[guardian-dev] Bazaar/F-Droid: Two-tap vs One-tap provisioning
Nathan of Guardian
nathan at guardianproject.info
Thu Mar 20 09:22:48 EDT 2014
Currently, with an app management system like F-Droid, it would require
users to taps to setup our repo. Imagine a new user with nothing
installed, visiting a page with two big "download" buttons:
1) Tap to install F-Droid (one time bootstrap)
or 1a) receive F-Droid via bluetooth/NFC or other peer share mechanism
2) Tap to add Guardian Project repo (URI which F-Droid handles, auto
sets up fetches and display available apps).
or 2a) Scan a QR code or NFC/Beam to receive the second URI
This isn't terrible, but it is twice as much work, and don't forget the
#1 setup process is already quite annoying as an APK download due to
finding the download notification, ensuring "trust unknown APK" is
enabled, etc.
A question came up yesterday regarding how to in one download both
provide a stock version of F-Droid, but then also somehow append or
attach to that download the custom repo URI or other bootstrap config data.
We had a few ideas, including:
1) Injecting data into the APK in a way that doesn't cause problems with
the built-in signature (which isn't a signature of the whole APK/JAR
file, just the relevant android bits).
2) Use some sort of bonjour/zeroconf service if you are sharing this APK
on a wifi LAN between peers to broadcast a peer repo
3) Generate a one-time use meta APK of some sort that contains both
F-Droid APK and the config data.
Any other ideas? Thoughts on these approaches?
The goal is to support simple bootstrapping of dynamically addressed
peer repos, as well as allow organizations to have their repo in F-droid
by "default" with out requiring forks or white labeling.
+n
More information about the Guardian-dev
mailing list