Publish APK on Github?

[IzzySoft]

Would you mind attaching the .apk file to the latest (and future) releases/, so folks without Playstore could use the app? Thanks in advance!

[kochka]

Done !

[IzzySoft]

Ahem, where? Ah, within the repo LOL Sorry, little misunderstanding: I meant here – see Creating Releases in the GitHub Help :smile_cat: That's where projects usually carry them. Current place does it as well, but the other one is better (as people are used to look there first).

Meanwhile you can already find it added to my F-Droid compatible repo here – so folks without Playstore can install it from there and keep it updated automatically (fee free to point there). Updates arrive there usually within 24h of your attaching them to the corresponding new tag.

Thanks a lot already – and thanks in advance!

[kochka]

Ahhh didn't know, it's done correctly now :) thx

[IzzySoft]

Perfect! Now auto-updates should work fluently :smiley_cat:

[IzzySoft]

Now auto-updates should work fluently

Ahem, will there be any – or did you meanwhile abandon this project, @kochka?

[alexanderadam]

@kochka & @IzzySoft is this app compatible to F-Droid inclusion policy and could it be added to the official repositories, too?

I can only find openscale in the official repositories, at the moment and I cannot see a RFP for WeightLogger either.

[IzzySoft]

@alexanderadam if @kochka agrees, simply open an RFP to find out :wink:

[alexanderadam]

I just did. Should I open another WeightLogger issue for tracking the process or can we "recycle" this one?

[IzzySoft]

Thanks! Once the bot reported, I'll chime in there then. An "official OK" from @kochka would be nice :wink: One thing right in advance: We'd like to have Fastlane structures in the app's repo here (descriptions, screenshots etc – details behind the link). Not mandatory, but strongly preferred & recommended.

[kochka]

Hello 🙂 Yes of course, do it if you want. Make me think I need to publish a new version. I'll check the fastlane thing.

[alexanderadam]

Hello :slightly_smiling_face: Yes of course, do it if you want.

Okay @kochka, so would you reopen this issue here or should I open a new one for keeping track?

Also @IzzySoft has some feedback on GitLab if you please would be so kind and consider answering it:

We don't permit JARs/AARs but rather need to build everything from source, or pull it from a trusted maven repo. Are those 3 JARs available for one of the trusted maven repos maybe?

Next thing is: GMS is a show-stopper here. Is it possible to have a build flavor coming without that? Though to me it rather looks like that's not the case, as it's not the usual FCM stuff but rather something that might be considered "core" (com.google.android.gms:play-services-fitness).

Should that be solvable as well, next thing we'd need would be Fastlane structures…

[IzzySoft]

So any chance to get that fixed, @kochka? Is it possible to

• have a build flavor without those, or
• have the sources of them so we can build from source, or
• use them from a trusted maven repo

or is none of the 3 an option, and we have to close the request on our end?

[kochka]

Sorry for the little feedback I gave on this but I'm afraid it is not possible. Most of jars might be optional and removed for a special build but not the fit lib. People are using this app mostly to upload their data on Garmin Connect website because it is not possible manually or without Tanita scales. Without this feature, the app is pretty useless as there are probably better apps to log weight data. Unfortunately, the fit lib is not open-source and is not available on your trusted repositories.

[kochka]

Also, It would be possible to do the same without the fit lib to make fit files as the FIT protocol is open, but I currently do not have enough free time for this.

[IzzySoft]

Thanks, @kochka – afraid then it cannot be included with F-Droid. At least it's still in my repo – but hasn't been updated there since 2017 as you… oh, thanks for picking up again! The fresh release will become available with the next sync tomorrow. Please keep up tagging and attaching the APK – and my updater will keep fetching them!

I suggest we close the current RFP at F-Droid for now – as in the current state it's not possible to include the app, and its not clear when you will have time to replace the lib with your own code. You can link to my repo (see last paragraph) for those asking for F-Droid, the repo works with the F-Droid app (you can use my badge if you want something graphical). Once you're ready, feel free to approach us again for inclusion and we start over.

