The old /e/OS Apps app store used to source app apks from cleanapk.org. A number of concerns were raised and many of them were answered and addressed. /e/ appeared to recognise that using an anonymous website was less than ideal for a privacy-friendly OS, and in March 2022, in a long post about /e/'s product roadmap for 2022 , @GaelDuval wrote about a new app store:
We will also soon be offering a much larger and transparent access to
mobile applications, with our new application installer called “App
Lounge”. On this aspect, even if we didn’t have a single case of
tampered application during the past three years, we’re progressively
abandoning our dependency to the “CleanAPK” service. CleanAPK is
still going to be used momentarily for the catalog of apps coming
from F-Droid and Progressive Web Apps, but will be totally abandoned
this year. (my emphasis)
18 months on however, we can see that App Lounge is still using
CleanAPK API from CleanAPK
According to the API documentation available at https://info.cleanapk.org/, the CleanAPK API offers HTTP GET operations. As I understand it, the HTTP GET Header field will include the ip address of the callng client in the RemoteAddr
field. So App Lounge will be passing users’ ip addresses to cleanapk.
One of the original issues raised with respect to cleanapk was about lack of information about the site, whether it was/is GDPR compliant, and, specifically,
Who is the legal organization behind cleanapk.org?
What law applies, French, German, Indian, other?
What is the postal contact address and name?
Another quick search does not reveal any new information to answer these questions. So I have the following questions
- For what purpose does App Lounge currently use the cleanapk API?
- Does /e/ still intend to “totally abandon” using cleanapk?
- If so, what is the proposed timescale
- If not, is the advice to users who do not wish to have their ip addresses sent to cleanapk still as @Manoj stated
If you are still not confident please use any other repository like FDroid or Aurora store or any other which you feel is secure for your app downloads.
Thanks for any responses