library for helping user install F-Droid after directly downloading an app
There are many ways around the world to share apps, often times people are getting APKs from wherever, and many app stores are just scrapping any APK sources they find. F-Droid provides the best delivery infrastructure for updates, so apps should tell the user to install it. Then they'll get regular updates from a trusted source.
I can see that app devs like to have the simpler model of just updating their own app, but there are so many advantages to the one time F-Droid install that I really want to drive people to installing F-Droid over having apps install their own updates. For example:
- F-Droid has built-in circumvention techniques (Tor, Nearby Swap, etc.)
- F-Droid will have a streamlined update procedure for lots of updates
- F-Droid can run without Unknown Sources when its a system app
This library should also be allowed in Google Play so that app developers do not need to make separate versions of the APK for Play. Lots of app stores scrape Play for APKs, so we want the library included there too. Here's the general flow of the library, when the app starts (i.e.
- detect if Google Play
com.android.vendingis installed and signed by the correct certificate, and if so, do nothing
- detect if F-Droid
org.fdroid.fdroidis installed and signed by the correct certificate, and if so, do nothing
- launch dead simple, verified F-Droid download and install process
The library API does not need to be complicated, I think this would probably cover it:
As for verification, the library should embed the F-Droid APK signing key and perhaps the GPG key and use that to verify what it downloads. The library would always verify using the APK signing certificate, and if spongycastle was included, then it would also verify the GPG signature. It would download F-Droid from:
One other thing that this library could do is serve as an update nag for people who have F-Droid installed. We could make F-Droid respond to a query Intent for the latest version available, then this lib would allow apps to nag the user whenever they used the app to install the update.
sounds good to me. Has anyone started working on this? I assume we would need a AAR library with minimal dependencies so as to not bloat the original application.
@paresh it would be great if you wanted to start working on this! We know have an awesome use case for it: official Firefox updater: https://bugzilla.mozilla.org/show_bug.cgi?id=1192279