Hacker News new | past | comments | ask | show | jobs | submit login

Tip: if you download OsmAnd from F-Droid, you have the premium version for free



I've had f-droid OSMand for a long long time, recently I started getting a warning for google's "play protect" when I go to update it though. Very strange.


I have an F-Droid question.

The only way to download F-Droid (as far as I know) is to download the apk directly from their site: https://f-droid.org/. This means having to side-load the app. Of course doing that means I would want to do my due diligence and verify the download using the PGP Signature they provide. My question is how do I verify a PGP signature completely on my phone?

I do know how to verify it on my laptop, and then I could send it to myself or install it using adb. But I'm hoping there's a way to do this without having to involve a laptop.


OpenKeychain is an Android app for doing some basic GPG related work. It can verify signatures (hidden in the "encrypt/decrypt" menu)

Also it integrates i.e. with K-9 mail to sign and verify.

https://github.com/open-keychain/open-keychain


oh this looks promising, thank you! I'll try this out


If someone replaces the APK on their website with a compromised one, what prevents them from replacing the PGP signature with a signature created by the attacker?


You're not the only one. There are instructions using termux at the end of the thread.

https://forum.f-droid.org/t/help-needed-to-verify-the-f-droi...


"Warning: This app may track your GPS position" or similar. Not totally unexpected of a maps app.


Imagine Google showed warnings for all the pre-installed Google apps on every phone.

Warning: Google Background Services can read your SMSes, sideload apps without your knowledge or consent, request your location, and basically anything else your device is capable of doing (see the control panel in your Google account for what you, and Google, can make this do).

Warning: on some devices, Google Maps will nag you to upload WiFi access points every time you open the app. It's opt-in so technically legal!

Warning: every website you type in this browser's address bar will be sent to Google.

Warning: text you type on this keyboard may be sent to Google for improving text suggestions for everyone.

It would be a heck of a lot of pop ups on first boot and the best marketing Apple could ever wish for. Apple is not necessarily better, but they're not being hypocritical by adding warning labels for third party noncommercial open source alternatives (OsmAnd isn't the first one where Google does this, FairEmail has a similar story).


> Very strange.

Not at all. The google mothership wants to keep you within the play store's walled garden.

Fdroid allows you to escape the walls, so naturally google complains about that.


But now OsmAnd is putting new features behind their new subscription feature OsmAnd Pro.

https://osmand.net/docs/user/purchases/android


It seems like they're putting features that need server support behind the subscription, which to be honest is fair enough?


Like elevation widget and route line color?


Which ones are you missing? Most of them seem available in the f-droid version.


That said, it doesn't support android auto in the f-droid release, but that's more because of the way google does things than f-droid or osmand


It seems out of date though, and doesn't include this new rendering engine.


A new version was released today/yesterday in F-Droid. I've just upgraded and the first thing it says is "What's new in 4.3.5. New, faster Version 2 (OpenGL) map rendering engine, with 2.5D view"

Edit: Also, thanks to the replies here, I see that 4.3.5 was actually released in F-Droid on the 1st January, and 4.3.8 is also available since yesterday so I upgraded twice today already.


F-Droid does not always install the very latest versions by default unless you turn on Settings > Expert mode and then tick Unstable updates.


Nope, version 4.3.5 was posted to F-Droid right around the New Year.

https://f-droid.org/en/packages/net.osmand.plus/


"Suggested" version on F-Droid is an older one, but you can choose to update to a newer one way at the bottom under Versions.

Edit: I updated my repositories (pull down on main screen) and now 4.3.5 is the Suggested version.


Update your repos. The current version on fdroid is 4.3.8, released yesterday.


I got the update an hour ago, try refreshing repositories.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: