I'm an Obtainium user, but I have concerns over security. If an APK gets compromised, it's straight on my device without any checks an app store performs.
Fair?
#privacytechpro tip: use #obtainum to get your #android and #grapheneos apks.
as a long time obtanium user it's nice to see nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z promoting it as the official method for getting #Amethyst
here are all the sources you can pull apks from:
#cybersecgirl #obtanium #amethyst
Discussion
Android checks the dev signature when updating. That's why you can't install from the PlayStore and update it with Obtainium. You always have to uninstall first to change the signature profile.
But first time installs are still not checked. But that is the same for the usual Play Store. And if the dev decides to go rogue and add some malicious code, neither Google, nor F-droid, nor Obtainium will find it before releasing it.
What are these magical checks that people imagine the Play Store is performing.
I thought there was a level of technical vetting. Not the case?
They run a standard anti-virus if that's what you mean by "technical vetting". :)
Nope. Although they plan to introduce mandatory testing where 10 friends of yours have to swear they ran it and and it appeared to work. In a way outsourcing the technical review.