[Feature]: Automatically update Termux on Android 14 with F-Droid

[Francewhoa]

Feature description

For Termux to remain secured, get automated updates for Termux via F-Droid on Android 14

Additional information

Steps to reproduce challenge

1. Using Android 14. Using F-Droid client app from https://f-droid.org/F-Droid.apk install Termux latest version 0.119.0-beta.1 (1020) - Added on Jun 21, 2024 from https://f-droid.org/en/packages/com.termux/

2. F-Droid display this warning message:

   This app was built for an older version of Android and cannot be updated automatically This is the challenge.

   The number 1 in this screenshot below shows the location of this challenge
   

Suggested new feature

The needed end result is Termux can be installed using F-Droid client app. Then get automated updates. So that Termux remains secured.

Using

• Android 14

• LineageOS 21

• Rooted

• OnePlus 9 Pro

Additional information

Does another app/terminal emulator have this feature?

Yes

Provide links to more background information.

https://f-droid.org/en/packages/com.termoneplus/ supports F-Droid automated updates on Android 14

Contributing

If needed, both me and the Ubertus.Org team would be happy to contribute beta testing and documentation for this new feature.

Note to myself

ID_2R27E1F3

[agnostic-apollo]

Firstly, a Termux app beta version would not get automatically updated by F-Droid app as it would not be a suggested version. However, issue would still exist for stable updates.

Issue is with Termux apps using targetSdkVersion=28 (Android 9), and android may consider it outdated as per PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION. Android 14 requires minimum targetSdkVersion=28 (Android 9) but some (future) builds will require targetSdkVersion=29 (Android 10), which will show the This app was built for an older version of Android. It might not work properly and doesn't include the latest security and privacy protections. Check for an update, or contact the app's developer. warning when the app is first installed. It will be shown on first run and if user clicks OK button, then it will never be shown again. The FLAG_HIDE_DEPRECATED_SDK flag state for the app is saved in /data/system/packages-warnings.xml file. The required minimum targetSdkVersion for the device can be checked with the getprop ro.build.version.min_supported_target_sdk command.

• https://cs.android.com/android/_/android/platform/build/+/67ebe09f86bf55b54731cfa99bbfbe90db7c850b
• https://cs.android.com/android/_/android/platform/build/+/984b069ce2bff0ab46f18c65fbd4a11a35b91c97
• https://cs.android.com/android/platform/superproject/main/+/main:build/release/flag_declarations/RELEASE_PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION.textproto;l=1;drc=8047fa53dd90a2c29d6b8e5146a3d72dd065b3a8
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r28:frameworks/base/services/core/java/com/android/server/wm/AppWarnings.java;l=167
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r28:frameworks/base/services/core/java/com/android/server/wm/AppWarnings.java;l=61
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r28:frameworks/base/services/core/java/com/android/server/wm/DeprecatedTargetSdkVersionDialog.java;l=47
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r28:frameworks/base/core/res/res/values/strings.xml;l=5409

F-Droid is showing the message that it can't update Termux automatically (in background) due to a secondary check in Android where a user needs to manually confirm the installation of the update when the Do you want to update this app? prompt is shown as silent installs are not allowed for older targetSdkVersions when using the app installation API F-Droid app is using. Users should still see a notification when a Termux app update is available.

• https://gitlab.com/fdroid/fdroidclient/-/commit/7398dc0e3ec21f63cb0773dcc4d7a3fc99c91894
• https://gitlab.com/fdroid/fdroidclient/-/issues/2592
• https://cs.android.com/android/_/android/platform/frameworks/base/+/209642a38a7a3d9b6607536d6181167f39224fbd
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r1:frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java;l=2395-2398,2416-2447
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r1:frameworks/base/packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java;l=140
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r1:frameworks/base/packages/PackageInstaller/res/values/strings.xml;l=39
• https://cs.android.com/android/platform/superproject/+/android-14.0.0_r1:frameworks/base/packages/PackageInstaller/res/layout/install_content_view.xml;l=81-87

We use targetSdkVersion=28 because of app data file execution restrictions introduced in Android 10, which prevents apps from executing dynamically downloaded code from its app data directory under /data/data/<package_name>. You can check the docs for more info.