Thanks a lot!

PS: Ignore that VirusTotal flag. The Sangfor engine is totally broken – either times out or screams "malware". The exceptions where it turns green are the minority. I've already reported to VT (who will investigate) and to Sangfor (who didn't even reply yet).

[IzzySoft]

PPS: Unfortunately I now had to add the Tracking AntiFeature – the parse.com library raised that automatically. Should you have a build flavor without that and could attach the APK from this, please let me know so I adjust my updater to fetch that APK (and remove the Tracking AntiFeature).

[kochka]

It's only the "play-services-fitness" raising this ? It's a feature to upload data to Google Fit, but it's manual. I will check how to exclude it at compilation. I'm not an Android developer, so maybe it will need some time to figure out how. I'll ping you when it will be ok.

[IzzySoft]

No, the Tracking flag was raised by the Parse.com library. Not sure what you use that for.

Now, that's funny: when I scan the APK with my own scanner only (that knows about Parse.com), there is no Parse.com. So LibRadar seems to bring that up. Need to dig deeper whether that's a "false positive" if you're sure you don't use that library.

Bingo. LibRadar it is:

   {
      "btn" : 28,
      "p" : [
         "android.permission.INTERNET"
      ],
      "tp" : "Mobile Analytics",
      "cpn" : "org/apache/",
      "lib" : "Parse.com",
      "bh" : 321978,
      "dn" : 3214,
      "csp" : "org/apache/commons/codec/net/",
      "btc" : 183,
      "ch" : "https://parse.com/docs/cn/android/guide",
      "sp" : "com/parse/codec/net",
      "pn" : "com/parse/"
   },

("btn": BTotalNumber, "p": Permissions used, "tp": library type, "cpn": ?(calling packageName?), "lib": Library, "bh": B_Hash, "dn": Repetitions, "csp": current SPath, "btc": BTotalCall, "ch": WebLink, "sp": Simplified Path, "pn": Package Name)

Hope this helps you narrowing it down. I'm not sure what that should mean, but would read it as "org/apache/commons/codec/net/" is calling something in "com/parse/codec/net". But I cannot find such a reference in the Smali code. I never fully understood how LibRadar detects things (somehow works with hashes). I was however able to identify the matching rule in LibRadar:

{"dn": 3214, "lib": "ma;Parse.com;https://parse.com/docs/cn/android/guide", "sp": "com/parse/codec/net", "bh": 321978, "btc": 183, "btn": 28, "pn": "com/parse"}

This would be the first time to find such a strange false positive with LibRadar (I'm using that library for years now). I couldn't find any parse.com reference in your code via Github's search. so I assume you are not using that? Or any of the libs you are using could have dragged it in?

As for what raises the incompatibility with F-Droid, here are the parts I'm sure about:

• Play Services Places Placereport (/com/google/android/gms/places_placereport): NonFreeDep,NonFreeNet
• Google Mobile Services (/com/google/android/gms): NonFreeDep
• Firebase (/com/google/firebase): NonFreeNet
• Google Fit (/com/google/android/gms/fitness): NonFreeDep

Actually, Firebase also needs NonFreeDep…

[kochka]

Very surprising ! First time I'm earing about parse.com :)

Concerning F-Droid, I'll check if I can easily remove the Google Fit upload feature at compile time.

[IzzySoft]

Very surprising ! First time I'm earing about parse.com :)

That confirms my suspicion (of the false positive). Now wait… didn't Parse.come go defunc a couple of years ago? Bingo! According to Wikipedia it was shut down in 2017. That makes the decision easier. Give me a second… OK, one down, 4 to go: I've disabled that rule I identified above (yepp, that was the one) – no more dependency to parse.com shown, Tracking AntiFeature removed.

Concerning F-Droid, I'll check if I can easily remove the Google Fit upload feature at compile time.

Cool, thanks! Remember the other 3 are show-stoppers for F-Droid as well. Though I'd not be surprised seeing the one or other gone as a side-effect: unless you explicitly added Placereport, that could even catch them all. Best luck :crossed_fingers: