Love this app, makes it really easy to keep non-store apps up to date by linking directly to the apps GitHub repo for example.
Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.
I would recommend caution with apps from the store too. Not only are many predatory practices not disallowed, outright malware can and does slip through review. The advice is the same as ever when it comes to computers: don't run programs you don't trust, and set your bar of trust high.
it's worse than that imo. People claim the web is dangerous because it runs untrusted code but apps do the same with auto updates from stores and that the majority of apps are just webviews running code from the net but without the same level of sandboxing as a browser
We hear enough story how Google removes legit app without reason, using automated process, to know that there is at least as much malicious app that goes through being undetected.
Alright, well I don't think I personally know anyone who has ended up with malware on their phone. I'm sure it could be better but it seems alright. I'm not gonna advise everyone I know to stress out about it by trying to have a high bar of trust and evaluate every app they wanna try only to have the exact same result they've had for years.
The advice is absolutely not the same as it's always been - it would be weird if the advice from the early aughts, when it was common to be affected by malware or viruses, was the same as the advice now when it's rare.
> Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.
Its still a lot more dangerous than the Play store, and I assume a good threat actor can go undetected, but the Play Protect even scans apps that are installed from outside the store.
I use this and it's great. Only problem is when: 1) you want something outside of github (from my experience, already gitlab and codeberg can be buggy here, although very rarely), and 2) when you need a specific release channel (example: Firefox Beta, which requires a bit of work). But overall it works great. Now, one has to consider the security aspects: stores like Google Play (and, to a lesser extent, F-Droid) do perform some antimalware checks. It's not bulletproof, but it gives a bit more trust in case the dev goes rogue or is compromised. BUT you have to trust the store. With Obtainium, you have to trust: 1) the app's developer 2) Github/Gitlab/Codeberg 3) Obtainium's developer. So, it depends what's your threat model. I'm looking forward to seeing wider adoption for Accrescent!
I've been using it for a while I'm surprised that Android allows third party app installers that can update apps in tbe background. I don't follow the specifics of Android developments but I 100% expected it to get more locked down with time.
The opposite happened; for a while, it did not allow third party installers to run without user interaction but now it does. EU legislation probably had a role in that change.
i've been using this app and i honestly prefer it this way.
Lets not forget that certificates are created and checked for github.com, so unlikely for a middleman to get in.
I trust github much more than google right now. Especially since the object being fetched is generic as opposed to a appstore. Google's app store has only shown to hinder publishing. Take syncthing for instance.
The only thing I wish was better was the .apk selection process. It would be nice if a database existed with filename formats or a little extra metadata to match the correct asset.
A great example of this would be the XZ backdoor, which never got commited to the source tree, but got implanted in the release tarballs, which were built on the attacker's systems
Finally, a no nonsense Auto-App-Updater App! if only sites would include a version number somewhere on the download page so obtainium could find it. Looking at you https://grayjay.app (it doesn't seem to work for partial file hash either so I had to turn auto updates off for this one)
We sorely need 1:1 replacement of app store trust and discovery mechanisms too without any kafka-esque approval hoops. Obtainium app config sharing and perhaps a standard for APK release webpages would be a great first step towards that.
No need. Obtainium already supports downloading from third-party F-Droid, so users can add Grayjay this way:
1. Enter the URL "https://app.futo.org/fdroid/repo/"
2. In "Override Source", select "F-Droid Third-Party Repo"
3. For "App ID or Name", enter "grayjay"
4. Press "Add"
5. Done
Readit News
Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.
I would recommend caution with apps from the store too. Not only are many predatory practices not disallowed, outright malware can and does slip through review. The advice is the same as ever when it comes to computers: don't run programs you don't trust, and set your bar of trust high.
We hear enough story how Google removes legit app without reason, using automated process, to know that there is at least as much malicious app that goes through being undetected.
The advice is absolutely not the same as it's always been - it would be weird if the advice from the early aughts, when it was common to be affected by malware or viruses, was the same as the advice now when it's rare.
Its still a lot more dangerous than the Play store, and I assume a good threat actor can go undetected, but the Play Protect even scans apps that are installed from outside the store.
How?
Lets not forget that certificates are created and checked for github.com, so unlikely for a middleman to get in.
I trust github much more than google right now. Especially since the object being fetched is generic as opposed to a appstore. Google's app store has only shown to hinder publishing. Take syncthing for instance.
The only thing I wish was better was the .apk selection process. It would be nice if a database existed with filename formats or a little extra metadata to match the correct asset.
What?
Don't assume that the APKs are generated by GitHub's CI, anyhow, anything can be uploaded as a release
We sorely need 1:1 replacement of app store trust and discovery mechanisms too without any kafka-esque approval hoops. Obtainium app config sharing and perhaps a standard for APK release webpages would be a great first step towards that.
Reference images: - Add app: https://ibb.co/dL1Hqw6 - Result: https://ibb.co/whmL3PY
2. FFUpdater
3. Obtanium
4. Aurora Store
2. FFUpdater
3. Aurora Store