E foundation using f-droid with middle-man website?

I’ve seen some comments about f-droid site slowness, but am not sure if this could be related. Anyway, e foundation is using a middle-man site to redistribute apps from f-droid, with their apps app. Is this OK?

I’m aware g-droid app does similar, but different…

Background details/references:

https://info.cleanapk.org/

Example app search result, with apk link from f-droid:

https://api.cleanapk.org/apps?action=app_detail&id=5c2546634ecab43f4b16bc0a

1 Like

Very interesting, thanks for the info. I’d love to see more info on how cleanapk works. Does it just send the source URL? HTTP Redirect? Reverse Proxy? Or local copies?

They’re creating local copies of apps from F-Droid, with no way for developers to automatically update them, no way to remove apps from their listing, and no plans for either of them so far.

All that will be solved after they’ve launched their store, they’ve said. I’m considering using trademark law to have them take down my app, as I don’t want them redistributing an ancient and outdated version with no update system on the horizon.

F-Droid has the best update process of all stores, but even Amazon and Google Play and some chinese stores have better update and removal processes than /e/ does.

More information can be found here: https://community.e.foundation/t/request-to-stop-shipping-outdated-apps/2260

And by comparing https://e.foundation/apps.html (try “com.iskrembilen.quasseldroid”, it returns v1.2.9 from 2019-07-29) with https://f-droid.org/en/packages/com.iskrembilen.quasseldroid/ (it returns v1.2.21 from 2019-08-12)

For actual downloads they list f-droid.org’s APK links, as can be seen in the cleanapk API responses: https://api.cleanapk.org/apps?action=app_detail&id=5b16bf5089bb69289976fca2, but apparently also have their own local mirror

@justjanne Would be interesting to decompile your code and check if they have had trackers, spywares, keylogger, keep privacy of users…

A simple hash will do, same files or not?

Hmmm, if you publish your app as open source software anyone has the right the redistribute it, any version. Why not just asking them why it’s not up to date?

1 Like

I did ask them, they told me they had nothing planned yet, and I received no good answer.

Yes, under Open Source you can redistribute the code and binaries (it’s GPLv3 for a reason), but I could force them to stop using the app name or icon.

What is your app, Janne? You should add a non-permissive additional term to GPLv3 in order to enforce trademark.

The app in question is Quasseldroid, as seen in the links above.

Adding non-permissive terms to the GPLv3 is not possible, but the GPLv3 only handles copyright and patents, not trademarks.

I’d generally like to avoid that scenario, as so far I haven’t had any issue with people redistributing the app, and would love for others to continue doing so. It’s free, it’s open, share it! Just, please, don’t share old versions and claim they’re up-to-date.

2 Likes

In case it was lost in the noise, an “info” page is displayed at “info.cleanapk.org”. Under Developers it has a link to a spreadsheet (ods) with API details. Under Copyright it says how to submit copyright infringement requests. Oddly for being used by /e/ - developers of “open source, privacy-enabled smartphone operating systems” - there is no Privacy Policy or statement of Terms of Service at cleanapk.

In addition to f-droid, e’s other source for apk’s is apkpure.

My guess is cleanapk does not store copies of apk’s, and only keeps pointers to download links for the apps app, but it’s not confirmed.

For details on how the apps app works with cleanpk, the source is here:

PS. There was a problem with accounts being locked, and unable to reply; otherwise this reply would have been much sooner.

Please take my advice “as is”. If you want to protect your trademark, you should add the non-permissive additional term regarding trademarks, as stated in section 7, term e.

@justJanne is right: it makes no sense to protect trademarks using copyright law. They are totally different things. Plus adding trademark language to a free software license will make it non-free.

1 Like

Could you quote section 7, term e, of GPLv3?

I’ve uploaded a debug version of their marketstore apps: https://bitbucket.org/oF2pks/chairlock/downloads/e-apps-debug.apk

Quasseldroid comes from F-Droid original and can be updated to 1.2.21 via fdroid client, @justjanne you could include auto-checking and redirect to fdroid page for future download/updates ?

1 Like

Thanks oF2pks - now I can see for myself. I searched but was unable to find specific information about their catalog (outside using the app itself). I didn’t even realize this store existed. As such my initial impression is that /e/ seems to be “flying under the radar” (in addition to hosting a large collection of out-of-date apps). It seems maybe a matter of time before they receive a legal challenge.

To play devil’s advocate for a moment… suppose somebody was to collect and then redistribute a collection of apk’s and corresponding source on cdrom (all of them out-of-date). They are unmodified copies redistributed under the terms of the license. Is there any recourse? should there be? I’m uncertain if trademark protection applies if the project hasn’t been forked (but it would be a different story if a fork was being distributed under the same name).

I don’t have an answer to the problem, but I’m personally inclined to favor a technical solution over a legal one. Also I think adding additional terms perhaps weakens the license (and would avoid doing so, but IANAL).

We are talking about /e/ distributing old versions as the latest, Aptoide does the same thing.

A lot of apps are not updated for a long time.

IMHO we are talking about redistributing software under the terms of the license. The comparison to cdrom is meant to highlight that the medium of distribution shouldn’t matter. Does /e/ claim that the version you receive is the “latest”? I suppose this might be implicit to the concept of an “app store” (while there is no expectation that some physical disk will be up-to-date).

It is problematic if users receive an old version (and are mislead to believe its the latest), but I think this reflects poorly on /e/, not the apps themselves. Hanlon’s razor applies here.

The points as I see them:

  • doing free software (libre), licences, including copyleft, authorize the redistribution of binaries and source code. Anybody is free to distribute even a severely outdated open source application. The ones who disagree with this should do some proprietary software.
  • if you redistribute an outdated application, at some point, users will go somewhere else to get up to date version. So if /e/ users get outdated contents in /e/OS this will impact the project => not in their interest obviously
  • the important part I think is that redistributed content is NOT modified. I’ve been told that some third-party APK Mirrors such as Aptoide distribute some modified APKs (that include Ads…). This shouldn’t be accepted.

Also, looking at https://info.cleanapk.org they have some information about F-droid packages:

CleanAPK.org’s mission is to deliver clean and up to date contents to users. Therefore, APKs from F-Droid are checked daily for possible updates. If you think that an application from F-Droid has not been updated for a long time, PLEASE WARN US (contact @ cleanapk . org) so we can find out about the issue and fix it as soon as possible. [Note: we had a major issue updating packages end of August 2019, it should be all fixed now]

My own feeling is that cleanapk are doing in good faith and are willing to make things well.

Hi, I checked your app com.iskrembilen.quasseldroid (if that’s the right app) in /e/'s app installer, it’s 1.2.21. Seems to be up to date with https://f-droid.org/en/packages/com.iskrembilen.quasseldroid/

Mastodon