Skip to main content

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 9 updated apps. No added apps, but 1 app had to be removed: AmbientMusicMod includes an enforced self-updater bypassing the screening performed in the IoD repo, and its author refused to make it opt-in or explain the implications.

2 apps will be removed tomorrow:

* Legado comes with too many proprietary components (ads, trackers) and their authors never responded to my reports
* Xsocks is dead, last release 2015, successor available


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#AndroidAppRain
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn github.com/KieronQuinn/Ambient…

And sorry I had to take it down. But circumventing security measures and forcing updates that way is a no-go, and violates the inclusion criteria of my repo (and of F-Droid as well, though they don't really check for it).


Accessibility service and package installer? · Issue #226 · KieronQuinn/AmbientMusicMod

In January my scanner got a few additional checks. So on today's release it reported: ! repo/com.kieronquinn.app.ambientmusicmod_232.apk declares intent-filter(s): android.accessibilityservice.Acce...
GitHub
@Lyyn ☮️
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn And that seems to affect more of Kieron's apps, so I'm afraid his ClassicPowerMenu will be gone soon as well github.com/KieronQuinn/Classic…

Accessibility service and package installer? · Issue #134 · KieronQuinn/ClassicPowerMenu

In January my scanner got a few additional checks. So on today's release it reported: ! repo/com.kieronquinn.app.classicpowermenu_172.apk declares intent-filter(s): android.accessibilityservice.Acc...
GitHub
@Lyyn ☮️
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Solutions are possible if devs "are OK" with honoring the decisions of those using their apps. See attached screenshots on how e.g. RiMusic has implemented this:

1) first ask if update checks should be enabled at all, making the implications clear
2) when an update is available, ask for the preferred action

Note the 2 green buttons in the first screenshot: no nudging. The "confused" user must really read the short text to decide which button to press.

popup in RiMusic asking whether the app should check for updates itself, making clear where those updates would come from and that they wouldn't go through the additional screening provided by IzzyOnDroid or F-Droid. Note the 2 green buttons: no nudging.
Second popup in RiMusic announcing an available update (which of course only happens if updates were enabled), clearly outlining possible actions: 1) open the web browser to download the APK, 2) let RiMusic trigger the download so you can install from the notification, 3) have a little patience and wait until the update arrives in your favorite F-Droid repo.
@Lyyn ☮️
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn Much easier even: [get the installer source of an android app](stackoverflow.com/a/70421558/2…) If that does not return the packageName if the app itself or of Android's PackageInstallers, the app was installed by another app – whose presence on-device can easily be checked thanks to the reported packageName. If it's there => stay away. Otherwise: Make an offer. Never: update without explicit consent.

Is there a way to get the installer source of android app

How can we possibly get the information of install source that installed a package on our device. I want to get the installer source of other installed applications not just my application to verif...
Stack Overflow
@Lyyn ☮️
Unknown parent

Lyyn ☮️
Lyyn ☮️
Maybe the app could somehow ask the "stores" that are installed on the phone if they are able to update it (including checking if signature in the "store" is compatible with current app signature) and only show the dialog if none of them acknowledged.
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Which is why simply asking for consent is the easiest approach 😉

Apart from the question why each app would need to have its own updater. But that might get "philosophical".

@Lyyn ☮️
in reply to IzzyOnDroid ✅

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn sorry to tell you, ClassicPowerMenu will be gone tomorrow as well, for the same reason. As Kieron wrote all is apps have that, I'll now check DarQ, SIM Number Setter and TapTap; afraid they'll follow as well.
@Lyyn ☮️
Unknown parent

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Definitely not. I always try to find a way, but if it's not possible and the author insists on even *enforcing* it via Shizuku, that leaves me no choice.

That said: DarQ and TapTap will be removed tomorrow as well. SIM Number Setter is the only app by Kieron not requesting the REQUEST_INSTALL_PACKAGES permission. But that has not seen any updates for 2 years now.

@Lyyn ☮️