APKs no longer written to /sdcard/Android/data/ folder
- Device OS and version: LineageOS 15.1 (AOSP 8.1)
- Device model/manufacturer: Xiaomi Redmi 4X
- F-Droid version (in the About screen): 1.13
- F-Droid privileged extension version (if installed): 0.2.12
What did you do? (clear steps if possible)
- Manually grant permission to read/write internal shared storage
- Install an app via F-Droid
- Watch the app get downloaded by F-Droid
- Check in
/sdcard/Android/data/org.fdroid.fdroid/cache/apks/
What did you expect to see?
I expected to see the newly downloaded apk file, like it used to be until F-Droid version 1.12.1 after manually granting the permission to read/write to the internal shared storage.
What did you see instead?
The apk file is not written to /sdcard/Android/data/org.fdroid.fdroid/cache/apks/
but instead to /data/data/org.fdroid.fdroid/cache/apks/
like version 1.12.1 would do if the permission to read/write to the internal shared storage isn't granted.
Use case
For me, the behavior up until version 1.12.1 presented a hidden feature. I used it to back up the apk files to have them available for re-installing apps on the go, downgrading apps to any cached version (even if the version was already moved to the archive) or as a backup for offline use. At times i might also copy/share large apk files between devices to spare some bandwidth / download time without needing to set up F-Droid swap.
I don't have a rooted ROM so copying files from /data/data
is impractical as i could only use my custom recovery to do that.
- Is there any feature that can still stupport this use case in F-Droid version 1.13?
- What are the benefits of this behavioral change?
Since APKs still appear to be copied to a separate file in/data/data/org.fdroid.fdroid/files/
when installing them, flash storage is still being written to twice just as in earlier versions of F-Droid. The only use of that behavior i can imagine is to ensure a cached APK can't be tampered with between securely verifying its integrity and installing it. This would no longer be necessary if the security model of F-Droid now ensures that APKs are never written to a publicly writable directory/inode to begin with. The files could now be moved, hardlinked or installed right from the cache directory. Anyone able to still tamper with the APK files in/data/data/org.fdroid.fdroid/
would probably not need to exploit F-Droid's privileges to install a malicious app.