APK download

[IzzySoft]

First thanks for making your app available open source! Would you mind providing the APK here for those without access to PlayStore? I thought of adding it to the IzzyOnDroid repo, but that would need the APK. Thanks in advance!

[yassineAbou]

I'm glad you like the app! Of course, I'm happy to share the APK file. I've pushed the changes, and you can now find the APK file in the release folder. Could you please give me an update if the APK file works as expected or not? That way, I can close the issue and make sure everything is in order

[IzzySoft]

First: Thanks! Second: scan results :wink:

Library scan looks fine. Signature block scan shows a warning:

SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

That can easily be avoided by a minor addition to your build.gradle:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.

Signature check again looks fine.

May I suggest to tag your releases and attach the APK (which then should be build from a clean tree at the commit the tag points to) to that release – instead of adding it inside the repo? Inside the repo it just "bloats" the repo: all potential contributors would have to pull the entire "binary history" along without needed it. And there's a second reason for having it at the tagged release, as described:

At IzzyOnDroid we support Reproducible Builds (see: Reproducible Builds, special client support and more in our repo). For that, we compare the APK provided with one our verification builders created from the code behind the tagged commit. To be able to relate the two, that's where the APK needs to be.

So what do you think: interested? Just let me know when your first tagged release with an APK attached is ready. I'd then take care to add it to the IzzyOnDroid repo (it seems to meet the inclusion criteria), and then will also check for RB. In case of success for the latter, the listing would show the "green shield" of confirmation.

[yassineAbou]

Ok, I'll try to implement these changes tomorrow morning, as it's already late at night here.

[IzzySoft]

Both your assumptions were correct, yes. And also yes: at your pace of course! I'll probably check again on Monday (having a family event here over the weekend and thus no time to check before "it's over" :wink:).

Thanks a lot – and looking forward to add your app here!

[yassineAbou]

I've pushed the changes. You can now download the APK file tagged as Release. Have a great weekend! 😊

[IzzySoft]

Thanks! Integrating it right now, looks fine so far. It even passed the test for Reproducible Builds (also see: Reproducible Builds, special client support and more in our repo), congrats! So it will show up here with the next sync around 6 pm UTC. Be welcome to pick a badge to link there e.g. from your Readme then :smiley:

A preview from the staging arey for what to expect:

Btw, if you want to fill in explanations on what the permissions are needed for, just let me know the details:

ACCESS_NETWORK_STATE looks a bit weird here, especially as no network connections are used (no INTERNET persmission at least).

That said: welcome aboard IzzyOnDroid!

[yassineAbou]

Thanks for adding the app to Droidcon! I would absolutely add the badge to the README so anyone can easily download it. You're right, the current internet permission doesn't make sense. I can generate a new version right now that doesn't include internet connection. Would that work for you?

[yassineAbou]

I checked the project's manifest and I didn't see any internet permission. I'm not sure what's wrong

<uses-permission android:name="android.permission.USE_FULL_SCREEN_INTENT" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK" />
    <uses-permission android:name="android.permission.VIBRATE" />
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
    <uses-permission android:name="android.permission.SCHEDULE_EXACT_ALARM" />
    <uses-permission android:name="android.permission.USE_EXACT_ALARM" />

[IzzySoft]

Thanks for adding the app to Droidcon!

DroidCon was nice in Berlin earlier this year, indeed! But the app was added to IzzyOnDroid :wink:

I can generate a new version right now that doesn't include internet connection. Would that work for you?

Just keep it in mind for the next release (and it's bad practice to replace what was already discributed – even in case of some severe security issue, one better just removes the bad file and creates a new release, to make sure everyone receives an update).

I checked the project's manifest and I didn't see any internet permission. I'm not sure what's wrong

Most likely a dependency that dragged it in then. You always can Remove Unwanted Manifest Permissions With tools:node in such cases.

[yassineAbou]

I appreciate the clarification on where the app was actually added. I'm glad you liked DroidCon Berlin, though😅

[yassineAbou]

Everything makes sense now. A dependency uses internet permission, and I should use tools:node to remove the unwanted permission

[IzzySoft]

Yupp. Just that is was not INTERNET but ACCESS_NETWORK_STATE :wink:

[yassineAbou]

I'm bad with names😓

anyway, I added the badge to the README file. And that was really fun. Before I close this issue, I have a quick question if you don't mind : Does IzzyOnDroid currently have any AI apps? I'm asking because I recently started a personal AI project that I aim to finish within the next year. I'd love to get your feedback on it. Here's the link: LLMS. and Thanks

[IzzySoft]

I added the badge to the README file

Thanks! :star_struck:

Does IzzyOnDroid currently have any AI apps?

We're not to fond of (current) AI, sorry.