would still be interested in what you think of it.
Problem with that is if you’re obtaining botnet or spyware directly from source…well…
So while F-Droid criticism is valid - there’s no optimal solution still, you’d have to play trust game.
There are few apps where the developer doesn’t bother with f-droid or the app is closed source. I’m developing something too, I’m not sure if I will put it on f-droid, for a few reasons. Didn’t try obtainium yet, but it’s a great idea, as a developer I don’t need to bother with repos and whatever, just have build somewhere.
Which reasons i wonder?
Having to maintain a repo mostly.
I used newpipe and they had to make their own repo, because releasing new versions on f-droid was slow and sometimes they changed stuff daily in newpipe. They didn’t have a self updater at that point either.
I might put it on f-droid a few months after release, I’m pretty sure there will be a few issues in the beginning that need quick fixes. I didn’t use f-droid for more than a year, so I don’t know if you can do a quick hotfixes with it nowadays.
Thanks for your thoughts. i am also aware that apkpure is not exactly a privacy-friendly example.
I was thinking more of tutanota, signal or even newpipe which i get directly from the website.
I guess I have no choice but to test this app.
I have Obtainium installed on a, by now, rather oldish, Galaxy S8 which runs an unofficial build of LinneageOS. I use this device only for testing purposes.
Though, admittedly, I have not looked into the privacy and/or security aspects of using this app, in terms of functionality, it does what it is designed for and is quite good at that.
I both install/update and keep track of applications with it.
Also, I am keeping an eye on this new app store which is still at alpha but seems promising:
I use Obtainium on my Pixel 7 running GrapheneOS and it works like a charm.
I’m running it since yesterday on my Pixel4a and i must say its amazing.
Thank you all!!
Just wanted to mention, that whatever FOSS source to obtain programs you’d choose will probably be just fine. However definitely don’t do Play Store for anything meaningful like secure messenger for example…
See here, App stores section.
It’s more than enough meta information (especially timings, crash logs and device model) to correlate and target specific user, in case Goolag or feds would want to do so.
Thanks! I only use my banking app through the playstore. Everything else on my GrapheneOS is FOSS. I just need to get my contacts to move away from Signal and use Session. But that was a lot of work to get them to use Signal at all. They think I’m paranoid no I’m not, I’m just better informed.
EDIT: SIgnal i have directly downloaded as an .apk from their website
btw Obtainium is written in flutter, I’m doing my app in flutter too. I just saw how obtainium handles the permissions, it’s better than how I did it. My app will be a scraping app too.
I have to start reading the source code for more open source flutter apps.
Obtanium is great for personal use but it’s the worst one for general users.
- Many people think anything you download from GitHub is FOSS, actually there is no difference between a sketchy/pirated site & GitHub.
- There is no Virus scanner in the app or you can’t check included trackers.
- You never know everything included in the source code or some parts are proprietary.
While F-Droid has its own issues I don’t agree with many points mentioned in the article. Ater reading the article if you’re gonna suggest Obtanium then you’re misleading the users. Because it just grabs apks from multiple sources nothing more checked, while F-Droid make sure everything is FOSS + adds Anti-Features wherever necessary for transparency.
If you do wanna use Obtanium then I’d suggest to use AppManager along with it. It has VirusTotal, Pithus scanner report included. You can revoke app permissions, block trackers, block internet access, use profile for automation and lot more features…
Something similar feature is planned for AppManager: https://github.com/MuntashirAkon/AppManager/issues/464
There is one very meaningful difference…
Sketchy / pirate site is runned by someone that may be trustworthy, and GitHub is owned by Micro$oft of all things!
Definitely not safe.
Aren’t using a mobile device with an access to the internet by default means you’re already a part of the botnet?
Even on a SoC level, Qualcomm chips were caught on sending telemetry over the web.
Depends on device…but as a general statement - yeah, kinda
Aren’t websites of the banks generally have the same functionality as their apps?
But hoaging far less resources.
You’re certainly right. Actually, i do my banking at home on my PC. Every now and then, you have to look on the road to see if and where all the money is around.
For the last 4 years data of me or my relatives was multiple times leaked from the products of a big mega-corporations.
For the last 10 years I can’t remember any pirated software or website to cause any of such troubles.