[guardian-dev] Hello, and question about Android and gapps

Travis Biehn tbiehn at gmail.com
Wed Mar 28 10:29:58 EDT 2012


Android won't let you install over packages with a different key. But it
comes down to fdroids handling of install and update processes.

Travis
On Mar 28, 2012 10:26 AM, "Hans-Christoph Steiner" <
hans at guardianproject.info> wrote:

>
> Ah, f-droid doesn't do any signature validation?  It should at least
> compare updates to the original key.
>
> .hc
>
> On Mar 28, 2012, at 10:08 AM, Travis Biehn wrote:
>
> The apk can be signed by anyone...
> On Mar 28, 2012 10:06 AM, "Hans-Christoph Steiner" <
> hans at guardianproject.info> wrote:
>
>>
>> On Mar 27, 2012, at 6:02 AM, Rick Valenzuela wrote:
>>
>> > On 2012/03/26 3:42 PM, Manuel wrote:
>> >> One note (and also the only thing that's keeping me from doing the
>> >> same): You will likely not be able to use apps you bought in Market,
>> >> because their license check will probably fail if you aren't logged
>> >> in with the account you used for the purchase.
>> >
>> > I expect some functionality will break sometime. But so far, all have
>> > been usable. The two separate pro licenses I have also backed up with
>> > Titanium Backup, and operate fine. But looking versions on the Play
>> > website, I can see that I'm missing updates. So that's one drawback. But
>> > at least I can see the "What's new" tab to see if it's a security patch
>> > or desirable bugfix.
>> >
>> >> On Mon, Mar 26, 2012 at 10:35:14AM -0400, Hans-Christoph Steiner
>> >> wrote:
>> >>>
>> >>> I think that's a save assumption.  AOSP (Android Open Source
>> >>> Project) provides a whole operating system that is truly free
>> >>> software.  Having to agree to Google's privacy policy to use it
>> >>> would make it non-free.  The ROMs are generally based off of AOSP.
>> >>> So congratulations! you have escaped Google on your phone :).
>> >
>> > heh, well, not quite: I was stuck without update on one app that pushed
>> > me to flash gapps and log in to Play. I updated that and everything
>> else.
>> >
>> > Just to experiment, though, I then backed up with Titanium Backup and
>> > then made an update.zip of the TB itself, then made a nandroid backup.
>> > Went back and started over again . So my phone is back without the
>> > Google propietary apps on my phone, no account link, and updated apps.
>>
>> Good point, didn't think of that.
>>
>> >>> If you want a Free as in Freedom app store, check out F-Droid.
>> >>> We're working on getting all of our stuff in there, as well as all
>> >>> the things we find useful.
>> >
>> > yep! already on there, with both repos. i've found quite a few
>> > replacement apps on fdroid, too, that have let me ditch ones with
>> > sketchy permissions I got from the market. One thing I did notice when
>> > adding the Guardian Project repo: The f-droid repo is not SSL.
>>
>> Yes, we probably should provide TLS connections to our repo.  Since the
>> APKs themselves are signed, it probably is not a big security risk to use
>> plain text transfer.  It is definitely a privacy risk, since someone in the
>> middle could follow which apps you are installing.
>>
>> .hc
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>        Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/tbiehn%40gmail.com
>>
>> You are subscribed as: tbiehn at gmail.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20120328/22da7d93/attachment.htm>


More information about the Guardian-dev mailing list