Skip to main content

#AndroidAppRain at https://apt.izzysoft.de/fdroid today brings you 9 updated apps. No added apps, but 1 app had to be removed: AmbientMusicMod includes an enforced self-updater bypassing the screening performed in the IoD repo, and its author refused to make it opt-in or explain the implications.

2 apps will be removed tomorrow:

* Legado comes with too many proprietary components (ads, trackers) and their authors never responded to my reports
* Xsocks is dead, last release 2015, successor available


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#AndroidAppRain
in reply to IzzyOnDroid ✅

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16
Is the discussion with AmbientMusicMod's dev public? It's a nice app, such a pitty you could not agree :(
This entry was edited (2 months ago)
in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn https://github.com/KieronQuinn/AmbientMusicMod/issues/226

And sorry I had to take it down. But circumventing security measures and forcing updates that way is a no-go, and violates the inclusion criteria of my repo (and of F-Droid as well, though they don't really check for it).


Accessibility service and package installer? · Issue #226 · KieronQuinn/AmbientMusicMod

In January my scanner got a few additional checks. So on today's release it reported: ! repo/com.kieronquinn.app.ambientmusicmod_232.apk declares intent-filter(s): android.accessibilityservice.Acce...
GitHub
@Lyyn ☮️🦄 #2024-02-16
in reply to IzzyOnDroid ✅

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn sorry to tell you, ClassicPowerMenu will be gone tomorrow as well, for the same reason. As Kieron wrote all is apps have that, I'll now check DarQ, SIM Number Setter and TapTap; afraid they'll follow as well.
@Lyyn ☮️🦄 #2024-02-16
in reply to IzzyOnDroid ✅

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16
I see. Let's just not stop communication and look for solutions together.
in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Definitely not. I always try to find a way, but if it's not possible and the author insists on even *enforcing* it via Shizuku, that leaves me no choice.

That said: DarQ and TapTap will be removed tomorrow as well. SIM Number Setter is the only app by Kieron not requesting the REQUEST_INSTALL_PACKAGES permission. But that has not seen any updates for 2 years now.

@Lyyn ☮️🦄 #2024-02-16
in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn And that seems to affect more of Kieron's apps, so I'm afraid his ClassicPowerMenu will be gone soon as well https://github.com/KieronQuinn/ClassicPowerMenu/issues/134

Accessibility service and package installer? · Issue #134 · KieronQuinn/ClassicPowerMenu

In January my scanner got a few additional checks. So on today's release it reported: ! repo/com.kieronquinn.app.classicpowermenu_172.apk declares intent-filter(s): android.accessibilityservice.Acc...
GitHub
@Lyyn ☮️🦄 #2024-02-16
in reply to IzzyOnDroid ✅

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16

:(

Self-updating seems to be a particularly widespread problem. I recall similar problems with Mastodon's official client.

Maybe we could somehow brainstorm this problem together with interested developers.

in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Solutions are possible if devs "are OK" with honoring the decisions of those using their apps. See attached screenshots on how e.g. RiMusic has implemented this:

1) first ask if update checks should be enabled at all, making the implications clear
2) when an update is available, ask for the preferred action

Note the 2 green buttons in the first screenshot: no nudging. The "confused" user must really read the short text to decide which button to press.

popup in RiMusic asking whether the app should check for updates itself, making clear where those updates would come from and that they wouldn't go through the additional screening provided by IzzyOnDroid or F-Droid. Note the 2 green buttons: no nudging.
Second popup in RiMusic announcing an available update (which of course only happens if updates were enabled), clearly outlining possible actions: 1) open the web browser to download the APK, 2) let RiMusic trigger the download so you can install from the notification, 3) have a little patience and wait until the update arrives in your favorite F-Droid repo.
@Lyyn ☮️🦄 #2024-02-16
in reply to IzzyOnDroid ✅

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16
Wow, this is a very nice way of doing it. But I can imagine that developers might not want this extra interaction on first run (even though I would be okay with it). One may also argue that it would be unnecessary if the app could detect if it was installed from a "store" which provides updates vs from file manager or browser, which is not possible at the moment AFAIU.
in reply to Lyyn ☮️🦄 #2024-02-16

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16
Maybe the app could somehow ask the "stores" that are installed on the phone if they are able to update it (including checking if signature in the "store" is compatible with current app signature) and only show the dialog if none of them acknowledged.
in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅
@lyyn Much easier even: [get the installer source of an android app](https://stackoverflow.com/a/70421558/2533433) If that does not return the packageName if the app itself or of Android's PackageInstallers, the app was installed by another app – whose presence on-device can easily be checked thanks to the reported packageName. If it's there => stay away. Otherwise: Make an offer. Never: update without explicit consent.

Is there a way to get the installer source of android app

How can we possibly get the information of install source that installed a package on our device. I want to get the installer source of other installed applications not just my application to verif...
Stack Overflow
@Lyyn ☮️🦄 #2024-02-16
in reply to IzzyOnDroid ✅

Lyyn ☮️🦄 #2024-02-16
Lyyn ☮️🦄 #2024-02-16
But if it's installed by a browser or file manager it will pass the check, but should make the offer anyway. I guess this will warrant some kind of filtering by package name which is very inconvenient.
in reply to Lyyn ☮️🦄 #2024-02-16

IzzyOnDroid ✅
IzzyOnDroid ✅

@lyyn Which is why simply asking for consent is the easiest approach 😉

Apart from the question why each app would need to have its own updater. But that might get "philosophical".

@Lyyn ☮️🦄 #2024-02-16