Awesome Aaron was right, but where is the source or api documentation for it?
What is the “/e/ app store API” site doing?
Using the Apps store results in traffic to/from “cleanapk.org”. We don’t know who operates this domain. The device downloaded two certificates (api.cleanapk.org and apk.cleanapk.org). Most communication was TLS 1.2 encrypted. It would be nice to get some information about “cleanapk.com”. Maybe, this domain is operated by /e/ for their app store.
The new app store is a chance to completely get rid off of Google Play, however, we don’t know about the relationship with “cleanapk.com”, and how they ship their apps (e.g., who builds and signs the apps?).
https://infosec-handbook.eu/blog/e-foundation-second-look/#appstore
Welcome to the /e/ app store API
401 Authorization Required
nginx/1.15.12
blank
whois cleanapk.org
Domain Name: CLEANAPK.ORG
Registry Domain ID: D402200000009169459-LROR
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2019-04-06T03:48:15Z
Creation Date: 2019-02-04T16:59:26Z
Registry Expiry Date: 2020-02-04T16:59:26Z
Registrar Registration Expiration Date:
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: 11
Registrant Country: FR
Name Server: NS-212-A.GANDI.NET
Name Server: NS-73-C.GANDI.NET
Name Server: NS-175-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
Last update of WHOIS database: 2019-08-24T09:38:53Z <<<
PING cleanapk.org (178.63.53.85) 56(84) bytes of data.
64 bytes from static.85.53.63.178.clients.your-server.de (178.63.53.85)