In many places in the world, it is very common to find Android apps via a multitude of sources: third party app stores, Bluetooth transfers, swapping SD cards, or directly downloaded from websites. As developers, we want to make sure that our users get secure and timely update no matter how they got our apps. We still recommend that people get apps from trusted sources like F-Droid or Google Play.
Building upon the F-Droid distribution ecosystem, there is a new suite of libraries: “F-Droid Update Channels“. It is a suite of libraries for making sure your that your app can always find updates, no matter where someone got it from. Currently, there are two specific libraries: “Get F-Droid” and “App Updater”.
“Get F-Droid” aka
Checks whether F-Droid is installed. If not, it will help the user to download and install F-Droid. F-Droid then provides the update channel. This is the preferred method of getting updates since F-Droid provides strong privacy protection and lets the user control when and where updates happen. Also, if F-Droid came pre-installed on the device or was “flashed” onto it as part of a custom Android ROM, then F-Droid does not need “Unknown Sources” enabled.
“App Updater” aka
Keeps the app current by checking the hard-coded app repository set up by the developer. This is similar to the popular “App Updater” library, but is secure due to the F-Droid signed metadata. The _fdroidserver_ tools handle the creation and maintenance of the app repository.
Both of these libraries also check whether Google Play is installed, if so, will disable itself. This allows apps to include this library in APKs that are uploaded to Google Play since it will not violate the Google Play Terms of Service.