How secure is apkpure.com?

@harvey186 you asked me two question and I replied to that.
On your query about the Magic earth app as the documentation mentions we have an understanding with the Magic Earth folks which gives us access to their apk which is what can be updated from App Installer or gets added to the ROM.
This is my understanding of the issue I can check and update if that is not the case.

Sorry. it’s seems we don’t get together.

If the Magic Earth dev are giving you access to the apk, so why is it from apkpure ?
Magic_Earth_Navigation_Maps_v7.1.20.2.9A95B974.C17C098B_apkpure.com.apk

1 Like

For me, there are to much different statements about the apk sources. So I make my own solution:
I have searched the web about apkpure and don’t find any negativ argument. So it seems to be OK.

For myself, I don’t trust any third party apk location. So I won’t use any app which is not ftom origin like f-droid, github, developer itself or playstore (via Aurora)

And for me, the case is closed

2 Likes

I guess the questions come back because it is never answered. Why go in defense mode? The fact that magic earth comes from ApkPure, suggest all non FOSS Apps come from ApkPure. It would not make sense if /e/ has a mechanism to download from Playstore, to fetch Magic earth from ApkPure. Now ApkPure maybe 100% safe, i don’t know. I’m sure /e/ has investigated this, why not be open about it? Saying “oh go check yourself” and tell us something is wrong, that is disappointing for me. Just tell users where Apps come from, and what /e/ did to verify these.

1 Like

My PI-Hole tells me, that the app installer is connected to cleanapk.com That’s why I have talked in my last post about ‘to much different statements about the apk sources’

1 Like

Yes, i think cleanapk, is an “in-between” to fetch from Fdroid and ApkPure. I really don’t mind if this is the case, people can decide for themselves. Now you don’t know where apps are coming from. Maybe there is a signature check mechanism on cleanapk, that would also be fine. If checksum is o.k, you can’t change one single bit.

Hello.

[quote=“Manoj, post:17, topic:16316”]
The FOSS version of /e/OS will have only FDroid and a limited set of apps.
[/quote] For me, it seems to be the right way to go for /e/.

Then, users can install what apps they want, from every ‘store’ over the web. And stop complaining if after adding apps something went wrong… First of all, it’s up to the user to learn how to be careful. The first error is often ‘error 45’ ; error wich comes from 45 cm to the screen :rofl:

From /e/'s manifesto:

“/e/ intends to offer an alternative that can be used by people who are […] not IT specialists. Therefore, /e/ has to be as easy to use as market standards.”

So this FOSS /e/ version would be a welcome bonus mostly for people already comfortable with such tech, but /e/ wants to appeal to a broader audience.

I personally don’t use the Bliss launcher, but I can easily see why it is important for /e/'s mission.
I personally don’t use Magic Earth much, but I can easily see why it is important for /e/'s mission.
I personally don’t use the Apps installer currently, but I can easily see why it is important for /e/'s mission.

/e/ stays on its mission.

That being said, transparency is important for getting trust, so for the users who care about such things the APK source for the preinstalled Magic Earth App really needs to be explained. “Prove to us something’s not ok!” won’t do.

2 Likes

Yes, easy to use.

But on the way to ungoogling, I think /e/ has to explain and teach to ‘mom’n’dad’. Because they are the same users wich use PC running windows with plenty of bugs due to added softwares from everywhere, without any care. Windows claims to be easy to use and is really easy to bug :smiley: Then I’ll stop digressing…

I agree with the real need for transparency in all default /e/ features. Users need to be able to make informed choices without having to do extensive research on their own. Those who don’t want the ease of Android One…

1 Like

hi all, just to add my 2 cents to this:

  • I do agree that it will be best if there is transparency in the future about cleanapk
  • Let’s all not forget that /e/ is still in beta and they are doing their best with very small resources to make this project a success. I am sure that in the future cleanapk will turn into a more ‘official’ and transparent place for hosting the apps
  • In the meantime i trust 100% the devs and /e/ and the apps that are provided by /e/
5 Likes

This thread is a good example of how quickly things go off the rails. The original post was fairly clear.
An app included in the ROM is from a seemingly non official source. Which begs the questions…

  1. Why? Why is it not directly from the publisher? Does the publisher not provide APKs to ROM builders/integrators?
  2. Can it (the source) be trusted? Suffixing the download source to the name of an apk sometimes raises eyebrows. Is the apk untouched? Is the app you want inside a wrapper (lquite a number of download sites do just that)?

Arguably, the most trusted general download site is APKMirror. APKPure is right behind. Both verify the authenticity of apps and don’t allow mods, hacks, or paid items. I guess we can assume Magic Earth is safe.

Nowhere in the OP was mention of app stores or app installers. Since lanes were changed and tracks derailed I’ll comment on that. I don’t use Apps. Not because there’s anything wrong with it or anything, only because I already had in place other stores that I’m comfortable with.
Never had a need to question where it gets its apps from until the recent posts about the MEGA cloud storage app crashes. The version that crashes, 3.7.5, is from Apps. Play Store has version 3.7.4. If Apps gets items from GPlay and F-Droid, where is MEGA 3.7.5 coming from?
But that’s all.

There is an easy way to check this: compare APKs from apkpure with APKs from Google Play Store.

Method:
1- download the package from Apkpure
2- download exact same version package from Google Play (there are tools for this), and same architecture
3- unzip the packages in two directories (normal APK are ZIP files actually), like in dir1/ and dir2/
4- diff -r dir1 diff2

If you see no difference, the packages are the same.

I did the test with magic-earth-navigation-maps_7.1.20.16.1A44191D.892EDFD5 armeabi_v7a and the diff shows no difference.

Apkpure is generally considered safe, as they don’t modify packages like some other APK repositories sometimes do.

So, the Magic Earth APK that we have in our prebuilt apk repository comres form apkpure.

However, I see that:
1- the package has not been updated recently, so we have to check this issue
2- I agree it would be safer to use the package directly from the initial source, so we are going to change this in next builds.

We will discuss this with the team on Monday.

Also, I’ll see with General Magic if they can provide latest builds directly to us.

And regarding Magic Earth in particular, expect some good news in the coming months.

Thanks for having raised this concern and stay tuned.

11 Likes

Thx for clarification. I would try to compare, but the version you are using in your sources
Magic_Earth_Navigation_Maps_v7.1.20.2.9A95B974.C17C098B_apkpure.com.apk
is not available in playstore

Because:

Th/e/y know they violate TOS and laws, but they do it anyway. Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

Hi @pandemonium,
Welcome to /e/land !

Th/e/y know they violate TOS and laws, but they do it anyway.

NO,
The /e/OS development team has to respect the rules dicted by the others software editors.
in this way they have managed the apps-installer.

Aurora seems to be a neutral Russian-Hackers service to connect the Goolag-Store. (NO MODIFICATIONS ON THE APPS ARE POSSIBLE)
Apkpure seems to be a store that redistribute the apps (MODIFICATIONS ON THE APPS ARE POSSIBLE)

Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

NO, the European Parliament is not a criminal association, and they refuse the anglosaxon notion of the software propriety.

Users make their choices
BUT
Don’t Forget that Gogol is a defrauder and stealer company.
Don’t Forget that many laws are illegitimate

3 Likes

haha what is it with these people who try to discredit /e/ …?

1 Like

The question is, can you steel something that’s free? How can websites such as apkpure exist? They would have been sued by Google, I’m sure. So probably they can’t. That would make it legal.

2 Likes

Ok, so the other side is trolling … and this here is then somehow different, substance-wise?
Apart from this “Tee-hee, in Kindergarten we spell evil companies wrong deliberately because they’re so evil, that will show them, tee-hee!” somehow never ever having a positive effect on the sincerity of an argument, but that’s just me :wink: .

That’s a stretch.
Not sueing doesn’t make stuff legal by default.

Perhaps when they felt bored and wanted to annoy /e/ at some point, Google’s legal department would start with looking at the /e/ logo, which screams at you “Hey, we took the Google ‘G’, mirrored it vertically, shortened the arc a little and slightly rearranged the colours, might that be just enough design change to prevent you from sueing us, Google :wink: ?”


Anyway, if the Google Play Store ToS are in play … which ones are they now?
There are https://play.google.com/about/play-terms/index.html and https://www.google.com/mobile/android/market-tos.html … both are “Google Play Terms of Service”, and they are different.

The first ones can be currently reached via e.g. the Play Store website and seem more lenient to me, while the second ones include section 3.3, which was brought up in Play Store access arguments in the past, it seems.

Edit: Ah, there’s a hint in the company name … they are currently “Google LLC”, while they were “Google Inc.” in the past, so it would seem the second ToS are obsolete.

So, how are /e/ violating the Google Play Store ToS then?
(I almost forgot my question, and I baselessly blame you all :slight_smile: .)

1 Like

I think you missed this: “So probably they can’t.” It was about apkpure, existing since 2014, still does. I think you cant forbid spreading free apps. You can’t steel free stuff.

Stealing has something to do with property, and nothing with whether there’s a price tag.
But that’s not the point anyway.

You can violate terms without stealing, question is: does anybody violate terms here?