Aurora Store vs. *.apk Download from official site

Hi

Aurora Store is working without Google account.

I need to install Protonmail and Signal Messenger.

Should I download on their site *.apk or use Aurora Store? What are pros and cons?
How you experts do it?

Have a nice weekend

Install first from their site, so that any new update can’t be faked, signature will fail.

2 Likes

There are 2 ways:

  1. Official website… – official git-repo (if available).
  2. YalpStore+/AuroraStore - These may have significant changes, based on if they are released on PlayStore and or PlayStore Test Versions.
    #Suggestions
  3. If you want to go safe, install from their official site.
  4. “Fill your choice here”. :stuck_out_tongue:

I would recommend you to go with official site to download mate,
It’s easy download and install apk from official site.
It’s easy and saves your time :smile:
Cheers to you

Excuse my ignorance, but what do you mean by this?

Android has for security reasons a way to reject updates from apps not signed from the same developer.

So, you install an app from some store, but if I want to update your app with my app that I’ve hacked and resigned, it won’t work.

2 Likes

I see. I get it now. Thanks!

Interesting topic. Thanks to all.

Welcome to F-Droid Forum — thanks for contributing!
在官网下载比较安全, 第三方可能有问题

1 Like

The Signal apk that can be downloaded from their website is different than the one you get from the Play Store: it has an auto-update function. The website version is usually updated last in their incremental releasescheme.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Hi!

I was asking myself, if its best to download an app (which is not on f-droid) as an apk from the official website or from a serious appstore (for example the aurora store).
Here, I read a asolution, but I don’t understand it:

It is said, that it’s best to FIRST install it as an official apk (website) and then update it via (for example) the aurora store. I understand the explanation, that the signatures have to fit and it’s important to avoid fake-updates.

BUT: If I FIRST install it via the aurora store (which uses the same app-sources like the official play store, right?!), then the app is also signed by the developer (?!) and for me this way seems more secure than to browse to the website and download an apk, which also could be compromised?!

I’m a bit confused, because it seemed for me the safest way to install apps with an store.

Thanks in advance for an explanation.

there is no Aurora Store… the app downloads from Google Play, right?

Depends on apps age, it might be signed by Google instead, but yes.

You mean that you think that maybe the site is compromised? As usual, that can be a possibility.

sorry, maybe its because english is not my home-language. But I still don’t understand the advantage to first install the apk from the website.

So the appstore checks, if the update is signed by the same developer. If this check is successfull (with signal directly installed via the store) and the update gets installed, everything should be find and safe, right?!

Thanks again!

In theory :slight_smile:

And in practice? :slight_smile:
Do I understand you right, that you rather think that the website download is authentic than the installation from the google repository (aurora store)?

In theory means that you need to trust that first install, be it from Google or from a site.

Try to check the apk, maybe the dev has hash sums, gpg signatures, etc.

ok, thanks a lot.