this post was submitted on 23 Oct 2023
24 points (100.0% liked)

F-Droid

8084 readers
32 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago
MODERATORS
 

I have installed Davx5 from F-Droid, from IzzyOnDroid Repo. Today I have checked for updates with the Google playstore and the App was updated to the playstore variant. I thought this isn't possible? What's going on here?

top 7 comments
sorted by: hot top controversial new old
[–] Matt@lemdro.id 28 points 1 year ago (2 children)

The apps on IzzyOnDroid are built by the original developers and likely signed with the same key as the version on Google Play. As a result, Google is able to update them. Apps in the official F-Droid repository are signed by F-Droid. As a result, the keys are different and won't be updated by the version from Google.

[–] underscores@lemmy.dbzer0.com 10 points 1 year ago* (last edited 5 months ago)

It can also happen with apps from the main repo. If the app is reproducible (about 5% so far, most new apps) then F-Droid will use the developer signature.

[–] laskobar@feddit.de 4 points 1 year ago

This makes sense. Yes, I have paid in the playstore for this app (and I would do it again and again). But if I understand it correctly this would also mean, I could download their v4.3.8-ose from the official GitHub repo for free, and it would be updated automatically from Playstore to v4.3.8-gplay version (which is not free). Strange.

But this app is worth every penny.

[–] Moonrise2473@feddit.it 5 points 1 year ago (1 children)

Izzydroid repo is using the dev signature, play store has an option to use the dev signature instead of Google signature. Same signature = update allowed

TIL there's an option to have Google sign an app. Seems a bit sketchy to me.

[–] sic_semper_tyrannis@feddit.ch 3 points 1 year ago

All of my apps that are downloaded not from the Aurora store can be updated via Aurora. I have to blacklist them in Aurora so I don't accidentally update them there. Many applications offer their "pro" versions for free in fdroid or just on Github and it's up to you to choose to donate or not. OSM And~, Retro Music, Lemuroid, Notesnook, Voyager, Quillpad, FUTO Voice Input are all from Fdroid and I've needed to blacklist them. Even BlueWallet downloaded via Obtanium from Github is recognized in Aurora.

[–] arirr@lemmy.kde.social 1 points 1 year ago

They both have the same signing keys. The F-Droid repo uses the F-Droid signing keys unless the build is reproducible.