Google is now marking EVERY SINGLE APK at our repository as "Malware site issue". Congrats, "Safe" browsing.
Of course there is not a single malware there, everything is scanned multiple times. And I bet they excluded *.google.com from their scan or the entire PlayStore would be red by now, too…
Calling out to all of you: Please use safebrowsing.google.com/safebr… to report the links as "safe"!
apt.izzysoft.de/fdroid/repo/co… is the one console reports.
This entry was edited (6 hours ago)
Sylvia reshared this.
, to světlo tam asi nesmi to je pravda. Necháváme tak týden kvasit.
murks
in reply to IzzyOnDroid ✅ • • •Sylvia
in reply to murks • • •IzzyOnDroid F-Droid Repository
IzzyOnDroid App Repomurks
in reply to Sylvia • • •IzzyOnDroid F-Droid Repository
IzzyOnDroid App Repojandi
in reply to Sylvia • • •IzzyOnDroid ✅
in reply to murks • • •@murks The console points to apt.izzysoft.de/fdroid/repo/co… – which at our last check (see floss.social/@IzzyOnDroid/1159…) was reported clean even by their own scanner.
And this time they not only MARK it as POTENTIALLY malicious – they block the entire site. So if you have a browser with "SafeBrowsing" enabled, you cannot download a single APK.
IzzyOnDroid ✅
2026-01-24 09:24:10
leandro
in reply to IzzyOnDroid ✅ • • •Sylvia
in reply to leandro • • •apt.izzysoft.de/fdroid/repo/com.apkupdater_52.apk. But right now every single .apk link under
https://
apt.izzysoft.de/fdroid/repo/ is blocked, almost 1300 safe, scanned, open source apps :(
Sylvia
in reply to leandro • • •IzzyOnDroid F-Droid Repository
IzzyOnDroid App RepoThomas
in reply to IzzyOnDroid ✅ • • •Sylvia
in reply to Thomas • • •IzzyOnDroid ✅
in reply to Sylvia • • •Alex ✅
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to Thomas • • •@thomas Thanks for checking!
It also doesn't make it better that they do not tell us WHICH files are affected and WHY. Their console just gives a single example (the linked APK), and says "go figure yourself".
And isn't it funny that the APK triggering this insane BS is an APK downloader? What was that with "allowing alternative app stores" (even Droid-ify is blocked now)? And the crap with "developer registration"? One ring to rule them all?!?
Bill
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to Bill • • •@Sempf even their own ones, I guess – like "back then"? support.google.com/webmasters/…
Yeah, nice description: "spam service". Pun intended? Most spam (or should I say: scam?) I see here nowadays is hosted at storage.googleapis.com. But yeah, tell us whom to trust…
Would be interesting to know who else is affected. Only us with the APKs – or e.g. ApkPure (which copies the APKs from PlayStore) as well? 🤔
loebas
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to loebas • • •AmonTheMetalHead
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to AmonTheMetalHead • • •AmonTheMetalHead
in reply to IzzyOnDroid ✅ • • •John 🥛
in reply to IzzyOnDroid ✅ • • •@AmonTheMetalHead
IzzyOnDroid ✅ reshared this.
ahills
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to ahills • • •@ahills Heard that the second time now. And getting more reports that their entire "spam service" (haha, yeah) seems to have gone nuts – like, marking each and every incoming mail as "spam".
So much about that "internet police". Which – by their PR – is the only one you can trust…
ahills
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to ahills • • •RodolfoRG
in reply to IzzyOnDroid ✅ • • •Via Firefox for Android
Nordafrica
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to Nordafrica • • •@sousse Thanks! Let's hope we're shaking something loose there – and that it's just a quirk at their end, which they quickly fix, removing those unwarranted blocks and red pages.
