Android apk repository?



  • Are there any good apk repositories that are spyware free and has common free apps?

    We run android without google services and we would like to push or manually install apk's to phones directly, completely bypassing google play.



  • Welcome to the club. I've been running without Google play for about a year now.

    The best and safest app store is F-Droid

    https://f-droid.org/en/

    I've found replacements for everything that work just as well or better than apps that require play services, with one exception. Nothing can stand up to Google maps.

    Open street map is terrible in Florida. I've heard it's usable in Europe and the North East, but definitely not here. With open street maps, everything must added by users including street names and numbers. Without that information, it's essentially useless.



  • Aurora store or Yalp (found on F-Droid) can be used to download apks directly from Google play.



  • Skytube is an awesome YouTube replacement. Say good bye to YouTube ads 🙂



  • @Pete-S said in Android apk repository?:

    Are there any good apk repositories that are spyware free and has common free apps?

    What would that even look like? Who would maintain it, and how would it be paid for?

    Frankly - I wonder this same thing for Linux repos. Are the repos that come with a specific Linux distro managed and supported by that distro?

    Yep my nood is showing.



  • @Dashrender said in Android apk repository?:

    @Pete-S said in Android apk repository?:

    Are there any good apk repositories that are spyware free and has common free apps?

    What would that even look like? Who would maintain it, and how would it be paid for?

    I have to agree with you on this one. No telling who is actually maintaining these.

    Frankly - I wonder this same thing for Linux repos. Are the repos that come with a specific Linux distro managed and supported by that distro?

    All of the official repos are maintained by their respective distribution, yes.

    It's all the 3rd party ones that are questionable. Yet another reason I don't like Ubuntu, much of the software comes from 3rd party repos.



  • @travisdh1 said in Android apk repository?:

    @Dashrender said in Android apk repository?:

    @Pete-S said in Android apk repository?:

    Are there any good apk repositories that are spyware free and has common free apps?

    What would that even look like? Who would maintain it, and how would it be paid for?

    I have to agree with you on this one. No telling who is actually maintaining these.

    Frankly - I wonder this same thing for Linux repos. Are the repos that come with a specific Linux distro managed and supported by that distro?

    All of the official repos are maintained by their respective distribution, yes.

    It's all the 3rd party ones that are questionable. Yet another reason I don't like Ubuntu, much of the software comes from 3rd party repos.

    You get the same problem if you use COPR on Fedora, right?

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.



  • @dafyre said in Android apk repository?:

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.

    Ding Ding!!!

    I mean seriously... You gotta love the mentality. We know Google is selling our data and bending us over dry. The mentality of some 3rd party can bend you over worse is kind of silly to me. Sure it is certainly possible, but we have a known entity here that invades privacy and sells data like its no other.

    Google is also known for sensorship through its outlets and doesnt even bother to show up to when the whole Facebook witch hunt was going on. Clearly stating that privacy is an issue it doesnt feel it needs to address.

    https://www.cnet.com/news/google-is-a-no-show-at-the-washington-dc-tech-hearings-stoking-anger-in-congress/



  • @travisdh1 said in Android apk repository?:

    It's all the 3rd party ones that are questionable. Yet another reason I don't like Ubuntu, much of the software comes from 3rd party repos.

    Tin foil hat guys will tell you absolutely trust no one. There are some steps you can take to individually check apks. Also, automatic updates are disabled by default. So you can manually install updates and pre analyze apks. Every time before install.

    There are some tools that help with this. This is just one example:

    https://github.com/google/android-classyshark



  • https://f-droid.org/en/about/

    F-Droid is a non-profit volunteer project. Although every effort is made to ensure that everything in the repository is safe to install, you use it AT YOUR OWN RISK. Wherever possible, applications in the repository are built from source, and that source code is checked for potential security or privacy issues. This checking is far from exhaustive though, and there are no guarantees.

    F-Droid respects your privacy. We don’t track you, or your device. We don’t track what you install. You don’t need an account to use the client, and it sends no additional identifying data when talking to our web server other than its version number. We don’t even allow you to install other applications from the repository that track you, unless you first enable ‘Tracking’ in the AntiFeatures section of preferences. Any personal data you decide to give us (e.g. your email address when registering for an account to post on the forum) goes no further than us, and will not be used for anything other than allowing you to maintain your account.



