APK Download

[IzzySoft]

Would you consider making the (signed) APK available e.g. here at the releases tab – for those without access to PlayStore? Thanks in advance!

[huffSamuel]

Yes, that has been on my to-do list.

[IzzySoft]

"Has been" or still is? :zany_face: Looking forward to it then, thanks!

[huffSamuel]

Now that someone actually wants it and it's not just for my own satisfaction I'll add it to the "is" list 😉

[huffSamuel]

@IzzySoft APKs will be attached to all future releases. Closing this issue.

[IzzySoft]

Thanks Samuel! May I ask if the proprietary parts are needed for functionality – or just for integration with PlayStore? And if the latter, if a FOSS build (without those 2) would be possible?

Offending libs:
---------------
* Google Mobile Services (/com/google/android/gms): NonFreeComp
* Google Play Core (/com/google/android/play/core): NonFreeNet,NonFreeComp

2 offenders.

Dangerous flags:
----------------
* usesCleartextTraffic

Permissions:
------------
* android.permission.INTERNET
* android.permission.CHANGE_WIFI_MULTICAST_STATE
* android.permission.WRITE_EXTERNAL_STORAGE
* android.permission.ACCESS_NETWORK_STATE
* com.samueljhuf.upnp_explorer.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
* android.permission.READ_EXTERNAL_STORAGE*

SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Also, may I ask what the storage permissions are needed/used for? Does the app offer features beyond being an UPnP controller (e.g. downloading/playing media)? usesCleartextTraffic is clear (in the local network it's hard to get proper certificates).

Should you go for a FOSS build, DEPENDENCY_INFO_BLOCK can be avoided easily by a small adjustment to your build.gradle:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.

---

Now you might wonder why I'm asking all those details. Well, that Google badge in the Readme looked a bit lonely, so I thought you might wish to pick another badge to accompany it :wink: With the next sync around 6 pm UTC, UPnP Explorer will become available here in the IzzyOnDroid repository (the largest and most popular 3rd-party F-Droid repo). And here's a "sneak preview":

Please keep up the current file naming patterns. As the IzzyOnDroid repo can (at least currently) only have one APK per release, it's updater has been pinned to only pick APK files matching /arm_64/i.

[huffSamuel]

@IzzySoft Thanks for the info! I'll work toward a full FOSS build of this application. This is a side project and a learning experience for me to it may take some time to satisfy all the requirements 😄

To answer your questions:

• Storage permissions were added early. I initially intended to support DIAL and DLNA so I wanted access to external storage for media.
• The Google libs are partially Google doing Google things and a dependency to offer a quick-link to review on the Play store. I'll look at getting those stripped from the GitHub build.

Once it's up on your repository I'll get that badge up on the readme!

[IzzySoft]

That's great to read, thanks!

Storage permissions were added early. I initially intended …

Is this still planned (so I should add the explanation), or will you drop these permissions with the next release?

I'll look at getting those stripped from the GitHub build.

Wonderful! Then for that build, you can also drop the dependencyInfo, as described. For IzzyOnDroid, it's mostly important concerning the APK (so if you prefer, you can keep it with the AAB).

Once it's up on your repository I'll get that badge up on the readme!

It's up now – and was just announced :smiley: The assets are linked from the explanations I've mentioned above, so you can pick a badge design fitting you best.

[IzzySoft]

Congrats, all clear now! I just removed the anti-features, so those will be gone with the next sync then. Thanks again!