How secure is


[quote=“Manoj, post:17, topic:16316”]
The FOSS version of /e/OS will have only FDroid and a limited set of apps.
[/quote] For me, it seems to be the right way to go for /e/.

Then, users can install what apps they want, from every ‘store’ over the web. And stop complaining if after adding apps something went wrong… First of all, it’s up to the user to learn how to be careful. The first error is often ‘error 45’ ; error wich comes from 45 cm to the screen :rofl:

From /e/'s manifesto:

“/e/ intends to offer an alternative that can be used by people who are […] not IT specialists. Therefore, /e/ has to be as easy to use as market standards.”

So this FOSS /e/ version would be a welcome bonus mostly for people already comfortable with such tech, but /e/ wants to appeal to a broader audience.

I personally don’t use the Bliss launcher, but I can easily see why it is important for /e/'s mission.
I personally don’t use Magic Earth much, but I can easily see why it is important for /e/'s mission.
I personally don’t use the Apps installer currently, but I can easily see why it is important for /e/'s mission.

/e/ stays on its mission.

That being said, transparency is important for getting trust, so for the users who care about such things the APK source for the preinstalled Magic Earth App really needs to be explained. “Prove to us something’s not ok!” won’t do.


Yes, easy to use.

But on the way to ungoogling, I think /e/ has to explain and teach to ‘mom’n’dad’. Because they are the same users wich use PC running windows with plenty of bugs due to added softwares from everywhere, without any care. Windows claims to be easy to use and is really easy to bug :smiley: Then I’ll stop digressing…

I agree with the real need for transparency in all default /e/ features. Users need to be able to make informed choices without having to do extensive research on their own. Those who don’t want the ease of Android One…

1 Like

hi all, just to add my 2 cents to this:

  • I do agree that it will be best if there is transparency in the future about cleanapk
  • Let’s all not forget that /e/ is still in beta and they are doing their best with very small resources to make this project a success. I am sure that in the future cleanapk will turn into a more ‘official’ and transparent place for hosting the apps
  • In the meantime i trust 100% the devs and /e/ and the apps that are provided by /e/

This thread is a good example of how quickly things go off the rails. The original post was fairly clear.
An app included in the ROM is from a seemingly non official source. Which begs the questions…

  1. Why? Why is it not directly from the publisher? Does the publisher not provide APKs to ROM builders/integrators?
  2. Can it (the source) be trusted? Suffixing the download source to the name of an apk sometimes raises eyebrows. Is the apk untouched? Is the app you want inside a wrapper (lquite a number of download sites do just that)?

Arguably, the most trusted general download site is APKMirror. APKPure is right behind. Both verify the authenticity of apps and don’t allow mods, hacks, or paid items. I guess we can assume Magic Earth is safe.

Nowhere in the OP was mention of app stores or app installers. Since lanes were changed and tracks derailed I’ll comment on that. I don’t use Apps. Not because there’s anything wrong with it or anything, only because I already had in place other stores that I’m comfortable with.
Never had a need to question where it gets its apps from until the recent posts about the MEGA cloud storage app crashes. The version that crashes, 3.7.5, is from Apps. Play Store has version 3.7.4. If Apps gets items from GPlay and F-Droid, where is MEGA 3.7.5 coming from?
But that’s all.

There is an easy way to check this: compare APKs from apkpure with APKs from Google Play Store.

1- download the package from Apkpure
2- download exact same version package from Google Play (there are tools for this), and same architecture
3- unzip the packages in two directories (normal APK are ZIP files actually), like in dir1/ and dir2/
4- diff -r dir1 diff2

If you see no difference, the packages are the same.

I did the test with magic-earth-navigation-maps_7. armeabi_v7a and the diff shows no difference.

Apkpure is generally considered safe, as they don’t modify packages like some other APK repositories sometimes do.

So, the Magic Earth APK that we have in our prebuilt apk repository comres form apkpure.

However, I see that:
1- the package has not been updated recently, so we have to check this issue
2- I agree it would be safer to use the package directly from the initial source, so we are going to change this in next builds.

We will discuss this with the team on Monday.

