* Device OS and version: LineageOS 15.1 (AOSP 8.1) * Device model/manufacturer: Xiaomi Redmi 4X * F-Droid version (in the _About_ screen): 1.13 * F-Droid privileged extension version (if installed): 0.2.12 ## What did you do? (clear steps if possible) - Manually grant permission to read/write internal shared storage - Install an app via F-Droid - Watch the app get downloaded by F-Droid - Check in `/sdcard/Android/data/org.fdroid.fdroid/cache/apks/` ## What did you expect to see? I expected to see the newly downloaded apk file, like it used to be until F-Droid version 1.12.1 after manually granting the permission to read/write to the internal shared storage. ## What did you see instead? The apk file is not written to `/sdcard/Android/data/org.fdroid.fdroid/cache/apks/` but instead to `/data/data/org.fdroid.fdroid/cache/apks/` like version 1.12.1 would do if the permission to read/write to the internal shared storage isn't granted. ## Use case For me, the behavior up until version 1.12.1 presented a hidden feature. I used it to back up the apk files to have them available for re-installing apps on the go, downgrading apps to any cached version (even if the version was already moved to the archive) or as a backup for offline use. At times i might also copy/share large apk files between devices to spare some bandwidth / download time without needing to set up F-Droid swap. I don't have a rooted ROM so copying files from `/data/data` is impractical as i could only use my custom recovery to do that. - Is there any feature that can still stupport this use case in F-Droid version 1.13? - What are the benefits of this behavioral change? Since APKs still appear to be copied to a separate file in `/data/data/org.fdroid.fdroid/files/` when installing them, flash storage is still being written to twice just as in earlier versions of F-Droid. The only use of that behavior i can imagine is to ensure a cached APK can't be tampered with between securely verifying its integrity and installing it. This would no longer be necessary if the security model of F-Droid now ensures that APKs are never written to a publicly writable directory/inode to begin with. The files could now be moved, hardlinked or installed right from the cache directory. Anyone able to still tamper with the APK files in `/data/data/org.fdroid.fdroid/` would probably not need to exploit F-Droid's privileges to install a malicious app.