I doubt they'll ever apologize for the mess they caused there. Wish they'd surprise me positively once. Like, "as reparation, we've filled your OpenCollective with a (6+ digit) sum" (that would even come out of their "petty cash")… Well, one can dream, right? *Sigh…*
LΞX/NØVΛ 🇪🇺
in reply to IzzyOnDroid ✅ • • •it's why i disable "safe browsing" as google already used it in a censorship way in the past.
I recommend you to also complain on europe for DMA breach
IzzyOnDroid ✅
in reply to LΞX/NØVΛ 🇪🇺 • • •@lexinova Help with the latter appreciated! We're currently not sure if it's explicitly us (and other "app stores") being affected, or a general failure" of Google's systems (as we also got reports of "all incoming mails are being marked spam" and such).
If you know someone who would help us with such "legal stuff" (pro bono, as we could not cover much cost), please recommend.
We can also talk this when we meet at the weekend in Brussels (looking forward to meeting you!).
LΞX/NØVΛ 🇪🇺
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to LΞX/NØVΛ 🇪🇺 • • •@lexinova Thanks! @noybeu was also the first coming to my mind. We'd be really thankful if they'd take this up. I'm pretty sure we're not the only ones affected this way. As you've put them in copy already, let me link my snippet for reference again: gitlab.com/-/snippets/4909577 (document "02" there is about the multiple issues we had with them already, just within a single month). I'll try to keep that updated.
I'd say blocking ALL our Android app pages, can count as DMA violation, no?
Netcraft false positives, Google Safebrowsing shenanigans ($4909577) · Snippets · GitLab
GitLabLΞX/NØVΛ 🇪🇺
in reply to IzzyOnDroid ✅ • • •Germán
in reply to IzzyOnDroid ✅ • • •Is Google hosting this page? Is Google scanning all the pages I visit even on Firefox?
Sylvia
in reply to Germán • • •This is Google "Safe browsing". Even Firefox has it enabled by default. So yes, this is Google.
As I understand it your browser downloads a list of banned sites from Google every now and then. So not actively scanning what you browse (though they can do that for most sites with all the trackers they have), but I have to be honest I don't know all the details on "Google Safe Browsing". Documentation is scarce.
IzzyOnDroid ✅
in reply to Germán • • •@germanfr It's a "feature" called "Google Safebrowsing". In intervals, it downloads allegedly malicious URLs to your browser, which then compares each visited URL against those.
Google isn't hosting our repo – we do that (currently at Hetzner in Germany). But yes: this way, Google has the power to decide which pages you're allowed to see – and which… not. In this current case, one could count that as anti-competitive, and a violation of DMA.
kNeo gHau
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to kNeo gHau • • •Emilio ʕ̡̢̡ʘ̅͟͜͡ʘ̲̅ʔ̢̡̢
in reply to IzzyOnDroid ✅ • • •SlightlyCyberpunk
in reply to IzzyOnDroid ✅ • • •IzzyOnDroid ✅
in reply to SlightlyCyberpunk • • •@admin I've updated my snipped with information collected from this thread, on how to disable Google Safebrowsing on Android browsers:
gitlab.com/-/snippets/4909577#…
So far, we have hints on Firefox and Brave. If you know it for other browsers, please let me know and I'll add it.
Note that, while I'm very much tempted to, this is no "recommendation to disable it". For our site it is safe (to our knowledge), but there are real dangers out there (like, googleapis.com 🙊). So be careful, please!
Netcraft false positives, Google Safebrowsing shenanigans ($4909577) · Snippets · GitLab
GitLabSlightlyCyberpunk
in reply to IzzyOnDroid ✅ • • •Ah, so to follow the instructions on the error message you have to know how to bypass their attempts to block mobile users from using about:config. Lovely.
I filed a bug report with Mozilla too. As far as I'm concerned this is a serious UI defect, especially considering that the desktop version offers significantly more detail and also a bypass link. So sick of mobile users getting screwed over by Mozilla...
Kevin
in reply to IzzyOnDroid ✅ • • •