I can publish your app to F-Droid

[flexagoon]

Since Seeker is now opensource, would you like it to be pulbished on F-Droid? I can do that for you (for free, of course)

@jackBonadies

[jackBonadies]

I think it would be good to have on F-Droid. I created a request for packaging here: https://gitlab.com/fdroid/rfp/-/issues/1863. See my comment on that RFP. It seems that there are not yet any Xamarin apps on the F-Droid Repo. Though it is possible to build Xamarin apps using only open source tools and on Debian, I do not think it has been done yet on the F-Droid build server. At least this is what I gathered reading this: https://gitlab.com/fdroid/fdroiddata/-/issues/1529. I am waiting to hear back.

[flexagoon]

I dont know about Xamarin, but your app won't be published to fdroid as it is, because it uses Firebase crash reporting, which is proprietary. So you'll either have to create a branch with no crash reporting at all, or use something opensource like Sentry.io

[flexagoon]

Or alternatively, you can just build apks yourself and upload them to GitHub, and then send a publishing request to the IzzyOnDroid repository. This way you won't even have to remove Firebase.

[jackBonadies]

Regarding Firebase, I am not attached to it specifically, so if F-Droid is able to build Xamarin apps then I am willing to replace it with something completely open source. Regarding IzzyOnDroid, I like that idea. That way while waiting for potential F-Droid inclusion it can at least be hosted someone other than google play store (which I understand if one does not want to use). I will upload an .apk file, and create the request on the IzzyOnDroid repo and post the link here.

[jackBonadies]

IzzyOnDroid request is here: https://gitlab.com/IzzyOnDroid/repo/-/issues/188

[flexagoon]

You need to publish the apks directly on GitHub in order for the app to be accepted to Izzy

[jackBonadies]

I put the apk in both a directory "releases" and in github releases.

[flexagoon]

@jackBonadies your RFP to IzzyOnDroid got a comment. Just notifying you here because it looks like you dont check GitLab

[jackBonadies]

@flexagoon Thank you! I have created a build flavor and build for IzzyOnDroid.

[flexagoon]

You should create a separate branch for the trackingless version of the app, so that it can be automatically updated on Izzy

[jackBonadies]

The app is officially available on IzzyOnDroid! Link here: https://apt.izzysoft.de/fdroid/index/apk/com.companyname.andriodapp1

Linking this comment regarding F-Droid and Xamarin apps in case someone stumbles upon this thread at a later date: https://gitlab.com/fdroid/rfp/-/issues/1863#note_693432710

As far as a separate branch is concerned, I will only put the trackerless version of the app in the github releases (https://github.com/jackBonadies/SeekerAndroid/releases). So there will be no need for a separate branch.

Closing this but feel free to comment or re-open if other comments or concerns.

[julianfairfax]

So is the version on the GitHub releases the trackerless one, or is it supposed to be a different one that is now no longer being released?

[jackBonadies]

The github release and IzzyDroid release are the same and trackerless.

[julianfairfax]

The github release and IzzyDroid release are the same and trackerless.

@IzzySoft Why does your repo say the app has non-free dependencies in this case?

[IzzySoft]

@julianfairfax scroll down to the library section and see where the corresponding markers are:

• Google Mobile Services Ⓓ

They do not come with a FOSS license, so they are non-free. Do not mistake "tracker-less" for "free" – Tracking and NonFreeDep are independent from each other; there are proprietary trackers as well as FOSS ones :wink:

[julianfairfax]

@julianfairfax scroll down to the library section and see where the corresponding markers are:

* Google Mobile Services Ⓓ

They do not come with a FOSS license, so they are non-free. Do not mistake "tracker-less" for "free" – Tracking and NonFreeDep are independent from each other; there are proprietary trackers as well as FOSS ones wink

Hmm, what is GMS even used for here?

[jackBonadies]

@julianfairfax Not sure. GMS or related library is not a direct dependency. I tried scanning with LibRadar and it did not show GMS. @IzzySoft Is there a way to determine what dlls caused which library detentions? Perhaps the fact this is a Xamarin (and not native java android app) is causing weirdness? Or perhaps there is simply a dll pulling it in I am not aware?

[IzzySoft]

I've no plan how to do that with Xamarin. Only…

• with Gradle: gradle :app:dependencies
• with Flutter: flutter pub deps
• with NPM: npm list
• with yarn: yarn why mime-db

(from the notes I've collected so far; I happily add the Xamarin variant if someone provides it). A quick check – maybe this helps: View NuGet package dependency hierarchy

[julianfairfax]

@julianfairfax Not sure. GMS or related library is not a direct dependency. I tried scanning with LibRadar and it did not show GMS. @IzzySoft Is there a way to determine what dlls caused which library detentions? Perhaps the fact this is a Xamarin (and not native java android app) is causing weirdness? Or perhaps there is simply a dll pulling it in I am not aware?

Does this have anything to do with it? https://github.com/jackBonadies/SeekerAndroid/blob/master/AndriodApp1/AndriodApp1.csproj#L138

[jackBonadies]

The file is for firebase which isn't included in the izzydroid release (https://github.com/jackBonadies/SeekerAndroid/blob/faa41cc60d779986eb6229cc1c9bbe8a45e067bb/AndriodApp1/AndriodApp1.csproj#L178) however, it could be causing the flagging, since the clause is only "Exists('google-services.json')" when it should be and'd with Release == IzzyDroid. I will update this.

[IzzySoft]

Thanks @julianfairfax and @jackBonadies! Please let me know when I shall check again. Also, my library scanner is available with a FOSS license, so you're free to utilize it yourselves :wink: For the "where" and "how to", please see my article Identify modules in apps.

[julianfairfax]

The file is for firebase which isn't included in the izzydroid release (https://github.com/jackBonadies/SeekerAndroid/blob/faa41cc60d779986eb6229cc1c9bbe8a45e067bb/AndriodApp1/AndriodApp1.csproj#L178) however, it could be causing the flagging, since the clause is only "Exists('google-services.json')" when it should be and'd with Release == IzzyDroid. I will update this.

I see you have done this now. So this only applies to the version from the GitHub releases?

[jackBonadies]

Yes this applies to the GitHub release (which is the IzzyOnDroid release).

@IzzySoft Thanks for the instructions on how to run the scanner! I followed the cmdline instructions and also copied over the libsmali.txt file. I ran the scanner on the latest version of the .apk and got "No libsmali.txt entry for /com/shaded/fasterxml/jackson" and "No offending libs found.". However, I also ran the scanner on the previous version of the .apk in releases (2.9.7) and it also said "No offending libs" so its tough to say if the issue is actually fixed, or if I have not configured the scanner in the same way, etc. Either way if you could perhaps try rescanning it, it would be appreciated!

[jackBonadies]

Update: As a sanity check I ran "apktool d" on an old version of the app (seeker50.apk) and it did have "gms" and then I ran it on the latest version and it did not. So I feel confident that the issue is resolved. FWIW running "scanapk" did not detect gms on either, despite making sure that libsmali.txt and libinfo.txt had entries for "gms" signature. Not sure if I just did not configure it correctly or something else..

[IzzySoft]

got "No libsmali.txt entry for /com/shaded/fasterxml/jackson"

This line can safely be ignored. But if anyone can point me to where that jackson can be found (source, license etc) and what it is, I can update libsmali.txt and make that warning go away. I was only able to find usage examples, but not the source itself…

and "No offending libs found."

That's good – so no paths from any known offender was found.

if the issue is actually fixed

Hard to say. The scanner is no full proof, just an indicator. Sometimes ProGuard disturbs it with obfuscation, or some stuff is not detected by path as it somehow is just inside a file at a different level (the scanner just looks for path structures, it doesn't grep inside the files). But as you also did apktool d and grep'd the samli structure, you should be good – especially as gms was there with the previous version but is gone now.

or if I have not configured the scanner in the same way, etc.

It either works or it does not. The only difference could be other versions of the definitions (you know, once or twice a month I push updates for those two files), but that should not apply here as it usually only means more definitions are there, not less.