  • @IRJ said in Android apk repository?:

    @dafyre said in Android apk repository?:

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.

    Ding Ding!!!

    I mean seriously... You gotta love the mentality. We know Google is selling our data and bending us over dry. The mentality of some 3rd party can bend you over worse is kind of silly to me. Sure it is certainly possible, but we have a known entity here that invades privacy and sells data like its no other.

    Google is also known for sensorship through its outlets and doesnt even bother to show up to when the whole Facebook witch hunt was going on. Clearly stating that privacy is an issue it doesnt feel it needs to address.

    https://www.cnet.com/news/google-is-a-no-show-at-the-washington-dc-tech-hearings-stoking-anger-in-congress/

    I get what you're saying - but at least Google puts in an error to keep the shit out. Is it perfect - nope, no one is, but with a 3rd party (likely unmanged) repo - you have no clue what's happening there. What prevents hackers from uploading all kinds of infected shit with similar names to real things? or straight up replace real things with their own hacked version?
    I honestly have no clue how 3rd party repos work - so just answer that question, don't be a JB about it.



  • @Dashrender How do you verify anything you can install on any operating system?

    If you download iso files from microsoft for instance, they show the hash of the file on their website and you can check the files integrity. That is the standard way of verifying that the files are what you think they are.

    Only a few android developers have direct download of the apk files from their websites. Often they are in odd places. For instance to find where mozilla put their firefox apks is not straight forward.

    Problem with this whole thing is that a lot of android developers don't provide the apk files directly and you have to get them from google play. But to do that you need to sign up with google first, because google doesn't allow apk download from their site.

    I also think that apks are signed software and you can verify that, but I haven't figured out how.

    PS. @IRJ mentioned a couple of solutions to the problems above that I will check out.



  • We have a couple of bricked phones because of google. If you sign up with google and then you leave the company and your phone, you can't factory reset the phone and let someone else use it. You must have access to the original google account. If you don't, the phone is bricked.

    That's google trying to "help" you. It was introduced in Android 5 something.

    PS. I think you can get around this too but it involves tricking the bootloader and connecting it to a PC or something like that. Of course the people who steal phones know exactly how to do it.



  • @Dashrender said in Android apk repository?:

    @IRJ said in Android apk repository?:

    @dafyre said in Android apk repository?:

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.

    Ding Ding!!!

    I mean seriously... You gotta love the mentality. We know Google is selling our data and bending us over dry. The mentality of some 3rd party can bend you over worse is kind of silly to me. Sure it is certainly possible, but we have a known entity here that invades privacy and sells data like its no other.

    Google is also known for sensorship through its outlets and doesnt even bother to show up to when the whole Facebook witch hunt was going on. Clearly stating that privacy is an issue it doesnt feel it needs to address.

    https://www.cnet.com/news/google-is-a-no-show-at-the-washington-dc-tech-hearings-stoking-anger-in-congress/

    I get what you're saying - but at least Google puts in an error to keep the shit out. Is it perfect - nope, no one is, but with a 3rd party (likely unmanged) repo - you have no clue what's happening there. What prevents hackers from uploading all kinds of infected shit with similar names to real things? or straight up replace real things with their own hacked version?
    I honestly have no clue how 3rd party repos work - so just answer that question, don't be a JB about it.

    What an honor to be referred to as JB 🙂

    I am just not a fan of google. So there are two major 3rd party app stores that work a little differently:

    Aptoid

    This is the biggest 3rd party app store. These guys allow pretty much anything in their store which can be dangerous. I'd say about 50% of their stuff they do scan and verify (which is marked in their store). Because they dont check certain apks, I personall avoid their app store.

    F-Droid

    Every app is scanned and checked by a volunteer community. This community has very strong ties with open source projects such as Nextcloud. In addition to their stable app, NC also has a beta version of some of their apps for the F-Droid community.

    9835b605-6ac3-4290-b112-2d41ecf11be4-image.png

    One other thing I really like about F-Droid is that adds and potential privacy issues are bolded on particular apps. Examples of apps that are marked as possible dangerous are any apps that connect to social media sites such as Facebook or Twitter. Even apps such as "Tin Foil Hat for Facebook" Which is a sandbox that runs facebook mobile is marked as AntiFeature.



