FUTO Store - FUTO is planning to create an app store

They’re already hiring engineers for the job: https://futo.org/jobs/

In my opinion, they should’ve just funded Accrescent or F-Droid, but maybe they will do something unique like they did with Grayjay, we will have to wait and see.

4 Likes

Maybe they will offer iphone apps in future in the same store :smiley:

inclinded to agree. Eventually we will need an app store for each app we want to download xd.

4 Likes

Grayjay will be available on Accrescent anyways, at least that’s what one of the engineers of Grayjay told me.

Well, if they keep (their version of) open source license, I expect it to be available in multiple places

Am I the only one that want to use just one Application Store instead of trusting multiple?

4 Likes

I know that what I’m going to ask is a bit of a drama or politics but I need to ask.

What is Accrescent project relation with GrapheneOS? And how it can supposedly affect FUTO’s apps presence?

I mean, from the FUTO side kinda sound a necessary move to explore an alternative to Accrescent if they can’t trust that the project will be agnostic.

Why not simply use a custom FDroid repository?

Just like with video games launchers - everyone wants to be new Steam Google Play Store

3 Likes

Accrescent intentionally does not support third-party repositories and has no plans to support them. There are a few technical reasons for this. For one, supporting third-party repositories breaks the Android security model. Android assumes one app (e.g. Accrescent) is a single app source. When this assumption is broken, bad things can happen. For example, say Accrescent supported third-party repos and is integrated into an Android-based OS as a first-party app source. If a given user or work profile is restricted from installing apps from third-party sources by an MDM or OS settings, they could trivially bypass said restrictions by adding a third-party repository.

Another reason Accrescent doesn’t support third-party repos is lack of available security features. The chain of trust between Accrescent and the signed repository metadata would be weakened since Accrescent can’t reasonably maintain a list of hardcoded keys for all third-party repos. TLS certificate pinning is also impractical to implement for third-party servers.

4 Likes

I don’t think we need a accrescent competitator not untill it is flooding with apps atleast.

We need to make a fdroid-accrescent migration tool that is supervised by a human.

I get the security reasons, but tbf to F-Droid, 3p repos must be added to (implicit trust) by the end user.

I see this as similar to plugins in Browsers. I’d rather the Browser be extensible (despite the fact that plugins literally have access to unencrypted user data) than have the Browser-maker preempt and impose all their decisions on me.

Interoperability has its warts but I’d not want to completely eliminate it. Ironically enough, Apple & Google have been locking things up in the name of security, too; some of it is warranted (ex: root) but some of it takes things too far (ex: Play Integrity).

2 Likes