Prevent google play store from proposing updates to f-droid installed apps


No, the signature acts like a security feature, you can get the APK from apkpure/apkmonk/apkmirror/fdroid and if it matches you are safe. (as far as I understand, barring if they found another way to inject malware, eg. )


Thanks. One thing I’ve learned with age, don’t shy away from asking questions. Thanks again,


Ok, thanks. So the chance of receiving a compromised apk through the janus exploit or similar is maybe not completely 0%, but really low.
My main concern is solved and I can re-enable auto-updates and allow updates from whatever store.


That might depend:

I, for one, would not go and “allow updates from whatever store”


I actually meant either Google Play or F-Droid. These are pretty safe I think, certainly for apps which are available in both stores.


I have Tor Browser for Android (Alpha) 60.4.0 downloaded from F-Droid. I can update it to 60.5.0 from the Play Store. [I assume they have the same signatures.(?) I have “Include incompatible versions” off. I’m guessing this app falls under the exception, like the Guardian Project apps.] I don’t like to assume. I’ll wait for F-Droid to catch up.


Tor Browser for Android is hosted on Guardian but it’s directly from TorProject, and yes it’s the same APK.


Ahhh. Thanks for the info.