Presence in Google Play Store #480

Closed
by henningvs opened 5 years ago · 69 comments
henningvs commented 5 years ago (Migrated from github.com)
Owner

After doing some research I could not find any information about why the app has not been published to the "official" Android Playstore.

Is there a reason why this hasn't been done and if yes/no could I help to resolve it?

After doing some research I could not find any information about why the app has not been published to the "official" Android Playstore. Is there a reason why this hasn't been done and if yes/no could I help to resolve it?
Owner

The lack of feedback is due to the fact that we are discussing this internally.

My personal take on the matter is:

  • on the one hand, I like the idea of promoting f-droid or anyway an un-googled android experience by providing some features outside of the "walled garden"
  • on the other hand, I am the first person that discourages non tech-savy from allowing untrusted sources on their devices
The lack of feedback is due to the fact that we are discussing this internally. My **personal** take on the matter is: - on the one hand, I like the idea of promoting f-droid or anyway an un-googled android experience by providing some features outside of the "walled garden" - on the other hand, I am the first person that discourages non tech-savy from allowing untrusted sources on their devices

I partly agree with @danielegobbetti here:

  • full ack to his first bullet-point. Adding to that: with GB not available there, pebblers now should be more tempted to give F-Droid a try 😸
  • partly ack to the second one. AFAICS, that "unknown sources" main intention is to keep people glued into the Google ecosystem. Even with it enabled, the user has to confirm side-loaded installations via the package manager (I'm not speaking of adb install here, which disregards that setting anyhow). To my knowledge, only system apps can bypass that verification, as others don't get the INSTALL_PACKAGES permission granted. And if some malware managed to break into that, our nice "protection setting" has long become irrelevant anyhow.

My additional, personal bullet-points would be:

  • the excuse of "I cannot access that store" doesn't pull here. There are regions (and other reasons) where/why people cannot access Playstore, but F-Droid is open to everyone.
  • don't "feed the trolls" (no offense meant, of course). I know it's quite cosy with all that Google stuff, Facebook, WhatsApp & Co. But we're in the "Privacy first" region here. Forcing people to open their eyes might help them to, well, open their eyes as they have no other choice – if you know what I mean.

So I, personally, see no reason why GB should be available at Google Play. But as emphasized: That's my personal opinion – and I'm no (official) "Collaborator" or "Contributor" here. I'm just an enthusiastic user who sometimes contributes to the Wiki – or publishes articles on GB to several places 😺

I partly agree with @danielegobbetti here: * full ack to his first bullet-point. Adding to that: with GB not available there, pebblers now should be more tempted to give F-Droid a try :smile_cat: * partly ack to the second one. AFAICS, that "unknown sources" main intention is to keep people glued into the Google ecosystem. Even with it enabled, the user has to confirm side-loaded installations via the package manager (I'm not speaking of `adb install` here, which disregards that setting anyhow). To my knowledge, only system apps can bypass that verification, as others don't get the `INSTALL_PACKAGES` permission granted. And if some malware managed to break into that, our nice "protection setting" has long become irrelevant anyhow. My additional, personal bullet-points would be: * the excuse of "I cannot access that store" doesn't pull here. There are regions (and other reasons) where/why people cannot access Playstore, but F-Droid is open to everyone. * don't "feed the trolls" (no offense meant, of course). I know it's quite cosy with all that Google stuff, Facebook, WhatsApp & Co. But we're in the "Privacy first" region here. Forcing people to open their eyes might help them to, well, open their eyes as they have no other choice – if you know what I mean. So I, personally, see no reason why GB should be available at Google Play. But as emphasized: That's my personal opinion – and I'm no (official) "Collaborator" or "Contributor" here. I'm just an enthusiastic user who sometimes contributes to the Wiki – or publishes articles on GB to several places :smiley_cat:
walkjivefly commented 5 years ago (Migrated from github.com)
Owner

Since this looks like becoming a bit of a discussion I'll add some thoughts.

No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction. It wouldn't hurt to add the app in it's current form. GB doesn't spy or leak information to the internet and making it available from PlayStore wouldn't change that. Most users have Google services on their devices by default and adding GB to their device is no incremental privacy risk. There are other apps on PlayStore which don't require Google Play Services or internet or other unnecessary permissions.

People who install from F-Droid quite possibly also have PlayStore on their device and have already surrendered their privacy.

It sounds like I'm supporting the request but really I'm ambivalent.

Personally I try to stay out of the Google ecosystem, more so since the Google Play Services update last November trashed 2 of my devices. They are now wiped, reinstalled, GApps-free and running perfectly. From the perspective of "giving Google one in the eye" I'd say don't put GB in the PlayStore.

Since this looks like becoming a bit of a discussion I'll add some thoughts. No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction. It wouldn't hurt to add the app in it's current form. GB doesn't spy or leak information to the internet and making it available from PlayStore wouldn't change that. Most users have Google services on their devices by default and adding GB to their device is no incremental privacy risk. There are other apps on PlayStore which don't require Google Play Services or internet or other unnecessary permissions. People who install from F-Droid quite possibly also have PlayStore on their device and have already surrendered their privacy. It sounds like I'm supporting the request but really I'm ambivalent. Personally I try to stay out of the Google ecosystem, more so since the Google Play Services update last November trashed 2 of my devices. They are now wiped, reinstalled, GApps-free and running perfectly. From the perspective of "giving Google one in the eye" I'd say don't put GB in the PlayStore.
Owner

@walkjivefly

Personally, I started Gadgetbridge for two reasons:

  • I refuse to use propitiatory software.
  • I care about my privacy

People who use google play stuff and do not care about their privacy should not be interested in GB at all. They can just go with the official apps, Facebook, WhatsApp and so on.

For other reasons I still think we have to consider publishing in play store store, but I find it very unfortunate that there is such a demand at all.

@walkjivefly Personally, I started Gadgetbridge for two reasons: * I refuse to use propitiatory software. * I care about my privacy People who use google play stuff and do not care about their privacy should not be interested in GB at all. They can just go with the official apps, Facebook, WhatsApp and so on. For other reasons I still think we have to consider publishing in play store store, but I find it very unfortunate that there is such a demand at all.
henningvs commented 5 years ago (Migrated from github.com)
Poster
Owner

Thank you first of all for all the feedback, I did not imagine this kind of discussion. While privacy is indeed very important to me I do have admit that I might be too lazy with my privacy sometimes regarding google. (Yes I know this is a very bad thing to say)

In the process of pebble as a company going down the drain and the uncertainties growing if the pebble app will be useable in the future or if my data will go to fitbit, which I don't like, I finally discovered Gadgetbridge.
For me as a kind of tech-savvy person it was no problem to install the app from F-Droid or to understand that it might not be dangerous to install the "untrusted" F-Droid app. But I guess there are a lot of people which will neither discover the app nor do the additional effort to install the app.

Additionally I see the risk that someone is building and publishing the app to the google playstore without your "permission" and using the name to get a lot of downloads quickly. This might even contain the risk that this someone would bundle the app with adverts or malware, while people are trusting on the name of the app. This might even be "legal" (except for the malware) when looking at the license.

So for me the "pro" points are (while still understanding why this is kind of frustrating for you @ashimokawa):

  • Better visibility of the app for the public -> more people will possible use it and therefore do not hand over there data to the companies
  • Non-privacy intereseted user might search for a replacement for the pebble app (which might not work anymore in the future)
  • Prevent others from publishing the app unofficially to the playstore and bundling with other libraries
Thank you first of all for all the feedback, I did not imagine this kind of discussion. While privacy is indeed very important to me I do have admit that I might be too lazy with my privacy sometimes regarding google. (Yes I know this is a very bad thing to say) In the process of pebble as a company going down the drain and the uncertainties growing if the pebble app will be useable in the future or if my data will go to fitbit, which I don't like, I finally discovered Gadgetbridge. For me as a kind of tech-savvy person it was no problem to install the app from F-Droid or to understand that it might not be dangerous to install the "untrusted" F-Droid app. But I guess there are a lot of people which will neither discover the app nor do the additional effort to install the app. Additionally I see the risk that someone is building and publishing the app to the google playstore without your "permission" and using the name to get a lot of downloads quickly. This might even contain the risk that this someone would bundle the app with adverts or malware, while people are trusting on the name of the app. This might even be "legal" (except for the malware) when looking at the license. So for me the "pro" points are (while still understanding why this is kind of frustrating for you @ashimokawa): - Better visibility of the app for the public -> more people will possible use it and therefore do not hand over there data to the companies - Non-privacy intereseted user might search for a replacement for the pebble app (which might not work anymore in the future) - Prevent others from publishing the app unofficially to the playstore and bundling with other libraries

Additionally I see the risk that someone is building and publishing the app to the google playstore without your "permission" and using the name to get a lot of downloads quickly. This might even contain the risk that this someone would bundle the app with adverts or malware, while people are trusting on the name of the app. This might even be "legal" (except for the malware) when looking at the license.

This concern is one some of us in fact share (and already discussed at another place). I'm pretty sure a "take-down request" addressed at Google would succeed in such a case – but take its time while harm is done. This "fake-publication" would probably be more unlikely with the take-down request processed faster (and having more weight) if there were a corresponding "Freeyourgadget" developer account on Play with the "original app".

As for your bullet-points, @henningvs – legit enough, and I see their weight. Just "brainstorming aloud", it might be worth considering to create above mentioned "developer account", publish one version of GB, and in the description point out to rather install it via F-Droid where it's updated regularly. Then leave it sitting there and "rot", maybe giving it an update once a year to "push it up". As written, just thinking aloud – not sure whether we should really do that. I rather share the opinion @ashimokawa voiced:

I find it very unfortunate that there is such a demand at all.

For the very same reasons he pointed out.

> Additionally I see the risk that someone is building and publishing the app to the google playstore without your "permission" and using the name to get a lot of downloads quickly. This might even contain the risk that this someone would bundle the app with adverts or malware, while people are trusting on the name of the app. This might even be "legal" (except for the malware) when looking at the license. This concern is one some of us in fact share (and already discussed at another place). I'm pretty sure a "take-down request" addressed at Google would succeed in such a case – but take its time while harm is done. This "fake-publication" would probably be more unlikely with the take-down request processed faster (and having more weight) if there were a corresponding "Freeyourgadget" developer account on Play with the "original app". As for your bullet-points, @henningvs – legit enough, and I see their weight. Just "brainstorming aloud", it might be worth considering to create above mentioned "developer account", publish one version of GB, and in the description point out to rather install it via F-Droid where it's updated regularly. Then leave it sitting there and "rot", maybe giving it an update once a year to "push it up". As written, just thinking aloud – not sure whether we should really do that. I rather share the opinion @ashimokawa voiced: > I find it very unfortunate that there is such a demand at all. For the very same reasons he pointed out.
walkjivefly commented 5 years ago (Migrated from github.com)
Owner

@ashimokawa Thanks for explaining your position and the raison d'etre for Gadgetbridge.

I hadn't even considered the possibility that @henningvs suggested of someone placing a possibly rogue Gadgetbridge in PlayStore to the damage of the (reputation of the) real thing or for profit. I wouldn't count on the swift or even favourable response @IzzySoft thinks Google might bestow on a takedown request. Pre-emptively publishing in the PlayStore might be a good idea for this reason alone. It would be unfortunate if that were the only reason for doing so.

It's possible to be aware of the security and privacy issues resulting from any interaction with Google servers but pragmatically to accept their existence and try to mitigate them. There are some apps I want to use which are either only available on the Play Store or require Google Play Services ("virus"). I've given up many since last November. For a couple of others I now have a sacrificial/sandpit device with Google virus installed. It's inconvenient and some of the alternative apps are not as polished or functional as their Play counterparts. I don't mind searching them out, adapting to them and possibly in the future helping improve them. Most users lack the time, inclination or ability to do so.

@ashimokawa Thanks for explaining your position and the raison d'etre for Gadgetbridge. I hadn't even considered the possibility that @henningvs suggested of someone placing a possibly rogue Gadgetbridge in PlayStore to the damage of the (reputation of the) real thing or for profit. I wouldn't count on the swift or even favourable response @IzzySoft thinks Google might bestow on a takedown request. Pre-emptively publishing in the PlayStore might be a good idea for this reason alone. It would be unfortunate if that were the only reason for doing so. It's possible to be aware of the security and privacy issues resulting from any interaction with Google servers but pragmatically to accept their existence and try to mitigate them. There are some apps I want to use which are either only available on the Play Store or require Google Play Services ("virus"). I've given up many since last November. For a couple of others I now have a sacrificial/sandpit device with Google virus installed. It's inconvenient and some of the alternative apps are not as polished or functional as their Play counterparts. I don't mind searching them out, adapting to them and possibly in the future helping improve them. Most users lack the time, inclination or ability to do so.

@walkjivefly slightly out of topic, but for that Google virus, check its light and open-source counterpart microG. Covers the good parts and leaves the bad stuff out – so no support for those ads etc (but neither for pay and license check).

@walkjivefly slightly out of topic, but for that Google virus, check its light and open-source counterpart [microG](https://android.izzysoft.de/articles/named/android-without-google-5a). Covers the good parts and leaves the bad stuff out – so no support for those ads etc (but neither for pay and license check).
Jojonintendo commented 5 years ago (Migrated from github.com)
Owner

My little experience on this matter: (sorry if I don't explain myself well, I'm not a native english speaker)

I started using microG a year ago to get rid of everything Google-related, and I had almost no problem finding alternatives for the things I needed. As I understand some people can't live without Facebook or Whatsapp, I also believe they are not really going to be interested in anything privacy-related, we are still a minority here.

But maybe publishing some (old?) version of GB on the Play Store as @IzziSoft pointed out (pointing to F-Droid, more up to date, etc) could make at least some people realize there are altermatives to Google, and they are legit. I like this idea, it would absolutely make GB and F-Droid in general more visible. Overall I think it could be better to publish it than not, because otherwise only us "privacy and opensource freaks" can know about it.

I find this discussion very interesting, and I sure would like to know what other people think about it!

My little experience on this matter: (sorry if I don't explain myself well, I'm not a native english speaker) I started using microG a year ago to get rid of everything Google-related, and I had almost no problem finding alternatives for the things I needed. As I understand some people can't live without Facebook or Whatsapp, I also believe they are not really going to be interested in anything privacy-related, we are still a minority here. But maybe publishing some (old?) version of GB on the Play Store as @IzziSoft pointed out (pointing to F-Droid, more up to date, etc) could make at least some people realize there are altermatives to Google, and they are legit. I like this idea, it would absolutely make GB and F-Droid in general more visible. Overall I think it could be better to publish it than not, because otherwise only us "privacy and opensource freaks" can know about it. I find this discussion very interesting, and I sure would like to know what other people think about it!
henningvs commented 5 years ago (Migrated from github.com)
Poster
Owner

The problem I see in "only" maintaining an old version of the app in de Google Play Store are from my point of view:

  • Outdated issues will be created (possible on github) for problems which might have already been fixed -> therefore more (unnecessary) work for the maintainer
  • Caused by this issues bad ratings will be created and less user will switch over

Also from my experience from app publishing side I made the experience that most user unfortunately completely ignore any text written in the description. I would vote for a all or nothing strategy, everything else might just present the quality of the app in the wrong light.

The problem I see in "only" maintaining an old version of the app in de Google Play Store are from my point of view: - Outdated issues will be created (possible on github) for problems which might have already been fixed -> therefore more (unnecessary) work for the maintainer - Caused by this issues bad ratings will be created and less user will switch over Also from my experience from app publishing side I made the experience that most user unfortunately completely ignore any text written in the description. I would vote for a all or nothing strategy, everything else might just present the quality of the app in the wrong light.
Owner

My two cents: it does make some sense to publish to Play Store, as long as

  • everything is automated and does not cause much additional work (aside from the initial setup)
  • we always publish publish the latest version (thanks @henningvs)
  • we advertise f-droid as our primary supply channel

It might also help if we had a Discourse or Reddit forum and a link in Gadgetbridge to open it.

My two cents: it does make some sense to publish to Play Store, as long as - everything is automated and does not cause much additional work (aside from the initial setup) - we always publish publish the latest version (thanks @henningvs) - we advertise f-droid as our primary supply channel It might also help if we had a Discourse or Reddit forum and a link in Gadgetbridge to open it.
henningvs commented 5 years ago (Migrated from github.com)
Poster
Owner

@cpfeiffer Regarding bullet point one; it might be possible to fit this step in the travis CI chain with this gradle plugin https://github.com/Triple-T/gradle-play-publisher.

@cpfeiffer Regarding bullet point one; it might be possible to fit this step in the travis CI chain with this gradle plugin https://github.com/Triple-T/gradle-play-publisher.
Owner

Thanks, that looks great! Although probably not for Travis, because we can't publish the signing keys.

Thanks, that looks great! Although probably not for Travis, because we can't publish the signing keys.
Owner

I'm not sure the google play tos allows to mention that the app is available on other "app stores". Let alone mentioning that another one is the "main" distribution channel.
By the look of it it's a couple of A4 pages we need to read very carefully...

I'm not sure the google play tos allows to mention that the app is available on other "app stores". Let alone mentioning that another one is the "main" distribution channel. By the look of it it's a couple of A4 pages we need to read very carefully...
henningvs commented 5 years ago (Migrated from github.com)
Poster
Owner

@cpfeiffer Without going too deep into the technical details, before any kind of decission has been reached, it might be possible to supply the API credentials as encrypted travis environment variables.
@danielegobbetti You (might) find a good summary here: https://play.google.com/intl/en/about/developer-content-policy/ Otherwise it might also be possible to link to i.e. a github(.io) page where such content is stated.

