Programmatically find out whether an app was installed from F-Droid

My own app, Superfreezz, has a mode in which it decides for itself whether an app gets frozen. Now, I thought that it might make sense not to freeze apps installed from F-Droid as they usually don’t run in the background too much. Is there any possibility to find out what apps are?

1 Like

I know that F-Droid shows this kind of information but I don’t know how it’s implemented. You’d have to look at the source code to find out.

However, I found this reply on Stack Overflow which could be of interest for you:

1 Like

Concerning the Stackoverflow question:

Side-loaded apps will not contain a value.

F-Droid usually uses the “package installer” app to install an app, so I’m afraid that it counts as side-loaded here. Therefore, I do not know if an app was installed from F-Droid or another source.

I also thought about somehow looking at the signature but apps with reproducible builds are often signed with the key of the developer.

Just added this (getInstallerPackageName) to my apps_Packages Info V12; the only working method for F-Droid detection is Stanley https://f-droid.org/en/packages/fr.xgouchet.packageexplorer/ based on signature/cert exploration (will add it in V13…)

(Sorry, I hit “reply” too early, I deleted the other post)

Thanks for your reply!

  1. I do not want that the users have to install an extra app (Stanley), but I guess that it is possible to copy-paste the important code to my app?

  2. Do you have any solution for the case that the app was not signed with F-Droid’s key? (with reproducible builds, the developer can sign it with their own key)

PackageManager has a way to find out what app (app id) installed an app

Seems you are both on Kotlin

you have signatures/sha in https://f-droid.org/repo/index-v1.jar /index-v1.json/packages/[?apkName]/[?n°Release]/signer/

Thank you all so much for your replies!, and sorry for my late answer, I was very busy recently.

@Licaon_Kter Do you mean getInstallerPackageName? In that case, unfortunately, all F-Droid apps will count as “side-loaded”. That’s also the problem with @NicoAlt’s idea (I found the time to test it now) :frowning_face:.

@oF2pks’s post brought me to an idea: Is there any simple text file of all F-Droid app package names online? Otherwise, I could also extract such a list from the json file you linked to.

Sideloaded is not important, what app installed them? You should be able to find out that using it.

@Liacon_Kter, unfortunately, I did not understand what you mean. What I wanted to say is: If I install an app using F-Droid (without privileged extension) then it will count as side-loaded for the Android system.

The PackageManager code can identify WHICH application installed the APK.

I know, but if you install an F-Droid-app then F-Droid can’t install it by itself because it is not a system app and prompts you to “side-load” it (technically). At least on my device (Android 6). And then PackageManager does not remember that the app actually came from F-Droid.

Anyway, again: Do you mean getInstallerPackageName?

That’s the thing, since Oreo apps can ask for the right to install APKs so on older versions you’ll only see sideloaded,

Ah ok. But if this will work only from Oreo on, I can’t use it :-(.

So, I implemented another way that extracts the list of F-Droid apps from https://f-droid.org/repo/index-v1.jar (thanks @oF2pks). Of course the downside is that if an app is in F-Droid AND in Play Store but installed from Play Store then it will not be frozen.

Thank you all for your help!

Most apps from f-droid are signed with the same f-droid signing key. Maybe you can check this to distinguish. So your original question changes to “… an app was signed with F-Droid certificate”

It is only a 99,9% heuristics because

  • reproducable apps on f-droid are signed by the original author but currently there only a few of them.
  • f-droid compiled apps might have been downloaded from other sites.
Mastodon