Awesome app. It is somehow not listed on android-foss list so maybe someone didn’t know about it.

Obtainium allows you to install and update Open-Source Apps directly from their releases pages, and receive notifications when new releases are made available.

GitHub page: Link.

  • nx5qly@pawb.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Been using this for a while now. Ngl, I didn’t understand it at first and was sitting in my app drawer for months.

    Revisited the app again few days ago, and I couldn’t be happier. Pulls directly from developer’s GitHub, Gitlab, or Codeberg as long as their Release page contains an APK.

  • dbx12@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I don’t want to watch the video on “why this app is better than fdroid”. So, does anyone care to write an TL;DR?

    • Quereller@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Just be aware what you install. Check the developer name and the whole path.
      Some apps on F-Droid are limited for example but you can download the full featured app from Github. Later updates are anyhow cryptographically signed.

    • nodiet@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Yeah fdroid is vastly preferred over this because you can be sure that the source code provided actually produces the executable.

      • SatyrSack@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        F-Droid installs an APK that F-Droid compiled. Obtainium installs an APK that the app developer themselves compiled. I’m not sure what you’re getting at.

        • everett@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Malicious APKs, built by the developer themselves, not matching their public source code.

          • bluejay@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            1 year ago

            Which developer?

            E: Lol @ the ninja edit.

            That’s hardly a meaningful advantage for f-droid and the whole man in the middle risk you’re exposing yourself to there. If you don’t trust the developer to do the bare minimum of providing a release that matches source then why are you even installing their app? Satyr’s response about developers getting compromised has way more weight in that conversation, but still falls short IMO.

            Making sure the apk matches public source and running it through VT aren’t going to catch a malicious apk that has the nasty bits buried in various commits but checks out in VT and matches the public source code. Sure, it’ll burn them as a developer if/when they get caught, but how often does the community truly do code reviews on one-off Android apps? Not often enough to catch that kinda thing before it spreads without getting insanely lucky.

      • csm10495@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        1 year ago

        So this means you trust F-Droid? … do you have proof that they aren’t doing anything nefarious?

        … if we want to play the game of ‘is it safe’ play it all the way in each case.

        Like we’re acting like a dev would upload malware to a trusted repo. If we think that way, the could also slip it into the open source code and not be noticed. Anything’s possible but don’t live in fear.

        There is a weird thing on Lemmy where people seem to be very worried about things that they probably shouldn’t be; then we hit a line where its just ‘ok’.

        TLDR: For 99.99% of people I’d recommend just using the Google Play store.

        • nodiet@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I thought about that argument as I was posting my reply. The thing is that with fdroid you only have to trust one instance. With something like obtainium, you are trusting every single developer whose app you are downloading. Don’t get me wrong, ultimately I am not that worried either and am using the izzyondroid repo as well which has the same issue as obtainium. But it is good to have systems in place to prevent abuse even if that abuse is unlikely.

          • csm10495@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Aren’t you trusting every app developer since it still compiles their code? I mean unless you actively look through all the code in each app you use.