No, the signature acts like a security feature, you can get the APK from apkpure/apkmonk/apkmirror/fdroid and if it matches you are safe. (as far as I understand, barring if they found another way to inject malware, eg. https://f-droid.org/en/2017/12/13/fdroid-and-janus.html )
Thanks. One thing I’ve learned with age, don’t shy away from asking questions. Thanks again,
Ok, thanks. So the chance of receiving a compromised apk through the janus exploit or similar is maybe not completely 0%, but really low.
My main concern is solved and I can re-enable auto-updates and allow updates from whatever store.
That might depend: https://f-droid.org/en/2017/12/13/fdroid-and-janus.html
I, for one, would not go and “allow updates from whatever store”
I actually meant either Google Play or F-Droid. These are pretty safe I think, certainly for apps which are available in both stores.
I have Tor Browser for Android (Alpha) 60.4.0 downloaded from F-Droid. I can update it to 60.5.0 from the Play Store. [I assume they have the same signatures.(?) I have “Include incompatible versions” off. I’m guessing this app falls under the exception, like the Guardian Project apps.] I don’t like to assume. I’ll wait for F-Droid to catch up.
Tor Browser for Android is hosted on Guardian but it’s directly from TorProject, and yes it’s the same APK.
Ahhh. Thanks for the info.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.