There is no easy solution to solve this as the only officially supported way currently to bump the targetSdkVersion would be have all Termux packages to be installed as separate apps, and their binaries in app APK library directories to be symlinked inside Termux app data directory. (1) There are lot of issues with that design, the foremost being usability issues, and not sure if we will ever use that design for F-Droid releases. I have been working on it though on and off as an alternate to the current way, but its gonna require weeks/months of continuous work to complete. See also #2155.

The Termux app on playstore is using the linker exec hack and uses a higher targetSdkVersion, but that can be disabled by android anytime and it violates the playstore policies anyways, even if currently being allowed. (1)

termoneplus targets higher/latest android version as it only executes system binaries under /system/bin for which restrictions do not apply, or a few additional binaries if a plugin app is installed where binaries exist as APK libraries per the solution mentioned above.

[Francewhoa]

Thanks for your reply @agnostic-apollo :) I read your comment but do not understand your suggestion about resolving the central challenge

The central challenge of this ticket is about upgrading Termux so that it supports Android 14. The two needed end results are:

1. Termux to be upgraded to support Android 14
2. Termux to receive automated updated via F-Droid. So that Termux remain secured.

[agnostic-apollo]

Did you read the "There is no easy solution to solve this..." paragraph and follow its links?

[Francewhoa]

Did you read the "There is no easy solution to solve this..." paragraph and follow its links?

Yes. If I understand correctly, you said that you do not have any suggestion to upgrade Termux to support Android 14.

[agnostic-apollo]

I did not say I have "no" suggestions to upgrade Termux to support Android 14, I said the only officially supported way that would be possible would be to have every binary that needs to be executed by the user, whether from our packages or compiled locally would first need to be added to a new apk, then installed as a normal android app, then its files symlinked into termux app data directory to its normal place and then executed. And to implement such a design would take weeks and months of work, and has tonne of issues, some documented in the docs, some yet to be updated in the docs. That means that the 2000+ packages that we support, would need to be recompiled and hosted in separate repos as per new design (who knows what happens to our 50+ mirrors), after our build infrastructure is modified to partially convert the packages into apks for their binaries, and the package manager deb would need to be patched and support will need to be added to app for the installation of apks and symlinking, etc and removal. There would be a bajillion issues to solve, and that's not an understatement. There is no quick fix!

If you have any issues with these restrictions, you can take it up with Google/Android team, we are only doing what is realistically and "usability" possible for us to do. Even if they provide an alternative way now in say Android 15 or some future version x, Android 10 to version x-1 will not support that way and would still require the older apks that target android 9.

[agnostic-apollo]

I am aware that is a complicated issue and is hard to understand, some things were not known to me and even our other devs, and over time things have become more clear and what would be required, so would be a lot to take in instantly. If there is something specific you do not understand, then you can surely ask questions.

Note that while the new design will be implemented, the legacy/current design with still be supported and apks targeting older versions will still be provided. Whether we will provide new apks or old apks on F-Droid when new design gets implemented is not decided yet, as that would require users uninstalling their Termux app first and start fresh (backup/restore won't work either), which is not an easy possibility for countless users. Maybe it can be provided under a new app package name, but those decisions are for distant future. The weeks and months of work required to make that a possibility would also require multiple devs, and funding, which 2 of us are already working on to get.

[agnostic-apollo]

>I'm asking this above because we are presently in progress of evaluating apps able to do terminal emulator

What is your use case? What do you intend to run? Do you intend that the app be used by users for general/random purposes, or is it meant for your os specific stuff? If you only need to run system binaries under /system/bin or a specific set of binaries from app data directory, then for that termux app should be able to use a higher targetSdkVersion in near future, however, it will need to be a separate app which you build and deploy yourselves.