Hans-Christoph Steiner: > > Hans-Christoph Steiner: >> >> >> Adam Pritchard: >>>> >>>> Internet freedom tools like Psiphon, Tor/Orbot, Great Fire's FreeBrowser, >>>> StoryMaker, and many more provide direct download links for installing apps >>>> when Google Play is blocked, or the internet is otherwise filtered. If >>>> users who download those do not have Google Play, they are left without a >>>> reputable source of essential updates. >>> >>> >>> This doesn't invalidate your point/idea, but for completeness: Psiphon's >>> directly installed clients self-upgrade, with signature verification of the >>> upgrade package. To avoid violating the Play Store ToS, the app detects >>> whether it's a Play Store install or directly installed, and doesn't try to >>> self-upgrade in the former case. >>> >>> Adam >> >> Thanks, that's definitely useful info! How long as that been in your >> Google Play releases? >> >> .hc > > @commonsguy just pointed out this library to me, which already includes > F-Droid support: > > https://github.com/javiersantos/AppUpdater > > I wonder if it does the right thing in terms of verifying what it > downloads, or just leaves it up entirely to Android verifying the APK > signature.
I dug into it a little bit, it just scrapes the various app webpages to see if the version is newer. Seems a bit fragile. It then just downloads the APK. .hc _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