  • @Pete-S said in Android apk repository?:

    We have a couple of bricked phones because of google. If you sign up with google and then you leave the company and your phone, you can't factory reset the phone and let someone else use it. You must have access to the original google account. If you don't, the phone is bricked.

    That's google trying to "help" you. It was introduced in Android 5 something.

    PS. I think you can get around this too but it involves tricking the bootloader and connecting it to a PC or something like that. Of course the people who steal phones know exactly how to do it.

    It isnt cheap, but Copperhead OS might be a solution your company could possibly look into. Instead of a subscription model, the cost is a one time up front cost. It offers a really nice, secure MDM solution without relying on Google. I have run Copperhead OS for over a year and absolutely love it.

    copperhead.co



  • @Pete-S said in Android apk repository?:

    @Dashrender How do you verify anything you can install on any operating system?

    If you download iso files from microsoft for instance, they show the hash of the file on their website and you can check the files integrity. That is the standard way of verifying that the files are what you think they are.

    Only a few android developers have direct download of the apk files from their websites. Often they are in odd places. For instance to find where mozilla put their firefox apks is not straight forward.

    Problem with this whole thing is that a lot of android developers don't provide the apk files directly and you have to get them from google play. But to do that you need to sign up with google first, because google doesn't allow apk download from their site.

    I also think that apks are signed software and you can verify that, but I haven't figured out how.

    PS. @IRJ mentioned a couple of solutions to the problems above that I will check out.

    Personally I'm willing to give up some privacy for the protection that Google provides. IRJ might really hate - and I'm certainly not fond of it, but I deal with it for something closer to better security.

    And for normals - don't eve get me started - the 99.9%'ers need as much hand holding protection as they can get.

    Some game recently completely blew off going to any standard repo because they didn't want to pay the 30% store tax to the vendor. They get to keep that money for themselves instead of Google getting it - but at what cost? How many fewer people are getting the game because of the manual process the user has to go through? 30% less? maybe - who knows?



  • @Pete-S said in Android apk repository?:

    We have a couple of bricked phones because of google. If you sign up with google and then you leave the company and your phone, you can't factory reset the phone and let someone else use it. You must have access to the original google account. If you don't, the phone is bricked.

    That's google trying to "help" you. It was introduced in Android 5 something.

    PS. I think you can get around this too but it involves tricking the bootloader and connecting it to a PC or something like that. Of course the people who steal phones know exactly how to do it.

    I don't consider this a real issue - Companies should be providing company based Google accounts for these company devices - that solves the problem for the company. If the user is able to reset the phone and put only their own Google account into the phone - that's an HR issue.



  • @IRJ said in Android apk repository?:

    @Dashrender said in Android apk repository?:

    @IRJ said in Android apk repository?:

    @dafyre said in Android apk repository?:

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.

    Ding Ding!!!

    I mean seriously... You gotta love the mentality. We know Google is selling our data and bending us over dry. The mentality of some 3rd party can bend you over worse is kind of silly to me. Sure it is certainly possible, but we have a known entity here that invades privacy and sells data like its no other.

    Google is also known for sensorship through its outlets and doesnt even bother to show up to when the whole Facebook witch hunt was going on. Clearly stating that privacy is an issue it doesnt feel it needs to address.

    https://www.cnet.com/news/google-is-a-no-show-at-the-washington-dc-tech-hearings-stoking-anger-in-congress/

    I get what you're saying - but at least Google puts in an error to keep the shit out. Is it perfect - nope, no one is, but with a 3rd party (likely unmanged) repo - you have no clue what's happening there. What prevents hackers from uploading all kinds of infected shit with similar names to real things? or straight up replace real things with their own hacked version?
    I honestly have no clue how 3rd party repos work - so just answer that question, don't be a JB about it.

    What an honor to be referred to as JB 🙂

    I am to please 😛

    You were (and continue to) being cool to me and my questions - I just wanted to toss that out there in case you were getting irked at my leading questions.

    Thanks.



  • @Dashrender said in Android apk repository?:

    Personally I'm willing to give up some privacy for the protection that Google provides.

    What protection is that?

    Anyone could upload any app they made to the play store. You have no clue what the app does. Google only provides convenience by having a lot of apps in the same place, not security. They also provide inconvenience because you have a lot of crappy stuff there as well, so it can be difficult to find what you are looking for.



