I tried the app, not for me. I use fairemail and dev wants you to check every github apk update sha256. So i do that manually via a script because i bought the app. Obtainiun i guess does it all for u. But i need to see the matching hash before i install. Obtainium doesnt do that. So game over for me.
Actually I think if you use this URL you’ll get the latest stable release. Also, most of the apps can be obtained this way.
1 Like
How can one verify hashes etc on a phone?
Or do you download the apk and verify the sig on a desktop then sideload?
I use termux specifically for fairemail with my script. But other apps i use deadhash from fdroid. There are other apps from fdroid that can verify an apk’s hash.
Yes, but if I am not mistaken we can’t add the url to an RSS feed?
I actually figured out lately that Obtanium can now install apps directly from apkpure. Which makes it possible to update almost all apps from google play.
3 Likes
That sounds intriguing, indeed. I started using Obtainium for some FOSS apps, which I did want to wait for FDroid release for. If I used Obainium for all FDroid apps and started installing the last few apps from Google Play (banking stuff, etc.) with Obtainium as well, I might be able to install and update everything from a single application. That would be a revolutionary improvement on Android app management, in my book.
2 Likes
Is APKPure trustworthy?
1 Like
Well as they have the same signatures of the apks we know they are signed by the developers.
I recently did a factory reset and started my setup from scratch, and I managed to obtain all the apps that I use from Obtainium.
It’s truly an amazing tool, and it keeps getting better. Not only should it be recommended on Privacy Guides, but it should be the top recommendation for obtaining apps.
@Anonymous49
Aurora downloads directly from Play Store.
APK Pure supposedly does verification on their end, hopefully in the form of pinning, but that is up in the air for any of those sites.
Neither are a replacement for F-Droid.
F-Droid has strict rules on compiling from source and often times builds different variants or patches issues out themself.
eg. OSMAnd and Aves Gallery on Play Store contains proprietary libraries, but F-Droid variant does not.
3 Likes
I prioritize apps compiled by F-Droid, then F-Droid 3rd party repositories and GitHub. The thing that I love about Obtainium is that you can obtain apps from F-Droid repository or 3rd party repos using it.
You can download apps directly from github using obtainium no need for F-Droid
1 Like
How are you guys using obtainium to install from such sources like APKpure? I tried html link and it says forbidden?
The whole point of obtanium is to get directly from the app dev’s github/gitlab page itself and avoiding third party sites such as apkpure.
If you are getting it from apkpure, might as well get it from the PlayStore itself (via Aurora)
1 Like
This is no longer the case as the dev has (finally) decided to offer it on Github.
1 Like
Does anyone have any comments about the security of the other third party sources that Obtanium can download from? Looking at Aptoide now, which seems to have a few apps that are missing from APKPure for me like Duo Mobile and Lyft.
I just noticed they added support for APKPure, Aptoide and Huawei AppGallery! Very nice.
Are these websites trustworthy? And in what order (for apps available from multiple sources)?
@dairymilkbatman
for APKPure you need to remove the m. from the link when you paste it before saving.
1 Like
The only study I could find on this issue is from 2017. Not sure how relevant it is today.
Nonetheless, they rank Aptoide highest on their “security index,” which takes into account the rate of benign apps, whether there is a user review system, explanation of app permissions, whether there is a report system, whether there is a safety badge (specifically for virus-checking), and whether they use HTTPS.
I don’t see any mention of APKPure or the Huawei AppGallery in this particular study.
Since this study was published, Aptoide has suffered a major data breach, but I’m not sure whether that would have any implications for the security of apps installed through Obtainium.