Also, I’ll see with General Magic if they can provide latest builds directly to us.

And regarding Magic Earth in particular, expect some good news in the coming months.

Thanks for having raised this concern and stay tuned.


Thx for clarification. I would try to compare, but the version you are using in your sources
is not available in playstore


Th/e/y know they violate TOS and laws, but they do it anyway. Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

Hi @pandemonium,
Welcome to /e/land !

Th/e/y know they violate TOS and laws, but they do it anyway.

The /e/OS development team has to respect the rules dicted by the others software editors.
in this way they have managed the apps-installer.

Aurora seems to be a neutral Russian-Hackers service to connect the Goolag-Store. (NO MODIFICATIONS ON THE APPS ARE POSSIBLE)
Apkpure seems to be a store that redistribute the apps (MODIFICATIONS ON THE APPS ARE POSSIBLE)

Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

NO, the European Parliament is not a criminal association, and they refuse the anglosaxon notion of the software propriety.

Users make their choices
Don’t Forget that Gogol is a defrauder and stealer company.
Don’t Forget that many laws are illegitimate


haha what is it with these people who try to discredit /e/ …?

1 Like

The question is, can you steel something that’s free? How can websites such as apkpure exist? They would have been sued by Google, I’m sure. So probably they can’t. That would make it legal.


Ok, so the other side is trolling … and this here is then somehow different, substance-wise?
Apart from this “Tee-hee, in Kindergarten we spell evil companies wrong deliberately because they’re so evil, that will show them, tee-hee!” somehow never ever having a positive effect on the sincerity of an argument, but that’s just me :wink: .

That’s a stretch.
Not sueing doesn’t make stuff legal by default.

Perhaps when they felt bored and wanted to annoy /e/ at some point, Google’s legal department would start with looking at the /e/ logo, which screams at you “Hey, we took the Google ‘G’, mirrored it vertically, shortened the arc a little and slightly rearranged the colours, might that be just enough design change to prevent you from sueing us, Google :wink: ?”

Anyway, if the Google Play Store ToS are in play … which ones are they now?
There are and … both are “Google Play Terms of Service”, and they are different.

The first ones can be currently reached via e.g. the Play Store website and seem more lenient to me, while the second ones include section 3.3, which was brought up in Play Store access arguments in the past, it seems.

Edit: Ah, there’s a hint in the company name … they are currently “Google LLC”, while they were “Google Inc.” in the past, so it would seem the second ToS are obsolete.

So, how are /e/ violating the Google Play Store ToS then?
(I almost forgot my question, and I baselessly blame you all :slight_smile: .)

1 Like

I think you missed this: “So probably they can’t.” It was about apkpure, existing since 2014, still does. I think you cant forbid spreading free apps. You can’t steel free stuff.

Stealing has something to do with property, and nothing with whether there’s a price tag.
But that’s not the point anyway.

You can violate terms without stealing, question is: does anybody violate terms here?

Just want to come back to the initial question.

I personally do not mind that apps come from. But as Magic Earth is a system app and as some kind of agreement with them, wouldn’t it be possible to get it directly from MagicEarth - as Google, Amazon and Apple are doing? That could even allow /e/ to appear on their website as source for their app (see attached mockup).
I am not a tech person but if this would be possible other app developers could deliver their apps as well directly.
So my question would be: Would that be feasible without too much technical effort?


I trust more ApkPure than Google’s Play Store, hahaha. :rofl:

Sorry couldn’t resist.


Read here:  


People can upload altered apps to Apkpure which means they could be infected with a nefarious payload or backdoor. APK Pure might tell you if the signature is different from the actual app but it will still let you download an altered app. I do get the need to use third party app stores at times but I try to at least limit my use to only when needed.

If you want trusted apps use:
Aurora - From F-droid. It downloads directly from the PlayStore.

Do you know Exodus Privacy? It shows a list of trackers and permissions of many Android apps. Wonderful organisation.
MagicEarth has zero trackers. Not bad!

Mega has one tracker: Google Firebase Analytics.

1 Like

Pls have a look here

And for tracker checking ClassyShark from f-droid is much better