Where do Apps Come From?

Also I hate to say it but if we expect proprietary software companies to respect FLOSS software licenses; then open source/free software orgs are obliged to do the reverse. Otherwise it’s a bit hypocritical to cry foul when they violate a license like the GPL.

EDIT: I say this as an original kickstarter backer who had high hopes for this project, not as someone just passing by with no interest.

5 Likes

I agree completely with your sentiment, /e/ has to take the high road on the app front at this point or risk seeming hypocritical. I do hope they figure things out because the vision is great and what the tech community needs.

What really excites me about /e/ is the included cloud services. I could probably deal with only using FLOSS apps but I personally don’t want to spend the time with installing and maintaining my own cloud, which is really what makes smartphones compelling to me. I am hoping we get a decent answer this week about apps.

But I do accept your point, we can’t expect others to respect us if we don’t respect them. If /e/ wants to entice developers to their platform they should start out on the right foot.

1 Like

As a user, I’d really like to know where the apps come from as well. It feels dodgy not to know, I’m very much hoping there will be more transparency and some clear way to see where I’m downloading apps from. (I’d also love to be able to sort search results by privacy rating, just in case someone’s taking notes. Neat feature.)

2 Likes

The update should be on the website this week.

@Manoj A day or so until the end of the week AND almost a month since the question was first asked, and still no answer.

3 Likes

Nearly another week gone, and nothing yet. How complicated is this story?

2 Likes

@Manoj is there any update on the upcoming site update/application source clarification? I don’t like to be that guy but the team is well past the ETA and the adjusted ETA we were promised and I am losing patience. Surely the answer is simple enough to state since I am assuming the /e/ team coded the “Apps” app themselves.

I hope you can understand how the silence comes across poorly and doesn’t put /e/ in the best light. I am anxiously awaiting the release of /e/ out of beta but it’s hard to get fully behind a project with this lack of transparency. I thought /e/ was supposed to have better ethics than Google? I also don’t want to shift my whole digital world to your platform if Google can slap you down because you are illegally distributing apks.

In the interest of fairness and transparency can you please explain where the closed source apps in your ‘Apps’ store are coming from.

4 Likes

Not sure why the delay is being seen as an attempt to cover up or hide facts. The FAQ will be published on the website. It should be published soon just undergoing some last minute reviews.

@Manoj Because this seems like an answer that should’ve been prepared when the ‘Apps’ store was launched. We also never asked for an update to the homepage, a simple answer in this thread would’ve been sufficient since, frankly, I don’t know how many people truly care. The users in the forum would be okay with an explanation in this forum first, while the public relations version of the answer is being prepared for the general public/website.

Also, because perception is reality. When there are users questioning the legality of ‘Apps’ then something needed to be said quickly to get ahead of any potential issue. I don’t think that /e/ is trying to hide something but others may be more suspicious. Because /e/ is in its infancy and is now getting press attention these loose ends need to be sewn up.

How would it look if a reporter for The Verge came to this thread and saw the delay in response to this question? They could interpret silence as an attempt at obfuscation and wrote a hit-piece about /e/. Such a hit-piece could sink the project before it can get a foothold. That would be death in the court of public opinion, which /e/ will have to win at to become successful and approach the duopoly players for mindshare and market share.

Lastly, because users here expect better of this project. We expect Google and Facebook to ignore our questions, but not /e/.

I think most of us here just want to know what’s going on so that we know everything is on the “up-and-up” so we can better evangelize the product to our family and friends. If the project is getting apps in a shady way, or a perceived shady way, that is going to turn off a number of potential users

5 Likes

I would expect a reporter from The Verge to be a technical person.
A person who would not wait for an official statement or response to convince him or her of what is happening behind the scenes. They would go to the source code in Gitlab and verify the facts themselves. I would like to believe that technical folks would flash an /e/ ROM on their device, test it for it flaws and report that instead of waiting for official statements. If there are violations by /e/ give specific instances with concrete proof and we would be happy to learn and improve .
Now thanks to all the noise around this question what should have been posted a week back may be delayed further. Will update when the response is posted on the website.

Awesome Aaron was right, but where is the source or api documentation for it?

What is the “/e/ app store API” site doing?

Using the Apps store results in traffic to/from “cleanapk.org”. We don’t know who operates this domain. The device downloaded two certificates (api.cleanapk.org and apk.cleanapk.org). Most communication was TLS 1.2 encrypted. It would be nice to get some information about “cleanapk.com”. Maybe, this domain is operated by /e/ for their app store.

The new app store is a chance to completely get rid off of Google Play, however, we don’t know about the relationship with “cleanapk.com”, and how they ship their apps (e.g., who builds and signs the apps?).

https://infosec-handbook.eu/blog/e-foundation-second-look/#appstore

https://api.cleanapk.org/

Welcome to the /e/ app store API

https://cleanapk.org/

401 Authorization Required
nginx/1.15.12

https://apk.cleanapk.org/

blank

whois cleanapk.org
Domain Name: CLEANAPK.ORG
Registry Domain ID: D402200000009169459-LROR
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2019-04-06T03:48:15Z
Creation Date: 2019-02-04T16:59:26Z
Registry Expiry Date: 2020-02-04T16:59:26Z
Registrar Registration Expiration Date:
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: 11
Registrant Country: FR
Name Server: NS-212-A.GANDI.NET
Name Server: NS-73-C.GANDI.NET
Name Server: NS-175-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)

Last update of WHOIS database: 2019-08-24T09:38:53Z <<<

PING cleanapk.org (178.63.53.85) 56(84) bytes of data.
64 bytes from static.85.53.63.178.clients.your-server.de (178.63.53.85)

Hi @Manoj, I really hope you don’t read this as an attack, there is no attack and no need to get defensive as a result.

