Add APKMirror as a source about obtainium HOT 17 CLOSED

Apkmirror can start pushing malware

Wouldn't that apply to any other source? F-Droid builds apps from source signs them with their own keys, which means they could have made modifications to the builds on the main F-Droid repo.

Similarly, the prebuilt APKs in GitHub Releases could also have malware in them, even if the source code doesn't. You're always trusting someone.

The logic behind my suggestion was the reason that the dev provided. There are certain good apps that aren't open source, and APKMirror has been a pretty reliable source so far.

Might as well implement PS scraping for apps that only in store.

I feel like it would be easier to use the RSS feed from APKMirror, since the code for that seems to already have been implemented for sources like GitHub and GitLab.

from obtainium.

@ImranR98 I run APKMirror and found your project today. You're correct in your assumption that APKMirror is against scraping that results in leeching our bandwidth for free without giving anything in return (viewing advertising on pages or using APKMirror Premium for ad-free experience).

The way APKMirror access is currently implemented in your app bypasses our pages and takes the raw file.

Other tools, like APK Grabber and APK Updater have taken different approaches - they query by scraping or even using an API, then when it's time to download, send the user to the relevant download page. I even worked with the authors of these tools to make sure the API works well for them, and that's the kind of relationship I would like to have with Obtainium as well. I dropped you an email so we can chat further if you're interested.

Thanks.

from obtainium.

We can discuss this (have DMed you) but in the meantime APKMirror will be disabled as an App Source in the next release, whenever that is (see #14 (comment)).

from obtainium.

Versioning issue fixed: https://github.com/ImranR98/Obtainium/releases/tag/v0.8.1-beta

from obtainium.

But isn't the whole point of Obtanium :

Get Android App Updates Directly From the Source

from obtainium.

Yeah originally it was just for FOSS apps from GitHub, but APKMirror support would be useful for some use cases.

For example, the Play Store won't let me install Netflix since I use GrapheneOS, and I'd rather not download a whole separate app (Aurora store) just for that, so I guess APKMirror support in Obtainium would be good.

from obtainium.

Depends, really.
Apkmirror can start pushing malware.
That is why this project is interesting, to not rely on 3rd party.
Might as well implement PS scraping for apps that only in store.
But then again some devs do not bother pushing APKs into github, which can be signed and released automatically, but rather they depend on unreliable fdroid releases for their own app when they have the infrastructure to do it all, gitlab and github support releases 🙆🤷

from obtainium.

Added in https://github.com/ImranR98/Obtainium/releases/tag/v0.5.5-beta

Just noting that this turned out to be more complicated than just parsing an RSS feed, as the RSS feed doesn't contain APK URLs. The actual approach ended up requiring web scraping with more requests than any other App Source, and even needed the request to include a browser User-Agent. The APK URLs themselves even get generated every time and expire after a while, so it seems APKMirror doesn't really want web scraping. So this may break in the future but it works for now.

from obtainium.

For now, I've disabled APKMirror in the latest version (https://github.com/ImranR98/Obtainium/releases/tag/v0.6.0-beta) as I'd prefer not to include it if the developers don't want it to be (anyways, it would be easy for them to make a change that breaks the current hacked together approach).
Haven't had any communication, am closing this issue for now. Will reopen if there is an update.

from obtainium.

I DMed you yesterday FWIW, would like to connect still.

from obtainium.

Great, haven't seen it yet. May not be able to get back to you for a few days.

from obtainium.

As discussed, the best way to support APKMirror will be as a new kind of "notifications-only" source that can be checked for update notifications without being able to directly download and install APKs. Instead users would be directed to the external download page.

Currently, a lot in Obtainium is based on the assumption that APKs can be downloaded, so adding this new source type will require a lot of changes. Definitely worth doing at some point but not a high priority.

from obtainium.

Added: https://github.com/ImranR98/Obtainium/releases/tag/v0.8.0-beta

from obtainium.

This is a great addition. Now I can use only one app to track some of the apps from APKmirror or some other projects on Github on zip files like Magisk modules. But I noticed that when I search for direct url feeds from APKmirror. It doesn't give any info if it is a stable or beta version. I also noticed that it doesn't support .atom url for tracking.

Currently I used Feeder for tracking some github releases.

Thank you.

from obtainium.

The GitHub repo in your first screenshot doesn't have APKs on their releases page, which is why you get the error. And yeah, RSS feeds are not supported (everything in your URL after 'rvx-builder' is ignored). You can still toggle the "track only" option so it doesn't look for APKs, you'll still get notifications.

The second YouTube screenshot is concerning though, not sure why the version isn't being picked up. Am re-opening the issue to fix that.

Also, the APKMirror RSS feed (which is what we use to extract versions) doesn't provide a proper "version" field, so we have to extract the version from the "title" string, which makes it impossible to distinguish between beta, alpha, nightly, etc. since the wording can have a lot of variations. It's this unreliable version extraction which is probably responsible for the YT version issue as well.

from obtainium.

I try to toggle the "track only" option. But the add button is disabled once I toggle it. It means that it is applicable to apk releases only?

from obtainium.

Hmm, seems like a bug. You can fix it by backspacing on a character in the url bar and typing it again (any change in the bar should trigger the button enable).

from obtainium.