  • @Pete-S said in Android apk repository?:

    @Dashrender said in Android apk repository?:

    Personally I'm willing to give up some privacy for the protection that Google provides.

    What protection is that?

    Anyone could upload any app they made to the play store. You have no clue what the app does. Google only provides convenience by having a lot of apps in the same place, not security. They also provide inconvenience because you have a lot of crappy stuff there as well, so it can be difficult to find what you are looking for.

    While not a perfect job - they do curate the store. They have automated systems that look for bad behavior in APKs and kick them out of the store.

    As for crappy things - sure, any place that has a mostly open door policy will have that problem. Just not something you can really control, short of not being an open door type place.



  • @Dashrender said in Android apk repository?:

    @IRJ said in Android apk repository?:

    @Dashrender said in Android apk repository?:

    @IRJ said in Android apk repository?:

    @dafyre said in Android apk repository?:

    3rd Party Repos / APK Stores don't bother me so much...mainly because I understand that there is risk. Granted you have Risk even on the Google Play store as well... So as long as you expect risk (and use reputable sources), I don't see a problem with it for personal stuff.

    Ding Ding!!!

    I mean seriously... You gotta love the mentality. We know Google is selling our data and bending us over dry. The mentality of some 3rd party can bend you over worse is kind of silly to me. Sure it is certainly possible, but we have a known entity here that invades privacy and sells data like its no other.

    Google is also known for sensorship through its outlets and doesnt even bother to show up to when the whole Facebook witch hunt was going on. Clearly stating that privacy is an issue it doesnt feel it needs to address.

    https://www.cnet.com/news/google-is-a-no-show-at-the-washington-dc-tech-hearings-stoking-anger-in-congress/

    I get what you're saying - but at least Google puts in an error to keep the shit out. Is it perfect - nope, no one is, but with a 3rd party (likely unmanged) repo - you have no clue what's happening there. What prevents hackers from uploading all kinds of infected shit with similar names to real things? or straight up replace real things with their own hacked version?
    I honestly have no clue how 3rd party repos work - so just answer that question, don't be a JB about it.

    What an honor to be referred to as JB 🙂

    I am to please 😛

    You were (and continue to) being cool to me and my questions - I just wanted to toss that out there in case you were getting irked at my leading questions.

    Thanks.

    Google does irk me. Not you...lol



  • What about Amazon Appstore? It could be a really good alternative to Google's Play Market in the view of no Google services installed.



  • @Darek-Hamann said in Android apk repository?:

    What about Amazon Appstore? It could be a really good alternative to Google's Play Market in the view of no Google services installed.

    It is an alternative, but Amazon is known for quite a bit of tracking themselves. It may meet his need though.



  • @Pete-S

    Aptiod is a good start but made for personal usage.

    but If I were you I would unify my smart phones, install google play on mine and export APKs and put them on shared location, cause you only need like a couple of them.

    That said Google has good AV security feature and you dont want to put something that can install apps and handing it over without securing it.

    Oh I recall I installed all phones with 1 account, it was nice to track stolen phone but contacts synced on all phones and bite me back in the



  • @Emad-R said in Android apk repository?:

    @Pete-S

    Aptiod is a good start but made for personal usage.

    Aptoid is not really a good solution. So much known malware and bad apks. I would avoid it all cost. If you are looking for a free pro version of something this is where people try to go. Most of the time they just end up with malware.

    Aptoid does check some apps (which they note), but definitely not all.



  • @Emad-R said in Android apk repository?:

    @Pete-S

    but If I were you I would unify my smart phones, install google play on mine and export APKs and put them on shared location, cause you only need like a couple of them.

    That said Google has good AV security feature and you dont want to put something that can install apps and handing it over without securing it.

    Oh I recall I installed all phones with 1 account, it was nice to track stolen phone but contacts synced on all phones and bite me back in the

    This functionality is built in to Aurora Store. You can actually use your Google Creds and download APKs that you legitmately paid for DIRECTLY. Auroroa Store is essentially a Google Play client that passes default creds (unless you enter your own). So the apks you are downloading are directly from Google.

    Yalp Store also has this ability, but uses only default creds. I dont believe you can use your own Google creds on yalp.