App Lounge installs pre-release updates


A few days back I got an update for K-9 Mail through App Lounge that broke the app for me. It turned out that the update was a pre-release that hadn’t been published neither on Google Play nor F-Droid by the developers. And yet App Lounge still pulled it from somewhere (the developers suggested GitHub). I realise now that I’ve been getting the latest pre-releases all the time, and had no idea that I’d been on beta software. This is kindof alarming to me. Nowhere in the settings of App Lounge can I find an option to control this. In fact, I can’t see anywhere where any particular app is pulled from, be it Googly Play or F-Droid or somewhere else. How is this in line with /e/'s philosophy of privacy and security?

Why can’t you see and select which repository and channel an app is pulled from?

Best would be to report an issue:

1 Like

@Marsupilami If you do open this ticket, could you please link it back here? I’d be interested in the outcome, and I imagine others would be as well.

1 Like

this bug / missing functionality is plenty reported and survived the Apps rewrite into AppLounge

TL;DR cleanapk is in the loop and unaware of 'suggested' and so is AppLounge

Issue is twofold, cleanapk API response that provides search and package from F-Droid doesn’t know about ‘suggested’. A workaround would be for cleanapk to just respond with the ‘suggested’ package as the only search hit for the appid. But at least for k9mail this isn’t what is happening[1].

If the API would be aware of ‘suggested’, cleanapk would need to return many versions per appid at least up until the ‘suggested’ version and the appstore client needs to incorporate it in in their model as to what version to pick for installation as per user-preference. None of that exists in source code.

[1] - F-Droid in fact has the 6.90x versions of k9 currently published in parity to github-releases (6.903 from 28/06 and 6.904 from 01/07). Cleanapk currently returns only the latest (and not ‘suggested’) version of the com.fsck.k9 package - the 6.904 version.

Workaround is to use the F-Droid client.


Is /e/ still using cleanapk after all this time?

Is there any more information available about who owns & operates cleanapk than there was a couple of years ago? Or are they still the same anonymous, ‘trust us because @GaelDuval says you can trust us’ outfit as they were back then?

Yes for FDroid and PWA apps until we take over it (which is low priority compared to other projects)

The same happens on my device, even though I have deactivated updates of apps that had been installed from other app stores (in my case: F-Droid).
So the behavior might be ok (=works as specified) if App Lounge is set to update apps installed from other app stores, but doing so when this setting is disabled is clearly a bug.

So do you plan to make App Lounge capable of showing and setting which original repositories (e.g. Google Play/F-Droid) and channels (e.g. stable/pre-release) APKs are actually retrieved from?

On the select your own repository, we do have a feature request which we plan to take up ASAP.

In one of the reported issues it says ‘Aurora doesn’t offer…’

It actually does these days.

1 Like

ah ok good to know.

I’d fix this in cleanapks API response until AppLounge is aware of release channels. F-Droid had some changes around how it marks beta releases when moving from their v1 to the v2 index format, left that in the open gitlab issue.

Are you a maintainer for Is that a spare time hobby, or is maintained by /e/?

no. Whenever I give insight into how things work in Applounge because I’m reading a bit of code you take it as a call to finally solve the whodunnit. I’d be thankful if you could do this in a dedicated thread.