Download link broken

[IzzySoft]

As for how to get the app without Playstore, you pointed to your website. The download link there is broken as the file linked to disappeared. Will you tag a new release in the near future and attach the APK to it? There have been quite some changes lately that certainly warrant a release newer than 0.6.0a from 10/2015 :wink:

[IzzySoft]

@RobinJ1995 any chance?

[RobinJ1995]

I was just going to make sure to tag the version on GitHub (and update the link on the website) when I release the next version. I also switched to uploading AAB files, rather than APKs, to the Play Store. So I'd need to make sure to specifically build them.

TL;DR I'll fix the issue when the next release happens :)

[IzzySoft]

Tanks @RobinJ1995! I'll wait for the next release. Please ping me here then :smiley:

[RobinJ1995]

https://github.com/RobinJ1995/DistroHopper/releases/tag/2.2.0

I'll try to remember to keep this up :sweat_smile:

[IzzySoft]

Thanks a lot!

Next target: getting rid of the trackers, if possible :smiley: Or replacing them by something that doesn't fish for user's data. Not sure what Google Tagmanager is needed for, but maybe ACRA instead of Google Analytics? Closed source modules IMHO don't fit into open source apps, feels like "tainted"…

[IzzySoft]

@RobinJ1995 could it be you forgot to sign the latest release (or did sign it v2 only)? Apksigner yields an ERROR: No signing certificates found for v2.3.0.

[RobinJ1995]

I added a V2 signature, yes. Should I not be doing that? 😅

[IzzySoft]

No no, keep it up of course! Just don't forget to keep v1 as well or you lock some older Android versions out. Not sure when v2 was introduced – something around Android 7/8 IIRC – older Androids won't understand v2 and reject the update as "broken".

Repeat: Having v2 is great, just don't drop v1 (both go well together; v1 is even used as fallback if v2 cannot be verified for some reason). In Android Studio there should be a checkbox for both, so they don't contradict.

So could you sign future versions v1+v2? And maybe replace the currently latest APK with one signed v1+v2? Thanks in advance!

PS: I took a look into the APK, the certificate files were missing.

[RobinJ1995]

I've updated the current release with an APK that is V1 and V2 signed (I somehow never realised you can do both at the same time). I'll try to remember to keep doing this for the foreseeable future, although support for older Android versions pretty much tends to last right until I want to use something that isn't available on those versions at which point I drop them (back in the 0.x days I used to spend a lot of time trying to get things to work properly as far as back as Android 2.2 -- I no longer have enough time on my hands to do such things 😄).

Can you let me know if this worked for you? https://github.com/RobinJ1995/DistroHopper/releases/tag/2.4.0

[IzzySoft]

Yes, thanks, that did the trick! For the records: here it is (and I gladly drop one of the "red flags" if you had an APK without analytics :wink: GMS is probably harder to drop if the app indeed uses it).

[RobinJ1995]

@IzzySoft Cool, I'll try to remember to sign with both :-)

Haha, yeah I'd seen it there already :wink: To be fair I pretty much just use the analytics to figure out which languages and Android versions would be useful to support, but I do feel like a hypocrite for including analytics in my own app while blocking every other developer's/company's analytics myself :sweat_smile:

[IzzySoft]

Well, and then even 2 trackers… Maybe dropping at least one of them? Or, if you're really only after lang+ver, substituting that by a welcome screen asking to submit these two details – shown once after install and, optionally, after update? No need to feed big G for that. Another option would be dropping the two for the APK here (which then is available via my repo) while keeping one of them at Play Store – using the Zuck argument ("who uses our network doesn't expect privacy" as opposed to who uses F-Droid definitely values it)? :thinking:

[RobinJ1995]

There aren't two trackers in there though; just Google Analytics.

I don't officially provide the app on F-Droid myself, though :wink: I'm perfectly ok with other people doing so, because frankly the only reason I don't do it myself is that I only have limited time to work on my spare time projects already, and I'd rather use what little time I have working on functionality and fixes as opposed to keeping APKs up-to-date in a gazillion places (so, thanks for this; I appreciate the contribution). The thing I'm most concerned about is crash reports, however. They are very useful to have. And currently the Google Play services provide the most convenient way for me to get them.

The other information I can live without, but I do need to know what goes wrong, especially considering sometimes issues are device-specific (meaning I would ever encounter them myself).

[IzzySoft]

There aren't two trackers in there though; just Google Analytics.

Sorry to disappoint you, but according to my library scanner there's also Google Tag Manager.

And yeah, fully understand the time issue. Though other than with my repo, F-Droid builds from source – so ideally, once established and you keeping up tagging, you shouldn't even notice anymore. But unfortunately, the official repo is no option if GMS is required by your app. That's where I gladly fill the gap and take it into mine – so thanks for providing the APK!

As for Crash reports: ever heard of ACRA? That's considered "privacy-first" and even accepted by F-Droid itself. And yes, I know, Google's is most convenient (you catch mice with cheese: where it horrible, who'd use it and ship in the data big G wants its hands on?) With ACRA, the user is asked to confirm sending the report – as we tin-foils prefer it to be.

[RobinJ1995]

I'm not sure what Google Tag Manager would be for. It's not there in the dependencies, so if it is getting pulled in then it's getting pulled in by something else.

Might look into ACRA. Feel free to open an issue for this and I'll keep you up to date if I end up doing this.

[IzzySoft]

Done that (#18), thanks! Hm, not so many candidates that could have brought this in. The donations lib I vaguely remember having seen before, and not with GTM. Could imagine some other Google library drags it in by default – Google does such sneaky stuff, like enabling Firebase Analytics by default if you migrate from GCM to FCM, so I wouldn't be surprised. As it lies in the GMS path it probably disappears should you drop GMS entirely :smile: