this post was submitted on 25 Jan 2025
149 points (97.5% liked)
Privacy
33055 readers
632 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have a tangential question. Would it not make sense for an OS, in this case Android, to have some proper mechanism for installing apps (in this case APKs) directly from a website (as lots of people have been doing fastidiously from signal.org by necessity)?
After all, this is all about trust. With software, assuming that you trust the developer, the goal is to be sure that nobody interfered with the developer's compiled software - and who better to guarantee that than the developer themself, at their own domain? DNS resolution is already based on the "web of trust" principle, which is why you can trust your bank's website. Arguably F-Droid performs a valuable role as a curator and selector of good software, but is there any good technical need for it to actually distribute the software?
Not exactly answering your question but you can use the app Obtainium to fetch the apk URL from a website/github repo and many other sources to install directly. It also supports fdroid repos and many other sources out of the box. Kinda half way what you mentioned in your first paragraph.
Thank you for posting the link
Yes true! Forgot about Obtainium. ~~Personally I'm not much tempted because all it does is swap out F-Droid for Github (i.e. Microsoft) as the middleman.~~ But I agree that it's definitely a win for convenience.
PS: Turns out Obtainium is source-agnostic. Good news.
Of course Github is just an example but you can pretty much regex any URL and further filter out anything in order to get the apk link with it. So depending on your level of privacy requirement and trusted sources, you can skip all the centralized ones and build your own list of sources.
So it does! OK so this is pretty close to a decent solution after all (the ideal one being IMO exactly the same thing but native to the OS). Thanks for the correction.
Not sure if this fits your definition of OS, proper, or install, but FWIW you can already download an apk directly from github using most Android browsers and it will open (or give you the option to open) it with the system's package installer.
Yep and that's exactly what we doing with Signal to avoid the Play Store. It's a bit of a PITA and it's the same on desktop. It's because they don't want third parties maintaining their packages.
My crazy utopian idea is for some kind of protocol (or equivalent) that would allow native package managers (mobile or desktop) to "plug in" to the website repos of authors, directly.
Isn't this basically the same thing as clicking a .apk or .exe link in a browser (which already works on mobile/desktop)?
Other than (a) having to use a browser and (b) no update mechanism, yes.