[guardian-dev] Hello, and question about Android and gapps
Hans-Christoph Steiner
hans at guardianproject.info
Wed Mar 28 10:26:15 EDT 2012
Ah, f-droid doesn't do any signature validation? It should at least compare updates to the original key.
.hc
On Mar 28, 2012, at 10:08 AM, Travis Biehn wrote:
> The apk can be signed by anyone...
>
> On Mar 28, 2012 10:06 AM, "Hans-Christoph Steiner" <hans at guardianproject.info> wrote:
>
> On Mar 27, 2012, at 6:02 AM, Rick Valenzuela wrote:
>
> > On 2012/03/26 3:42 PM, Manuel wrote:
> >> One note (and also the only thing that's keeping me from doing the
> >> same): You will likely not be able to use apps you bought in Market,
> >> because their license check will probably fail if you aren't logged
> >> in with the account you used for the purchase.
> >
> > I expect some functionality will break sometime. But so far, all have
> > been usable. The two separate pro licenses I have also backed up with
> > Titanium Backup, and operate fine. But looking versions on the Play
> > website, I can see that I'm missing updates. So that's one drawback. But
> > at least I can see the "What's new" tab to see if it's a security patch
> > or desirable bugfix.
> >
> >> On Mon, Mar 26, 2012 at 10:35:14AM -0400, Hans-Christoph Steiner
> >> wrote:
> >>>
> >>> I think that's a save assumption. AOSP (Android Open Source
> >>> Project) provides a whole operating system that is truly free
> >>> software. Having to agree to Google's privacy policy to use it
> >>> would make it non-free. The ROMs are generally based off of AOSP.
> >>> So congratulations! you have escaped Google on your phone :).
> >
> > heh, well, not quite: I was stuck without update on one app that pushed
> > me to flash gapps and log in to Play. I updated that and everything else.
> >
> > Just to experiment, though, I then backed up with Titanium Backup and
> > then made an update.zip of the TB itself, then made a nandroid backup.
> > Went back and started over again . So my phone is back without the
> > Google propietary apps on my phone, no account link, and updated apps.
>
> Good point, didn't think of that.
>
> >>> If you want a Free as in Freedom app store, check out F-Droid.
> >>> We're working on getting all of our stuff in there, as well as all
> >>> the things we find useful.
> >
> > yep! already on there, with both repos. i've found quite a few
> > replacement apps on fdroid, too, that have let me ditch ones with
> > sketchy permissions I got from the market. One thing I did notice when
> > adding the Guardian Project repo: The f-droid repo is not SSL.
>
> Yes, we probably should provide TLS connections to our repo. Since the APKs themselves are signed, it probably is not a big security risk to use plain text transfer. It is definitely a privacy risk, since someone in the middle could follow which apps you are installing.
>
> .hc
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/tbiehn%40gmail.com
>
> You are subscribed as: tbiehn at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20120328/2ab4f633/attachment.htm>
More information about the Guardian-dev
mailing list