Awesome app. It is somehow not listed on android-foss list so maybe someone didn’t know about it.
Obtainium allows you to install and update Open-Source Apps directly from their releases pages, and receive notifications when new releases are made available.
GitHub page: Link.
This doesn’t seem super safe from a security standpoint. Can anyone comment on safety?
Yeah fdroid is vastly preferred over this because you can be sure that the source code provided actually produces the executable.
F-Droid installs an APK that F-Droid compiled. Obtainium installs an APK that the app developer themselves compiled. I’m not sure what you’re getting at.
Malicious APKs, built by the developer themselves, not matching their public source code.
I disagree. Using F-Droid introduces another party and middle man that you have to trust, in addition to a single point of failure. Any checks that F-Droid does is very basic and they have said themselves that they can’t ensure apps are safe.
Am I missing something? In my experience using Obtainium it pulls apks from sources I tell it to, usually the developers git releases and even sometimes f-droid repos. This app doesn’t compile anything.
The main benefit is watching for updates directly from developers which, again in my experience, has been quicker than waiting on f-droid. You could even have it do just the notification and you can manually go download and install if you’re the cautious.
The developer(s) could slip something nefarious in easily. We’re putting all our faith into developers that could be anybody
So this means you trust F-Droid? … do you have proof that they aren’t doing anything nefarious?
… if we want to play the game of ‘is it safe’ play it all the way in each case.
Like we’re acting like a dev would upload malware to a trusted repo. If we think that way, the could also slip it into the open source code and not be noticed. Anything’s possible but don’t live in fear.
There is a weird thing on Lemmy where people seem to be very worried about things that they probably shouldn’t be; then we hit a line where its just ‘ok’.
TLDR: For 99.99% of people I’d recommend just using the Google Play store.
I thought about that argument as I was posting my reply. The thing is that with fdroid you only have to trust one instance. With something like obtainium, you are trusting every single developer whose app you are downloading. Don’t get me wrong, ultimately I am not that worried either and am using the izzyondroid repo as well which has the same issue as obtainium. But it is good to have systems in place to prevent abuse even if that abuse is unlikely.
Never heard of it before, but it seems better than just using f-droid. Some of the apps I use are only available on GitHub.
Are you aware of the izzyondroid repo? That contains loads of github releases which for one reason or another haven’t made their way to fdroid yet. So far, I haven’t had to manually download any apks from github because everything has been available there.
Literally just installed this and set up with all my Foss apps, couldn’t be happier, works surprisingly well for “beta” haha
Been using this for a while now. Ngl, I didn’t understand it at first and was sitting in my app drawer for months.
Revisited the app again few days ago, and I couldn’t be happier. Pulls directly from developer’s GitHub, Gitlab, or Codeberg as long as their Release page contains an APK.
I use APKgrabber just because it automatically checks for all my installed apps but this seems like a better option if you spend the time to set it up.