No, the signature acts like a security feature, you can get the APK from apkpure/apkmonk/apkmirror/fdroid and if it matches you are safe. (as far as I understand, barring if they found another way to inject malware, eg. F-Droid and the Janus Vulnerability | F-Droid - Free and Open Source Android App Repository )
Thanks. One thing Iāve learned with age, donāt shy away from asking questions. Thanks again,
1 Like
Ok, thanks. So the chance of receiving a compromised apk through the janus exploit or similar is maybe not completely 0%, but really low.
My main concern is solved and I can re-enable auto-updates and allow updates from whatever store.
That might depend: F-Droid and the Janus Vulnerability | F-Droid - Free and Open Source Android App Repository
I, for one, would not go and āallow updates from whatever storeā
I actually meant either Google Play or F-Droid. These are pretty safe I think, certainly for apps which are available in both stores.
I have Tor Browser for Android (Alpha) 60.4.0 downloaded from F-Droid. I can update it to 60.5.0 from the Play Store. [I assume they have the same signatures.(?) I have āInclude incompatible versionsā off. Iām guessing this app falls under the exception, like the Guardian Project apps.] I donāt like to assume. Iāll wait for F-Droid to catch up.
Tor Browser for Android is hosted on Guardian but itās directly from TorProject, and yes itās the same APK.
Ahhh. Thanks for the info.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.