Sylvia

5 days ago

Sylvia
5 days ago

Very excited to see #Droidify implement the #IzzyOnDroid download statistics!

This means 2 out of the top 3 #FDroid clients now show download statistics for apps downloaded from IzzyOnDroid. Hopefully this convinces more repositories to adopt this!

The part I love most is the different directions Droidify and Neo Store took it. Droid-ify went for simple, just showing the total amount of downloads, while Neo Store went for detailed graph.

What's your preference? Simplicity or detail? :)

Droid-ify

2026-01-21 16:02:31

Droid-ify v0.6.8 Hotfix
Fixed:
- Apk file integrity check failing
- Download stats data validation
- Performance in apps list
Full changelog available here: github.com/Droid-ify/client/re…
#droidify

Release Release v0.6.8 Hotfix · Droid-ify/client
Fixed: Apk file integrity check failing Download stats data validation Performance in apps list Full Changelog: v0.6.7...v0.6.8
^GitHub

IzzyOnDroid ✅ reshared this.

in reply to Sylvia

Sylvia

in reply to Sylvia 5 days ago

For those who are curious how it looks :)

A screenshot of Catima in Droid-ify, showing "Version", "Size" and "Downloads" in big colomns on the main screen. Downloads currently shows "55314"

in reply to Sylvia

Onno

in reply to Sylvia 5 days ago

Ohhhh that's great to have! Now that makes me jealous that the F-Droid repo doesn't have stats. 🙃

in reply to Onno

@donno Hopefully we can convince them to adopt the system, I think it would be great for users to have general popularity info for apps. We purposefully kept the system extremely simple to make adoption easy :)

@Onno

in reply to Sylvia

Jenny

in reply to Sylvia 5 days ago

The other time I wanted to recommend Droid-ify in the #Ironfox room this is what they told me...

Luckily it doesn't affect me since I abandoned all use of F-Droid and now I use Accrescent and Obtainium, I'm not complaining.

Text: "Droidify has no index v2. No delta updates for the repo index, outdated signature algorithm. "

"Also the bunch of repos enabled by default, with no repo preference feature"

Text: "Then please don't recommend Droidify"

"I don't know what people see in it and somehow recommend it to people wanting security"

#ironfox

in reply to Jenny

Sylvia

in reply to Jenny 5 days ago

@TheJnx I will be honest, my main reaction to this is that I am quite disappointed when people tell others about an issue they found but not actually tell the developer about it so it can be fixed: github.com/Droid-ify/client/is…

Besides that, I took a short look at the code and sha256 is used for the file integrity itself: github.com/Droid-ify/client/bl….

MD5 is only used to compare the signature with the installed one which Android itself would block if a false positive would occur: github.com/Droid-ify/client/bl…

client/app/src/main/kotlin/com/looker/droidify/service/ReleaseFileValidator.kt at ff0f6c66c8a22a9a9dc7244cbc3ff651ebe20e19 · Droid-ify/client

Clutterfree F-Droid client. Contribute to Droid-ify/client development by creating an account on GitHub.

^GitHub

@Jenny

in reply to Sylvia

Sylvia

in reply to Sylvia 5 days ago

So I don't really see the issue to be honest. The only possible risk is if you disable Android's signature verification with XPosed modules (which would be a horrible idea) and happen to get the one signature that somehow would match in MD5. But both IzzyOnDroid and F-Droid already use an allowlist of signatures per app, so this would already be blocked serverside there.

Lacking index-v2 is not a security risk at all but would be nice for faster update checks.

This entry was edited (5 days ago)

in reply to Sylvia

Sylvia

in reply to Sylvia 5 days ago

@TheJnx Obtainium on the other hand is often used to get APKs directly from developers with no malware scan or anything. So if a dev gets their system infected by malware and because of that uploads a build with malware, you will just instantly get that and infect your device, there is no party in between to scan or rebuild the app from source.

Personally, I find "dev gets their system infected by malware" a much more likely scenario, which is why I don't understand Obtainium as "more secure".

@Jenny

in reply to Sylvia

Sylvia

in reply to Sylvia 5 days ago

@TheJnx Of course SHA would be better, so nice to see LooKeR will fix that: mastodon.social/@Iamlooker/115… :)

LooKeR (@Iamlooker@mastodon.social)

@TheJnx@bonito.cafe @SylvieLorxu@chaos.social Well yes I agree that Droid-ify does not have Index V2 or diffing but I don't see how thats a security issue. And the 3 point of it "uses a outdated signature algorithm".

^{LooKeR (Mastodon)}

@Jenny

in reply to Sylvia

Jenny

in reply to Sylvia 5 days ago

for that reason I will continue to say that either Github or Codeberg, any other source, as such is for more experienced people, Obtainium is obviously safe (as far as it goes), allows more than 10 sources from which to download apps, but of course, it all depends on using reliable sources, review the code, use an antivirus (although I doubt the quality of these), that the repository has been reported in that case, etc.

I must admit that I have not stopped using Izzyondroid, only for one app (since the versions there seem to me more stable) but of course, Izzyondroid seems to me that unlike F-Droid allows a wider catalog of apps, but of course, for everything I use Obtainium itself because it allows me to save all those apps and apks that could be scattered on my device

⇧

Sylvia 5 days ago • •

Sylvia
5 days ago