"Open in Browser" silently removed from F-Droid


#1

Hello,

Yesterday, I’ve got an issue from a user of my application called “Open in browser”.
The user says F-Droid recommends to uninstall my application because a vulnerability was found in it.

As the application developer, I didn’t receive any notifications about possible vulnerability from anybody. And I see the application was removed from F-Droid: https://f-droid.org/packages/ru.gelin.android.browser.open/

Please, explain why the application was silently removed and what kind of a vulnerability was found in it and by whom?

Thank you.


#2

For the record, I’m the user @gelin mentions above, just in case y’all need anything from me.

The error I received was


#3

I believe this usually happens if the last update has been a long time ago and the app was moved into the F-Droid archive.
When did you last supply an update for the app?


#4

See here fore context: Many old, unmaintained apps have been archived


#5

What about the error received, which is the real problem? :confused:


#6

I agree the wording of the error message is misleading: Just because the last update was a long time ago doesn’t mean that a vulnerability has been found.


#7

So, is the problem in the fact the application was last updated on 2015-06?

If I tag a newer version in original Bitbucket repository, will the app returned to F-Droid?

P.S. Where is F-Droid archive?


#8

Yes, if you also bump the versioncode at least.

It can be enabled in the client. There is no web-frontend (yet).


#9

I think this is the reason, from another app that had the same problem:

&, more authoritatively,


#10

@gelin Did you get an opportunity to submit the updated build?


#11

Oh… I wasn’t the contributor of the app. Need to go deeper and find out how to contribute the app to F-Droid…


#12

I think you did everything you need to. From

https://f-droid.org/wiki/?title=ru.gelin.android.browser.open

which was recently updated (check about ½-way on page) w/

F-Droid repo realizes there’s an update & will push it in due time. Am I substantially correct, @Bubu?