I’m not a “technical person” myself, maybe tech adjacent. So I wouldn’t go to github or look at any sort of source code. I do, however, very much care about the question where those apps come from. And it just seems like not a very complicated question.

Can you in easy terms explain why it is taking so long? I think everyone in this thread would be happy with an imperfect answer, as long as its respectful and brings across that /e/ want to be transparent.

@Romey makes some good points. I’m not currently recommending /e/ to regular users because of usability issues. I know this needs time to figure out and I have high hopes /e/ will soon be in a place to do that.

The more “tech adjacent” folks I have talked to about /e/ have noticed this thread and are currently putting their research on hold and not taking the plunge because of the lack of information.

I don’t understand why this is a complicated question? What is the hold up with responding to user queries, even if writing an official document for the website takes longer?

The combination between not getting a response here and not really getting a why either is not encouraging. Even if there’s nothing dodgy happening at all, and there are good reasons for the hold up, it looks dodgy from the outside. If there are reasons for the delay, maybe let us know what those are?

7 Likes

Thanks for all the points of view.
I have asked the team which is to update this topic on the website that the publishing is pending for more than a week. Have got a response that it will happen early next week.
Since the deadline has already been missed will update when I see it actually posted.

1 Like

Is it correct to say cleanapk.org is a closed-source operation by /e/?

That will be a wrong assumption. cleanapk is not connected to /e/ . The apks that show up in Apps are also unchanged apks from playstore and Fdroid mirrors as already pointed out in this thread.The apps are there because users have requested for them. We ensure the apps are ‘original’ with a PGP signature check or a checksum which you can also verify.
You will have more details when the response is posted on the web.

2 Likes

Source code for apps app, https://gitlab.e.foundation/e/apps/apps , contains:

const val BASE_URL = "https://api.cleanapk.org/"
const val DOWNLOAD_URL = "https://apk.cleanapk.org/"
const val WEB_STORE_URL = "https://cleanapk.org/#/app/"

Browsing to: https://api.cleanapk.org/ displays:

Welcome to the /e/ app store API

This shows a connection between /e/ app store and cleanapk.org.

Several other url’s can be found in /e/'s apps app source, including:

        val url = Constants.BASE_URL + "apps?action=list_cat"
        val url = Constants.BASE_URL + "app_suggestions"
        val url = Constants.BASE_URL + "apps?action=list_home"

Browsing to the last one: https://api.cleanapk.org/apps?action=list_home

shows 2 sources of app information: “fdroid_assets” and “apkpure_assets”

Thus, without a better explanation from /e/ apps author, the conclusion is:

cleanapk.org is being used by /e/ to get apps from fdroid and apkpure.

Source and documentation for cleanapk.org has not been revealed.

4 Likes

Thanks for your detective work @pally this will be good information to know, alongside the response from the /e/ team. Assuming that cleanapk.org mirror the Play Store (I say that because APKpure mirrors the Play Store), what does this mean for the prospects of /e/?

Based on the information about Yalp it would seem it’s likely that APKpure would also break the Google Play TOS. Should this make users of /e/ wary that the app ecosystem could change drastically at Google’s whim? If /e/ is mirroring the Play Store how does that square with the “non-Google” philosophy of /e/?

Perhaps those questions are more philosophical than pragmatic but does the fact that /e/ might be mirroring the Google Play Store give more creditability to @trashHeap’s comments.

3 Likes

So if we take this as read. Is there an explanation as to how /e/ has a license from say Nintendo or Netflix to residistribute their applications? Or is this an admission that /e/ does so without consent or license?

Even if the app is distributed for no charge. Its not actually legal to redistribute it without a license to do so. Free & Open source software bakes the right to redistribute into a license that it grants to everyone who recieves the program; but this isn’t true for proprietary applications like Netflix.

EDIT: I mean this isn’t something im spinning, this is well known and established. It’s why the Ouya didn’t ship Netflix and users had to sideload it. It’s why Youtube has been sideloaded by Amazon Kindle users in years past. These companies would happily have ripped the relevant APKs and redistributed them if it were legal to do so. But it was not.

1 Like

It’s doubtful in my opinion that APKPure is on sound legal footing. Nor would this square with even their legally dubious terms of service. https://apkpure.com/terms-service.html

Its also interesting that api.cleanapk.org is shrouded in such mystery. Even though it occur’s in the source code in what is supposed to be a highly transparent project.

It also sounds like it’s likely not going to be addressed by any explanation should would materialize. Even though it clearly is in the sourcecode.

Questions about the Apps installer also known as Apps is posted on the /e/ wiki here.

This wiki has all the details on where the application showing up in Apps come from, the source code, how it can be accessed, what information is available for each app and so on.

Since this issue has been discussed in detail and there is nothing further to add, this discussion is being closed.

1 Like