this post was submitted on 13 May 2025
574 points (99.0% liked)

Technology

69999 readers
4361 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
574
Nextcloud cries foul over Google Play Store app rejection (www.theregister.com)
submitted 2 days ago by GertrudGoethe@feddit.org to c/technology@lemmy.world
84 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] skip0110@lemm.ee 141 points 2 days ago (6 children)

Just switch to the F-Droid version.

Better: make sure all the apps you use come from F-Droid

[–] Blip6338@lemmy.ca 114 points 2 days ago (1 children)

This works very well for tech enthusiasts and people who self-host nextcloud at home.

The issue is when you are a government or university, it becomes harder to get all your users (which are probably not all tech savvy) to install a third party app store deal with the Android warnings about installing from third-parties, etc etc.

And this is probably the user base Google are targeting with this move (assuming it's malicious) . When the higher ups complain that their files are not syncing and need to install things with a special procedure they sometimes wonder why they are not using M365 or Google which seems hassle free.

[–] Pika@sh.itjust.works 36 points 2 days ago

Not to mention the "see this big alert saying this isn't safe? Well for this one time it /is/ safe so do so" While curbing the mentality of "oh it was safe last time so it must be safe this time"

[–] Teknikal@eviltoast.org 2 points 1 day ago

I installed a few apps from F-Droid that the play store decided to just take over instead and updated them. I think antennapod and signal.

No way to stop it as far as I can tell.

[–] 0x0@lemmy.zip 13 points 1 day ago (1 children)

Obtaniun > F-droid > Aurora

[–] sommerset@thelemmy.club 4 points 1 day ago (1 children)

What is the point of obtainium ? Over fdroid?

[–] Wispy2891@lemmy.world 6 points 1 day ago (1 children)

You get apps a couple days earlier

But it comes with a huge downside: if dev goes rogue or gets hacked, you could install a malicious version of the app that doesn't match the source

[–] 9488fcea02a9@sh.itjust.works 1 points 20 hours ago (1 children)

"If dev goes rougue"

Isnt that a risk for all app stores?

[–] Wispy2891@lemmy.world 1 points 13 hours ago (1 children)

For fdroid the app is compiled on fdroid servers when dev tags a new release on GitHub. So the app matches the source, it's not possible to put a tainted APK to download

Now, if the malicious code is slowly added to the source over the course of an year like it happened with the xz utils, this won't change the result, but it's easier to do so with a compiled binary. Release clean source and infected binary, it will take a longer time to get caught

For the closed source app stores, on iOS there's the manual inspection (which is not infallible especially if they timebomb or geofence the bad feature) and for Google there's the automated inspection (which fails often seeing the news) that should find problems

[–] 9488fcea02a9@sh.itjust.works 1 points 11 hours ago

What if fdroid goes rogue or gets hacked?

I'm an fdroid user, but i often wonder if it is safer than google play store

Likelihood of google getting hacked/rogue is much lower than a small, community run volunteer project

[–] Gibibit@lemmy.world 23 points 2 days ago* (last edited 1 day ago) (6 children)

It's not as simple as telling people to use F-Droid. People with non-rooted phones won't get automatic updates via F-Droid which is a big hurdle. Unless I'm misremembering? I wouldn't know because I run rooted CalyxOS now. Last time I used F-Droid on a plain Android phone is a while ago for me.

[–] claymore@pawb.social 29 points 2 days ago (1 children)

They added that a while ago for all users on Android 12 and up

[–] exu@feditown.com 5 points 2 days ago (1 children)

In the Basic version only, last time I checked the "original" F-Droid couldn't do it. And there's also some minimum API level an app has to target to be eligible for automatic updates (found that out through updating microg and having to click "update" still)

[–] sem@lemmy.blahaj.zone 11 points 1 day ago

I have the regular F-droid and it does automatic updates now.

[–] SaharaMaleikuhm@feddit.org 5 points 1 day ago

My phone is not getting CalyxOS updates anymore. Gotta wipe it all and move to lineageos now. Man I hate mobile operating systems. I need good linux phones right now. Android can go to hell.

[–] mp3@lemmy.ca 14 points 1 day ago* (last edited 1 day ago)

People with non-rooted phones won’t get automatic updates via F-Droid which is a big hurdle.

Not true if the app to update targets a high enough API version (I think API 34 or 35) and if you use F-Droid Basic.

NOTE: The Basic version of F-Droid Client has a reduced feature set (e.g. no nearby share and no panic feature). It targets Android 13 and can do unattended updates without privileged extension or root.

[–] idefix@sh.itjust.works 14 points 2 days ago

I have automatic upgrades on my non-rooted phone. I use droidify but i'm pretty sure the official F-droid client works the same way.

[–] anamethatisnt@sopuli.xyz 11 points 2 days ago

I get update notifications from f-droid but have to update inside the f-droid app.

[–] cyberwolfie@lemmy.ml 6 points 1 day ago (2 children)

I run CalyxOS and have automatic updates from F-Droid.

[–] PlutoniumAcid@lemmy.world 0 points 1 day ago

But it won't work on your dad's stock Samsung Galaxy, right?

[–] Gibibit@lemmy.world -1 points 1 day ago

Yes, so do I. I phrased that a bit weird when I read it again 😅

[–] kittenzrulz123@lemmy.blahaj.zone 7 points 2 days ago (2 children)

Obtainium is better, get the apps directly from the source

[–] grue@lemmy.world 35 points 1 day ago (1 children)

I actually like that the F-Droid maintainers check over the apps and warn about anti-features/stop offering new versions if they enshittify.

[–] Reverendender@sh.itjust.works 5 points 2 days ago (1 children)

Expand on this please. I am unfamiliar.

[–] kittenzrulz123@lemmy.blahaj.zone 5 points 2 days ago (1 children)

Its an open source software manager, you put in a source (like github) and it manages it (even doing auto updates).

[–] Reverendender@sh.itjust.works 1 points 1 day ago (1 children)

I’m sorry, you lost me

[–] kittenzrulz123@lemmy.blahaj.zone 2 points 1 day ago

Basically it automatically installs and updates software directly from the developers with no middle man

[–] sunzu2@thebrainbin.org 5 points 2 days ago (1 children)

YAS KING!

As side note, for the uninitiated, it is a process. Check Fdroid first for all your apps. Many are there but some are not. This should prompt you to look for alternatives.

It is a journey but remember denying corpo parasite engagement and profit is the direct action any one can take today!

[–] zqps@sh.itjust.works 1 points 1 day ago

Also check out Droid-ify instead. Same repos but much better UX than the native F-Droid client.