IzzyOnDroid Twitter


Say thanks!
↓ Your product here? ↓
Das Inoffizielle Android-HandbuchAndroid kennenlernen, Tipps & TricksDas Inoffizielle Android-Handbuch
Android kennenlernen, Tipps & Tricks
Für EUR 16,99 bei Amazon kaufen
Das Inoffizielle Android SystemhandbuchTiefer ins System einsteigenDas Inoffizielle Android Systemhandbuch
Tiefer ins System einsteigen
Für EUR 10,00 bei Amazon kaufen
Die besten Android-AppsDen Androiden austattenDie besten Android-Apps
Den Androiden austatten
Für EUR 10,00 bei Amazon kaufen
 

IzzyOnDroid Android App Repository

An F-Droid Repo for free Android Apps

This is an F-Droid style repository for Android apps, provided by IzzyOnDroid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github).

If you are an open-source developer and wish your app(s) included, be welcome to contact me. Ways to do that can be found e.g. from the Imprint at the IzzyOnDroid Android site.

DISCLAIMER: I have not thoroughly checked the .apk files available here. As stated above, they are directly taken from the repositories of their resp. developers. Some basic measures are taken, though (see the Security section below). Still, use this repo at your own risk: I will take no responsibility whatsoever for any damages which might occur as result (not saying there will be any, though).

If you still wish to use this repository with your F-Droid client, this is the URL you should use to add it:

https://apt.izzysoft.de/fdroid/repo

How do apps come into this repo?

From time to time, I check on Github for repositories featuring Android apps which are not part of the main F-Droid repository, but have .apk files along with the code. If such an app seems useful, has been updated not too long ago (at least within the last 12 month), and seems legit, I take a raw look at the .apk file (do the permissions look appropriate, are there and „crazy indicators“ making it look strange) – and if it passes, it gets added.

Of course I won't find them all: some serve their .apk files along with the releases/ (which I favor), some simply have them amongst the repository files (acceptable), some do not have any at all, and I'm afraid I've missed a lot. So I'm open to suggestions. Good candidates meet most of the following criteria:

What about updates?

Read between the lines above: if the .apk files were served in the releases/ tree and are properly tagged for all versions, I have a script that runs automatically in regular intervalls to check for and download updates. For those apps, it works pretty well. Some other apps must be checked manually, which I don't do on a regular base (but those are few).

How many versions are kept?

Usually up to 3 versions per app are kept in the repository, but in sum they shall not occupy more than 20 M per app (see „hard limit“ above). If a newer version is released after that, the oldest version is automatically purged. And no, I currently do not plan keeping a second „Archive Repo“ for older versions.

Do apps get removed from your repo?

This indeed may happen. Apps might get „kicked out“ if it gets obvious something „bad“ slipped in – e.g. by users reporting bad behavior of an app installed from here.

I might also decide to drop an app which hasn't been updated for more than a year, or lost its value for other reasons (e.g. the service behind it went out of business). But generally, I plan no „purge actions for dubios reasons“. Especially I don't have the policy of excluding Ad-Blockers and the like ;)

What about security?

For this, two actions are taken:

Malware scan

Apps are scanned for malware, using the services of VirusTotal. VirusTotal currently runs more than 50 engines to check files, which is quite some coverage. However, results differ between engines: some are more prone to „false positives“ than others, and some even report ads as malware (we might tend to agree on that). So results might look different – and here's how they are presented for each file:

Except for the „pending“ shield, the label will always link to the corresponding detail page at the VirusTotal website. Feel encouraged to check that. If a file is marked by a yellow or red shield, also check the app's description, which might hold further hints. Sometimes a finding might be „normal“ (e.g. a vulnerability test suite could easily trigger a „false alert“, as described above). Moreover, some scanners thread a „PUA“ (potentially unwanted addon/application) as alert – as indicated above.

Library scan

APK files are also checked for libraries they are using. This is done locally, using LibRadar (plus some additions of mine). Findings are grouped into three categories:

You will not only find the categories and names of libraries, but also some additional details: which permissions are found accessed by them is the most interesting part here. Where available, a link is given to their resp. websites/pages. Additionally, for most of the libraries there're additional details available, indicated by an icon and revealed by clicking on it:

Talking about Javascript: How safe is your site?

There's no such thing as „absolute safety“ or „100% security“, but I did my best also in this regard. No 3rd party sources (with the only exception of the articles on IzzyOnDroid having their images hosted on Imgur), especially no Javascript. But don't decide on my word alone, check the following sources which checked this site:

2017-12-13