Usually the middleman validates what the stuff does, before we do it ourselves, yes even though malicious apps get through the cracks, still makes a difference.
It really depends. Many apps currently cannot be distributed through the stores or the maintainers have to endure a lot of bullying to stay in the stores. (Think NewPipe et al)
In these cases, the middlemen like Google are the hostile party. Essentially the threat actor. It is natural: big tech is big tech, because they are very good at limiting user choice.
For these applications, Obtainium is brilliant.
It also shows that the store model that everyone is working to enshrine in digital policy is not the necessity that Big Tech would have everyone believe.
Mostly because certain apps refuse to adopt Android APIs, or insist NDK is a full blown GNU/Linux userspace, contrary to Android team official position on the matter.
The fact that the Android team's official position on API usage determines what software I get to install is exactly my problem with this gatekeeping.
The latest victim of this travesty is the removal of syncthing from the play store and the subsequent discontinuation of the app. This was ostensibly due to syncthing's failure to leverage the storage access framework to access files on Android devices. In reality, developers were benchmarking the storage access framework as somewhere around 50 times slower than direct system access, and that made it infeasible for usage in apps like Syncthing. That bug has been open for years, and the Android team has done nothing other than claim it's fixed when benchmarks show otherwise.
So I'm not sold at all on the value of these gatekeeping stores that have black box approval processes with changing rules. It is a system that is set up to be evil because it can reject and accept on a whim with no accountability. We should not so easily give up on installing the software of our choosing on the devices we purchase.
Honestly I started using obtainium because I can't figure out why F-Ddoid builds are a month behind. RedReader became completely broken and needed the newer version. Not sure what's up with that lag. It's extremely frustrating.
Anyhow, when the apps stop being updated, it's usually due to something that was added that doesn't make them compliant with F-Droid's policies anymore; or, they changed something in the release process without telling F-Droid.
Other times, the apps were set to be updated only at the developer's request, and for some reason they still haven't done that request (some developers deliberately update F-Droid less frequently, to be more confident of not giving bugged releases to the F-Droid usere).
The normal delay, due to their manual (and lazy) signing process, is from few days to about ten
This is the case if the app store is done right, that is, if it has the end user's interests in mind. But as with all things Google, the end product always boils down to how much profit it can extract from its services in ad revenues, so there isn't really that much incentive in Google to keep the Play Store tidy.
This or some variation of the idea. The result is the same, what should protect the user becomes a vector to help spread malicious apps.
The safety-argument functions as an apologetic narrative to justify the gatekeeping.
Strangely, almost everything the Play Store pushes at me (Temu, TikTok, millions of communication apps with dubious reputation) is crap.
I would never install an app without checking the permissions it asks for, researching the owner of the app as well as the the tracking it includes - yet the store never makes those things transparent, quite the opposite.
Google even takes money to show you bad apps through PlayStore app ads designed to look like an organic app listing. This is apparently a mechanism to profit directly from deceiving users. (Right now, for example, it shows a gambling app, some "beautifying" shovelware, and "Tango live streaming," which the author probably believes by heart is not made for porn.)
So either Google is trying to protect its users and just isn't very good at it, or it's a fake argument to hide corporate power.
Unfortunately F-Droid sometimes distributes outdated software with security vulnerabilities. This happened with Fennec (Firefox variant), not sure what the reason was. I switched back to Firefox + Google Play after that.
Yes F-Droid is too slow unfortunately. The reason I added obtanium to my mix was because F-Droid version of RedReader was so old it didn't work with Reddit anymore. And I couldn't figure out why or if there was an ETA or what and someone mentioned obtanium.
> Usually the middleman validates what the stuff does
That's what they say for their defense yeah but personally I don't buy it. I've published an app myself and I've also seen the countless app scams which are allowed to advertise on YouTube.
They're excellent at inconveniencing legitimate devs for "mistakes" like links to external payment options, but oddly bad at spotting actual scams. I think that tells you something about the actual goal of app review.
The way you phrase mistakes is interesting, it’s been abundantly clear that’s not allowed for a long time. It’s not a “mistake” if you link to an external payment method .
I’m an iOS user but one of the reasons I like iOS is because I know that I’ll be able to Sign in with Apple, and pay via the App Store. I recently signed up to a service which charged me for a free trial and I opened a support ticket. They refunded me, and charged me again immediately.
I trust apple and google (rightly or wrongly) to have my back in that situation, but this dev clearly didn’t.
It resolved itself fairly quickly when I got my bank involved, but it took a month from start to finish. I have never, not once, had that issue with App Store managed purchases.
Apple does allow links to external payment options in some cases (see App Store Review Guideline 3.1.1), and sometimes rejects apps for links that it itself says should be legal, and is even legally required to allow in some jurisdictions. Which is not surprising, app reviewers spend only a few minutes looking at each app, and don't always understand the current rules.
One of the reasons I don't like either iOS or the Play Store is that I don't want to make an account with them (which can link all the flood of data sent by your phone to your real name, and force you to agree to their terms)
