Awesome app. It is somehow not listed on android-foss list so maybe someone didn’t know about it.

Obtainium allows you to install and update Open-Source Apps directly from their releases pages, and receive notifications when new releases are made available.

GitHub page: Link.

You are viewing a single thread.
View all comments
23 points

This doesn’t seem super safe from a security standpoint. Can anyone comment on safety?

permalink
report
reply
1 point

Just be aware what you install. Check the developer name and the whole path.
Some apps on F-Droid are limited for example but you can download the full featured app from Github. Later updates are anyhow cryptographically signed.

permalink
report
parent
reply
27 points

Yeah fdroid is vastly preferred over this because you can be sure that the source code provided actually produces the executable.

permalink
report
parent
reply
7 points

I disagree. Using F-Droid introduces another party and middle man that you have to trust, in addition to a single point of failure. Any checks that F-Droid does is very basic and they have said themselves that they can’t ensure apps are safe.

https://privsec.dev/posts/android/f-droid-security-issues/

permalink
report
parent
reply
2 points

So this means you trust F-Droid? … do you have proof that they aren’t doing anything nefarious?

… if we want to play the game of ‘is it safe’ play it all the way in each case.

Like we’re acting like a dev would upload malware to a trusted repo. If we think that way, the could also slip it into the open source code and not be noticed. Anything’s possible but don’t live in fear.

There is a weird thing on Lemmy where people seem to be very worried about things that they probably shouldn’t be; then we hit a line where its just ‘ok’.

TLDR: For 99.99% of people I’d recommend just using the Google Play store.

permalink
report
parent
reply
3 points

I thought about that argument as I was posting my reply. The thing is that with fdroid you only have to trust one instance. With something like obtainium, you are trusting every single developer whose app you are downloading. Don’t get me wrong, ultimately I am not that worried either and am using the izzyondroid repo as well which has the same issue as obtainium. But it is good to have systems in place to prevent abuse even if that abuse is unlikely.

permalink
report
parent
reply
17 points

F-Droid installs an APK that F-Droid compiled. Obtainium installs an APK that the app developer themselves compiled. I’m not sure what you’re getting at.

permalink
report
parent
reply
11 points

Malicious APKs, built by the developer themselves, not matching their public source code.

permalink
report
parent
reply
4 points

Am I missing something? In my experience using Obtainium it pulls apks from sources I tell it to, usually the developers git releases and even sometimes f-droid repos. This app doesn’t compile anything.

The main benefit is watching for updates directly from developers which, again in my experience, has been quicker than waiting on f-droid. You could even have it do just the notification and you can manually go download and install if you’re the cautious.

permalink
report
parent
reply
3 points

The developer(s) could slip something nefarious in easily. We’re putting all our faith into developers that could be anybody

permalink
report
parent
reply
0 points

What’s your concern exactly? That they’ll install malicious apps on your phone?

permalink
report
parent
reply

Android

!android@lemdro.id

Create post

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it’s in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it’s not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website’s name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don’t post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities
Lemmy App List
Chat and More

Community stats

  • 1.5K

    Monthly active users

  • 2.8K

    Posts

  • 34K

    Comments