Comments (17)
Apkmirror can start pushing malware
Wouldn't that apply to any other source? F-Droid builds apps from source signs them with their own keys, which means they could have made modifications to the builds on the main F-Droid repo.
Similarly, the prebuilt APKs in GitHub Releases could also have malware in them, even if the source code doesn't. You're always trusting someone.
The logic behind my suggestion was the reason that the dev provided. There are certain good apps that aren't open source, and APKMirror has been a pretty reliable source so far.
Might as well implement PS scraping for apps that only in store.
I feel like it would be easier to use the RSS feed from APKMirror, since the code for that seems to already have been implemented for sources like GitHub and GitLab.
from obtainium.
@ImranR98 I run APKMirror and found your project today. You're correct in your assumption that APKMirror is against scraping that results in leeching our bandwidth for free without giving anything in return (viewing advertising on pages or using APKMirror Premium for ad-free experience).
The way APKMirror access is currently implemented in your app bypasses our pages and takes the raw file.
Other tools, like APK Grabber and APK Updater have taken different approaches - they query by scraping or even using an API, then when it's time to download, send the user to the relevant download page. I even worked with the authors of these tools to make sure the API works well for them, and that's the kind of relationship I would like to have with Obtainium as well. I dropped you an email so we can chat further if you're interested.
Thanks.
from obtainium.
We can discuss this (have DMed you) but in the meantime APKMirror will be disabled as an App Source in the next release, whenever that is (see #14 (comment)).
from obtainium.
Versioning issue fixed: https://github.com/ImranR98/Obtainium/releases/tag/v0.8.1-beta
from obtainium.
But isn't the whole point of Obtanium :
Get Android App Updates Directly From the Source
from obtainium.
Yeah originally it was just for FOSS apps from GitHub, but APKMirror support would be useful for some use cases.
For example, the Play Store won't let me install Netflix since I use GrapheneOS, and I'd rather not download a whole separate app (Aurora store) just for that, so I guess APKMirror support in Obtainium would be good.
from obtainium.
Depends, really.
Apkmirror can start pushing malware.
That is why this project is interesting, to not rely on 3rd party.
Might as well implement PS scraping for apps that only in store.
But then again some devs do not bother pushing APKs into github, which can be signed and released automatically, but rather they depend on unreliable fdroid releases for their own app when they have the infrastructure to do it all, gitlab and github support releases 🙆🤷
from obtainium.
Added in https://github.com/ImranR98/Obtainium/releases/tag/v0.5.5-beta
Just noting that this turned out to be more complicated than just parsing an RSS feed, as the RSS feed doesn't contain APK URLs. The actual approach ended up requiring web scraping with more requests than any other App Source, and even needed the request to include a browser User-Agent. The APK URLs themselves even get generated every time and expire after a while, so it seems APKMirror doesn't really want web scraping. So this may break in the future but it works for now.
from obtainium.
For now, I've disabled APKMirror in the latest version (https://github.com/ImranR98/Obtainium/releases/tag/v0.6.0-beta) as I'd prefer not to include it if the developers don't want it to be (anyways, it would be easy for them to make a change that breaks the current hacked together approach).
Haven't had any communication, am closing this issue for now. Will reopen if there is an update.
from obtainium.
I DMed you yesterday FWIW, would like to connect still.
from obtainium.
Great, haven't seen it yet. May not be able to get back to you for a few days.
from obtainium.
As discussed, the best way to support APKMirror will be as a new kind of "notifications-only" source that can be checked for update notifications without being able to directly download and install APKs. Instead users would be directed to the external download page.
Currently, a lot in Obtainium is based on the assumption that APKs can be downloaded, so adding this new source type will require a lot of changes. Definitely worth doing at some point but not a high priority.
from obtainium.
Added: https://github.com/ImranR98/Obtainium/releases/tag/v0.8.0-beta
from obtainium.
This is a great addition. Now I can use only one app to track some of the apps from APKmirror or some other projects on Github on zip files like Magisk modules. But I noticed that when I search for direct url feeds from APKmirror. It doesn't give any info if it is a stable or beta version. I also noticed that it doesn't support .atom url for tracking.
Currently I used Feeder for tracking some github releases.
Thank you.
from obtainium.
The GitHub repo in your first screenshot doesn't have APKs on their releases page, which is why you get the error. And yeah, RSS feeds are not supported (everything in your URL after 'rvx-builder' is ignored). You can still toggle the "track only" option so it doesn't look for APKs, you'll still get notifications.
The second YouTube screenshot is concerning though, not sure why the version isn't being picked up. Am re-opening the issue to fix that.
Also, the APKMirror RSS feed (which is what we use to extract versions) doesn't provide a proper "version" field, so we have to extract the version from the "title" string, which makes it impossible to distinguish between beta, alpha, nightly, etc. since the wording can have a lot of variations. It's this unreliable version extraction which is probably responsible for the YT version issue as well.
from obtainium.
I try to toggle the "track only" option. But the add button is disabled once I toggle it. It means that it is applicable to apk releases only?
from obtainium.
Hmm, seems like a bug. You can fix it by backspacing on a character in the url bar and typing it again (any change in the bar should trigger the button enable).
from obtainium.
Related Issues (20)
- Can't add Novalauncher beta via HTML source HOT 1
- [enhancement] Don't delete downloaded apk optionally
- Directory error on all attempts to add a source HOT 9
- APKMirror latest versions HOT 2
- Connection timed out using VPN HOT 1
- Apps are not upgraded automatically in background (normal installer) HOT 11
- The pure black theme is broken HOT 5
- Share appconfig via Android share menu HOT 3
- In addition to the overview page and app logs, you could also refer to the wiki and the app configurations
- Allow changing update queue while some app is being updated HOT 1
- Silence `Obtanium must be open to install updates` for Shizuku and Root HOT 1
- Illegal percent encoding in URI HOT 1
- SourceForge, OpenCamera, failing Obtainium 1.1.5 HOT 6
- Error when checking for updates HOT 8
- AppGallery URL gets malformed
- Updates makes the app on light mode HOT 2
- UI bugged HOT 2
- "remember" APK name from "Pick an APK" screen for updates HOT 1
- Can't download asset after successfully adding app HOT 3
- Autodetect installed apps HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from obtainium.