A few days back I got an update for K-9 Mail through App Lounge that broke the app for me. It turned out that the update was a pre-release that hadn’t been published neither on Google Play nor F-Droid by the developers. And yet App Lounge still pulled it from somewhere (the developers suggested GitHub). I realise now that I’ve been getting the latest pre-releases all the time, and had no idea that I’d been on beta software. This is kindof alarming to me. Nowhere in the settings of App Lounge can I find an option to control this. In fact, I can’t see anywhere where any particular app is pulled from, be it Googly Play or F-Droid or somewhere else. How is this in line with /e/'s philosophy of privacy and security?
Why can’t you see and select which repository and channel an app is pulled from?
TL;DR cleanapk is in the loop and unaware of 'suggested' and so is AppLounge
Issue is twofold, cleanapk API response that provides search and package from F-Droid doesn’t know about ‘suggested’. A workaround would be for cleanapk to just respond with the ‘suggested’ package as the only search hit for the appid. But at least for k9mail this isn’t what is happening[1].
If the API would be aware of ‘suggested’, cleanapk would need to return many versions per appid at least up until the ‘suggested’ version and the appstore client needs to incorporate it in in their model as to what version to pick for installation as per user-preference. None of that exists in source code.
[1] - F-Droid in fact has the 6.90x versions of k9 currently published in parity to github-releases (6.903 from 28/06 and 6.904 from 01/07). Cleanapk currently returns only the latest (and not ‘suggested’) version of the com.fsck.k9 package - the 6.904 version.
Is there any more information available about who owns & operates cleanapk than there was a couple of years ago? Or are they still the same anonymous, ‘trust us because @GaelDuval says you can trust us’ outfit as they were back then?
The same happens on my device, even though I have deactivated updates of apps that had been installed from other app stores (in my case: F-Droid).
So the behavior might be ok (=works as specified) if App Lounge is set to update apps installed from other app stores, but doing so when this setting is disabled is clearly a bug.
@GaelDuval
So do you plan to make App Lounge capable of showing and setting which original repositories (e.g. Google Play/F-Droid) and channels (e.g. stable/pre-release) APKs are actually retrieved from?
I’d fix this in cleanapks API response until AppLounge is aware of release channels. F-Droid had some changes around how it marks beta releases when moving from their v1 to the v2 index format, left that in the open gitlab issue.
no. Whenever I give insight into how things work in Applounge because I’m reading a bit of code you take it as a call to finally solve the whodunnit. I’d be thankful if you could do this in a dedicated thread.