Yeah I get that. I know the developer reviews each app to make sure it is safe, but Accrescent is still in alpha and the review process is certainly going to change from the way it works now, although apps would still be vetted. I just don’t fully understand how that process works. I do know there is somewhat strict requirements for what permissions are asked for but beyond that I am not sure.
As for the sudden increase in funds needed, I do not believe it is actually that. From my understanding it seems to be more that the developer decided to “fish or cut bait,” as in it’s either going to become a more full-time project for him with payment being the funding, or he’s going to drop all but maintenance on it and not work on more features. As of right now he’s been trying to work out of his own pocket, and he likely realized that it was increasingly difficult.
As for never hearing about it before, I searched through this forum and found a couple posts about it I thought we’re interesting from when it first became a thing: Accrescent
This one for example. Maybe she’s more light on it. Plus the website seems to have good information as well.
I love the work Accrescent is doing, but getting up to $5,800/month in two months seems very unlikely just from donations.
Maybe this is uncalled for, but could Accrescent get a grant from FUTO for the time being? I know they have supported other FOSS projects with grants. FUTO is also building an app store of their own. If developer values and interests align, this might be a good opportunity for some collaboration?
There are some differing opinions on FUTO, but their stance on small developers needing to get paid for their work or having some way to sustainably fund their projects absolutely applies here. We have lost some great software projects just due to developers not being able to support themselves long term with only donations here and there.
We recently discovered that an unprecedented Monero donation of ~$16,062.50 was received in the short time after we totaled the latest values for this article but before it was posted. We’ve updated the above section to reflect that its values were totaled on July 25th for clarity and added this note for transparency since it was previously implied that the above values were up-to-date as of this article’s publication. We apologize for the inaccuracy.
Because this is a significant donation, we will be posting an update on our social media accounts soon about what this means for the project. Thank you for your support!
Although that amount can fund their hosting costs for years, that is only around 3-4 months or full-time funding for a developer.
Most of their anticipated funding may be sourced from grants and large-scale anonymous donations like these. I don’t know if a crowdsourced fundraising campaign can beat that in the long run.
if the developers don’t mind working part-time or on a volunteer basis, they are pretty much set. It is much harder to fund full-time developers, which sets the bar even higher.
Which apps from their repo/app store do you use? Are these apps something that you were unable to find elsewhere that suited your needs? They must be working alright for you if your still using them and going to throw a few duckets their way. Seems the community has came together and piled quite the stack. If that’s going to be sustainable or not though. One time push to save a ship that’s taking on water and will eventually be in the same situation in the future possibly in need of another push to save er again. I am curious as to which apps users have found useful!!
The apps that are on Accrescent are generally speaking not there exclusively, but can be found elsewhere. For example, Molly, IVPN, Cryptomator, and Cakewallet are probably the most well-known apps there. There are also Aves gallery, Arcticons icon packs, Auxio, and a couple other more well know ones, and several random ones thrown in too. There is incentive to install the apps specifically from Accrescent if available though. The reason to install them from Accrescent vs other app stores is stronger for GrapheneOS users: for them, the chain of trust for installing an app is completely unbroken. This is because the GrapheneOS App store has Accrescent, so they can be 100% sure they’re getting the real thing. Then, any app uploaded to Accrescent is signed by the developer himself so you can be sure the app you downloaded is the real one, and so on and so on.
I will also add a sidenote that I have found Accrescent’s app auto-update to be a lot more reliable than different front ends I’ve tried for F-droid, and even better than Google play.
I might be missing something here and please don’t take anything I say the wrong way because I’m just shooting the shit for conversation sake and nothing more but what’s the benefit to using this app store? A dev being able to sign their apps with their own key is a good way to do things but that doesn’t make the app safer in retrospect an app developer writing a malicious program and signing it with their key or a random key. That system works great once a developer and/or an app has established themselves. Verifying that the app is signed by the developer is a good way to make sure someone hasn’t changed the app. Even tho it seems like such common practice these days for there to be multiple key signers or the app store runs it so they are the ones signing the app. Either way, it’s trusting someone else. It might even be better looking at it from the perspective that maybe it’s better if there is a small group of devs that sign all of the apps for the app store. I guess it depends on the way you look at it and each situation has its positives and it’s negatives. But back to this particular app store I just think that its going to be tough for this app store to survive giving the huge cost increase. Especially if the apps are already available on other stores, even more so if it’s an established app/developer then I think it makes it even tougher for these guys to be able to continue after they go through this cash influx and will eventually need to rally everyone together again for another dono push. I don’t know shit tho and maybe this becomes the next go to app store!!
Haha yeah no you’re good. I’m not 100% fluent at what the devs do to ensure the safety of apps on the store, so I’ll refer you to Accrescent’s website: Publishing requirements - Accrescent Documentation
I found it somewhat easy to read at least to glace over. I’m not super technically inclined so I don’t fully understand what everything is but I get the gist of it haha.
The reason for having the devs sign their own apps is to strictly keep Android’s trust model intact. If the app store devs were to sign it, it would place trust in the app store as well as in the developers, thus making 2 point of trust. When developers sign their own apps, it removes that second trust link and puts it all back on the developer, who you have to trust anyway since they are programming the app (unless it’s open source, but even that doesn’t mean it’s safe).
As of right now, there aren’t really any app stores that follow Android’s trust model to this degree, as well as having the privacy of no account, and minimal telemetry. There are some that are more private but break the security model, and there’s Google Play that is generally quite secure but privacy is essentially non-existent.
Because they didn’t spell it out, I will.
Their new directory service calculates app compatibility server side, which relies on sending a plethora of device information to their servers for processing.
This allows them to calculate both general analytics as well as potentially create fingerprints of users when paired with other identifiers such as IP addresses and apps requests.
This is in direct opposition to alternatives such as F-Droid where all calculations are done client side and many mechanisms are in-place to reduce server side tracking, such as E-Tag minimization and processing of requests by mirrors to prevent centralized collection.
I get Transcribro, IronFox, and Inter Profile Sharing from Accrecsent. Its just easier for me to get them from there since all I need to do is install Accresent from the GrapheneOS store, open Accrescent, and boom app install. I could install them from somewhere else, but I don’t have a reason to right now
This might be jumping to conclusions. The way they phrased it in the blog post just makes me think they now can provide the necessary metadata to Accrescent clients for them to determine app compatibility, and to also pick things like localized descriptions. It does feel a bit sparse on details on how exactly this is done, which I hope they substantiate in the future.
Accrescent requests all app metadata from the directory service. This includes:
Which apps are available in the store
Whether an app is compatible with the device
App descriptions and icons
How large an app is
Whether updates are available
Where to download an app’s APKs
etc.
Accrescent can then download an app’s files from the app repository as before. The key difference from our previous architecture is that app metadata is dynamic. Thus, it can adapt to users’ different devices and languages on-demand.
Thank you for this. It does seem like it could potentially be used for fingerprinting, a bit disappointing. But we have to wait and see what ends up in production, I guess.
Apologies if I came across as harsh, was just curious, is all.
