Does it have any implications for /e/ users? IIRC, /e/ store apps were just leeched from APKPUre, no? (Fact-check, though, I’m just writing it off the top of my head).
2 Likes
It’s the APKPure app itself that had malware, not the APKs they host. So /e/ should be safe as it doesn’t use that direct app.
4 Likes
The /e/ Apps app gets APK’s from CleanAPK https://info.cleanapk.org/
According to that page, CleanAPK get “Most of open source applications available through our API” from F-Droid. They do not state where they get the open source applications that don’t come from F-Droid or the closed source, proprietary apps. APKPure have been mentioned in the past but, as CleanAPK is closed source itself, and the only thing known about APKPure is that the domain is registered in France, we just have to guess 
1 Like
Nope, MagicEarth is from APKPure. The e.foundation does not talk openly about its program sources.
As I said above, the apps in /e/'s Apps app store app come from CleanAPK.org: checkout this file in the Apps source code, which contains the following constants:
const val BASE_URL = "https://api.cleanapk.org/v2/"
const val DOWNLOAD_URL = "https://apk.cleanapk.org/"
const val WEB_STORE_URL = "https://cleanapk.org/#/app/"
You are correct about Magic Earth - see this commit in the e/os/android_prebuilts_prebuiltapks git repo. Magic Earth is built-in to the ROM, not installed from apps.
The updates that Apps offers for Magic Earth must also come from CleanAPK - who may or may not get them from APKPure - as there is no reference to APKPure in the Apps source.
You are also correct that both the /e/ foundation and CleanAPK are very close mouthed about where CleanAPK gets its apps, especially the closed source apps, and those open source apps that don’t come from F-Droid. They may well come from APKPure, but no-one outside of CleanAPK.org (whoever they may be) can say for sure
3 Likes
Arr… you are right. 
1 Like
This topic was automatically closed after 15 days. New replies are no longer allowed.