@cpfeiffer Without going too deep into the technical details, before any kind of decission has been reached, it might be possible to supply the API credentials as encrypted travis environment variables. @danielegobbetti You (might) find a good summary here: https://play.google.com/intl/en/about/developer-content-policy/ Otherwise it might also be possible to link to i.e. a github(.io) page where such content is stated.
jrb commented 5 years ago (Migrated from github.com)
Owner

Many users are restricted to the Play Store not though their own desires, but because their device is managed by an employer's device management policy. Locking these users out of GB would be an unfortunate side effect of treating application distribution as a soap box.

Edit: also, what stops a 3rd party from putting a build up for free on the Play Store? The code is GPL, the artwork CC Non Commercial. What's the basis for takedown?

Many users are restricted to the Play Store not though their own desires, but because their device is managed by an employer's device management policy. Locking these users out of GB would be an unfortunate side effect of treating application distribution as a soap box. Edit: also, what stops a 3rd party from putting a build up for free on the Play Store? The code is GPL, the artwork CC Non Commercial. What's the basis for takedown?
walkjivefly commented 5 years ago (Migrated from github.com)
Owner

@IzzySoft thanks for the microG and related headsup.

@IzzySoft thanks for the microG and related headsup.

Any time, @walkjivefly – I'm using that for years already (since back then when it still was named "NOGAPPS") 😸 Works pretty well. Just one of the apps I really need doesn't work with it (due to the license check: already on the todo of the dev, but will take an eternity due to lack of time and resource).

Any time, @walkjivefly – I'm using that for years already (since back then when it still was named "NOGAPPS") :smile_cat: Works pretty well. Just one of the apps I really need doesn't work with it (due to the license check: already on the todo of the dev, but will take an eternity due to lack of time and resource).
tecufanujacu commented 5 years ago (Migrated from github.com)
Owner

Just an idea, you could do as happen for the open suource maps navigation Osmand, you can publish a paid version on the PlayStore and this free version on F-Droid, in this way the version published on the Play Store can also help to mantain this project and after the Pebble bankrupt I think that a lot of people will install GadgetBridge.
Just for reference, the two versions of Osmand: PlayStore and F-Droid.

About microG, me too I can confirm that it works without any problem, me too I'm using it from when it was named NOGAPPS :-)

Just an idea, you could do as happen for the open suource maps navigation [Osmand](https://github.com/osmandapp/Osmand), you can publish a paid version on the PlayStore and this free version on F-Droid, in this way the version published on the Play Store can also help to mantain this project and after the Pebble bankrupt I think that a lot of people will install GadgetBridge. Just for reference, the two versions of Osmand: [PlayStore](https://play.google.com/store/apps/details?id=net.osmand.plus) and [F-Droid](https://f-droid.org/repository/browse/?fdcategory=Navigation&fdid=net.osmand.plus). About microG, me too I can confirm that it works without any problem, me too I'm using it from when it was named NOGAPPS :-)

I second what @tecufanujacu just wrote: That would be an excellent idea (several FOSS projects do so, I know that e.g. from DAVDroid). That would give a double or rather triple bonus:

  • make Gadgetbridge better known (and easier to discover)
  • pointing to F-Droid (from the description, if possible – otherwise the "website link" could be used pointing to our Github presence, where we link to F-Droid already), would bring that to the attention of users (some would follow just to save 1 buck even)
  • people who wish to contribute something but have no idea how can use that for donations

With the added security point of "preventing others from publishing it there" (or give a better leverage in case someone duplicates it while adding unwanted stuff to it).

I second what @tecufanujacu just wrote: That would be an excellent idea (several FOSS projects do so, I know that e.g. from DAVDroid). That would give a double or rather triple bonus: * make Gadgetbridge better known (and easier to discover) * pointing to F-Droid (from the description, if possible – otherwise the "website link" could be used pointing to our Github presence, where we link to F-Droid already), would bring that to the attention of users (some would follow just to save 1 buck even) * people who wish to contribute something but have no idea how can use that for donations With the added security point of "preventing others from publishing it there" (or give a better leverage in case someone duplicates it while adding unwanted stuff to it).
Owner

As an aside information, as far as i know paid apps require a postal address (of the seller). I understand that would be a low effort way of supporting the project though.

As an aside information, as far as i know paid apps require a postal address (of the seller). I understand that would be a low effort way of supporting the project though.
henningvs commented 5 years ago (Migrated from github.com)
Poster
Owner

As a non-contributor I probably don't have much to say, butIs there a process how you are deciding such things?
But I would also offer my support if you are deciding pro publishing.

As a non-contributor I probably don't have much to say, butIs there a process how you are deciding such things? But I would also offer my support if you are deciding pro publishing.
Owner

@henningvs Thanks for the offer! We have some things prepared, but don't have a final decision yet. And we were very busy with other things, recently.

@henningvs Thanks for the offer! We have some things prepared, but don't have a final decision yet. And we were very busy with other things, recently.
Avamander commented 5 years ago (Migrated from github.com)
Owner

If the paid Google Play developer license is an issue I could help with that by publishing it, just email me.

If the paid Google Play developer license is an issue I could help with that by publishing it, just email me.
Owner

I believe there are three main areas related to the google play presence (I changed the issue title to highlight that publishing is just an aspect):

  1. publishing
  2. managing releases
  3. managing feedback (user and automated)

Regarding publishing, these are the requirements (from the developer console) to publish an app there:

  • You need to select a category.
  • You need to add a short description. let's say we recycle our readme
  • You need to add a full description. let's say we recycle our readme
  • You need to upload an APK for this application.
  • You need to target at least one country.
  • You need to declare whether or not your application contains ads.
  • You need to enter a privacy policy URL.
  • You need to make your application free or set a price for it.
  • Your app is missing a required content rating. Go to your app's Content Rating page and complete a rating questionnaire.
  • You need to add a high-res icon.
  • You need to add a feature graphic.
  • You need to add at least 2 non-Android TV screenshots.
  • There are possibly more requirements if the app is a paid one, I didn't check.

Regarding managing releases:

  • Who will take care of the release / automate the release
  • A changelog text should be added for each release

Regarding feedback:

  • Automated feedback: ANR and crash reports. Who will take care of them / create issues?
  • User feedback: especially relevant if the app is a paid app Who will take care of the reports / create issues where appropriate?
I believe there are three main areas related to the google play presence (I changed the issue title to highlight that publishing is just an aspect): 1. publishing 1. managing releases 1. managing feedback (user and automated) Regarding publishing, these are the requirements (from the developer console) to publish an app there: - [x] You need to select a category. - [x] You need to add a short description. *let's say we recycle our readme* - [x] You need to add a full description. *let's say we recycle our readme* - [x] You need to upload an APK for this application. - [x] You need to target at least one country. - [x] You need to declare whether or not your application contains ads. - [ ] You need to enter a privacy policy URL. - [ ] You need to make your application free or set a price for it. - [ ] Your app is missing a required content rating. Go to your app's Content Rating page and complete a rating questionnaire. - [ ] You need to add a high-res icon. - [ ] You need to add a feature graphic. - [ ] You need to add at least 2 non-Android TV screenshots. - *There are possibly more requirements if the app is a paid one, I didn't check.* Regarding managing releases: - [ ] Who will take care of the release / automate the release - [ ] A changelog text should be added for each release Regarding feedback: - [ ] Automated feedback: ANR and crash reports. Who will take care of them / create issues? - [ ] User feedback: *especially relevant if the app is a paid app* Who will take care of the reports / create issues where appropriate?
Avamander commented 5 years ago (Migrated from github.com)
Owner

Is help needed with any of the aspects and you don't want to do it yourself? Because I could help with all of them.

Is help needed with any of the aspects and you don't want to do it yourself? Because I could help with all of them.
Owner

We weren't aware of some tools highlighted in a recent thread on the f-droid forum, we will proceed testing these and set them up, this way the management of a number of assets on my list above can be automated.

This is not directly related to the play store presence, but makes the burden much lighter as both F-Droid and play store would use the same tools/assets.

We weren't aware of some tools highlighted in a [recent thread on the f-droid forum](https://forum.f-droid.org/t/new-ui-ux-of-f-droid-app/260/6), we will proceed testing these and set them up, this way the management of a number of assets on my list above can be automated. This is not directly related to the play store presence, but makes the burden much lighter as both F-Droid and play store would use the same tools/assets.
lindhe commented 4 years ago (Migrated from github.com)
Owner

I'm glad there is a discussion regarding this. Sure, the license does grant anyone the right to publish it anywhere (including Play Store), but I think it's much nicer if it's done by the devs or at least with your blessing.

I only skimmed over the discussion, and the only thing I really have to add is to let you hear another voice vouching for making it available on Play Store. I think it would be good to have someone be the maintainer of the Play Store version, but if you can automate the process, all the better.

The reason I want it on the Play Store is mainly threefold:

  1. I wish more people could find this app, since I like apps I use to be popular (since that encourages development).
  2. As already mentioned, it's not a good idea to allow third party apps one your phone. For technical people like us, it's not as big of a problem; installing a legit app has no side effects no matter the source. But non-technical people should most certainly not be recommended to allow that.
  3. I have had some problems with f-droid recently, which breaks updates and app cross compatibility. As far as I am aware, this is not an issue that affects others, but still I need to move away from f-droid until I can resolve it.

A lesser reason is that I don't think it's healthy for the Free software ecosystem to hide in the most obscure of places, rather than being easily available by many.

I'm glad there is a discussion regarding this. Sure, the license _does_ grant anyone the right to publish it anywhere (including Play Store), but I think it's much nicer if it's done by the devs or at least with your blessing. I only skimmed over the discussion, and the only thing I really have to add is to let you hear another voice vouching for making it available on Play Store. I think it would be good to have someone be the maintainer of the Play Store version, but if you can automate the process, all the better. The reason I want it on the Play Store is mainly threefold: 1. I wish more people could find this app, since I like apps I use to be popular (since that encourages development). 2. As already mentioned, it's not a good idea to allow third party apps one your phone. For technical people like us, it's not as big of a problem; installing a legit app has no side effects no matter the source. But non-technical people should most certainly not be recommended to allow that. 3. I have had some problems with f-droid recently, which breaks updates and app cross compatibility. As far as I am aware, this is not an issue that affects others, but still I need to move away from f-droid until I can resolve it. A lesser reason is that I don't think it's healthy for the Free software ecosystem to hide in the most obscure of places, rather than being easily available by many.

@lindhe without affecting what has been discussed before, it itches my fingers to counter your arguments:

  1. you won't find more encouraged developers on any other project, Playstore or not. But yeah, while I don't think the team needs more encouragement to "keep things going", positive feedback never hurts. But it doesn't necessarily require Playstore for that 😉
  2. third party apps remain third party apps, whether you install them from Playstore or from "other sources". What's more, I count F-Droid definitely on the safe side – with its maintainers keeping a very close eye on "what's inside an app". Regulations are pretty strict – and keep us free of "proprietary stuff" no user (or app developer, at that) can control. I prefer it's known what an app (or the libraries it uses) does. F-Droid ensures this – Playstore obscures this.

And for your last sentence, I heavily object – as it suggests you're naming F-Droid as one of those "most obscure places". That sentence definitely needs to be inverted: F-Droid is very open in what it does, in its availability, in what it serves – and easily available to really everyone, even without account and login. Cannot say that for Playstore.

The one thing of your post I definitely agree with: If GB appeared on Playstore, that should be under control of the GB team.

@lindhe without affecting what has been discussed before, it itches my fingers to counter your arguments: 1. you won't find more encouraged developers on any other project, Playstore or not. But yeah, while I don't think the team needs more encouragement to "keep things going", positive feedback never hurts. But it doesn't necessarily require Playstore for that :wink: 1. third party apps remain third party apps, whether you install them from Playstore or from "other sources". What's more, I count F-Droid definitely on the safe side – with its maintainers keeping a very close eye on "what's inside an app". Regulations are pretty strict – and keep us free of "proprietary stuff" no user (or app developer, at that) can control. I prefer it's known what an app (or the libraries it uses) does. F-Droid ensures this – Playstore obscures this. And for your last sentence, I heavily object – as it suggests you're naming F-Droid as one of those "most obscure places". That sentence definitely needs to be inverted: F-Droid is very open in what it does, in its availability, in what it serves – and easily available to really everyone, even without account and login. Cannot say that for Playstore. The one thing of your post I definitely agree with: If GB appeared on Playstore, that should be under control of the GB team.
lindhe commented 4 years ago (Migrated from github.com)
Owner

Sure, F-droid is technically much more available than Google Play Store, but not in practice. If I were to guess how many of my very technical friends that have even heard of F-droid, I'd say it's around 10% of those who use Android. And among those that I would not categorize as very technical... I'd be hard pressed to find a single one that have heard of it, and even less so anyone willing to try it (since "The Google App Store works fine"). They would not even know how to install F-droid, without my help.

Sure, F-droid is _technically_ much more available than Google Play Store, but not in practice. If I were to guess how many of my very technical friends that have even heard of F-droid, I'd say it's around 10% of those who use Android. And among those that I would not categorize as very technical... I'd be hard pressed to find a single one that have heard of it, and even less so anyone willing to try it (since "The Google App Store works fine"). They would not even know how to install F-droid, without my help.

"Being available" and "being known" are two entirely different things 😉 If it were about that, all of us would use Win10 on their PCs just because some folks declared it "the standard" – despite of its being a privacy nightmare (not to talk about the other aspects).

But well, that's not what we should discuss here. If GB will be made available at the Playstore, that doesn't mean it will disappear from F-Droid. And the very privacy aware know which place to go. I'd even go that far to say "put it on Playstore for USD 10+, mentioning its availability in F-Droid in the description" – and, if the GB team doesn't want the money, donate incoming payments to "something useful" (some organisation – or some test devices – or both). Triple win 😜

"Being available" and "being known" are two entirely different things :wink: If it were about that, all of us would use Win10 on their PCs just because some folks declared it "the standard" – despite of its being a privacy nightmare (not to talk about the other aspects). But well, that's not what we should discuss here. If GB will be made available at the Playstore, that doesn't mean it will disappear from F-Droid. And the very privacy aware know which place to go. I'd even go that far to say "put it on Playstore for USD 10+, mentioning its availability in F-Droid in the description" – and, if the GB team doesn't want the money, donate incoming payments to "something useful" (some organisation – or some test devices – or both). Triple win :stuck_out_tongue_winking_eye:
lindhe commented 4 years ago (Migrated from github.com)
Owner

mentioning its availability in F-Droid in the description

I'm afraid that would not be possible. It's against the Store rules, so it would get taken down if we mention any other app distribution store.

> mentioning its availability in F-Droid in the description I'm afraid that would not be possible. It's against the Store rules, so it would get taken down if we mention any other app distribution store.

One isn't forced to do that literally. Consider the following phrasing:

Gadgetbridge is a Free (and open source) anDroid app: find the code, Availability and more on its Github Presence – where you also can find help with issues you might encounter or suggest features you're missing. Our Wiki will assist you further.

Got it? One simple word in a sub-clause: F Droid Availability 😉 It's permitted to mention your project page, where you process issues etc. Seen that in lots of app descriptions.

One isn't forced to do that literally. Consider the following phrasing: > Gadgetbridge is a Free (and open source) anDroid app: find the code, Availability and more on its [Github Presence](https://github.com/Freeyourgadget/Gadgetbridge/) – where you also can find help with issues you might encounter or suggest features you're missing. Our [Wiki](https://github.com/Freeyourgadget/Gadgetbridge/wiki) will assist you further. Got it? One simple word in a sub-clause: F Droid Availability :wink: It's permitted to mention your project page, where you process issues etc. Seen that in lots of app descriptions.
lindhe commented 4 years ago (Migrated from github.com)
Owner

Subliminal Messages Are Really The way to go! ;)

Subliminal Messages Are Really The way to go! ;)
KazWolfe commented 4 years ago (Migrated from github.com)
Owner

Just leaving my two cents because why not.

Ever since the official Pebble app died (and will soon start losing features like the app store/dictation/etc.), users require a solution to keep using their watches with the full feature-set that it came with. Gadgetbridge fills this gap.

The main argument here is accessibility. By placing the app on the Play Store, users can actually use it without going through the F-Droid installation procedure (no matter how beneficial it is to the software world). It's an official Android channel, whether we like it or not. The vast majority of users go through it to get their software.

If the app is only published to F-Droid or is only made available from an APK, most (Pebble) users would only download Gadgetbridge and then move on with their lives. I'd doubt they'd "convert" into actual regular F-Droid users.

Even so, publishing the software to the Play Store gives the user a choice. They can download the software from the known proprietary channel, they can install F-Droid and use that, or they can just download the raw APK. If a user wants to support proprietary software and infrastructure (or just doesn't care enough), they will. This app won't really change that.

I'd personally say using Gadgetbridge as a virtual soapbox is a rather disheartening choice. Users shouldn't be denied the use of the app because they're not libre-friendly (and don't want to or otherwise can't use F-Droid). This project is (edit: as best I can tell) meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software.

As for charging for the app, I'd say that it just shouldn't be done. Google takes a percentage (30%!) of all app profits. By publishing and charging for the app, Gadgetbridge will be doing a few interesting things. First (and foremost), we'll be removing a user's choice. If they want to get the app from the Play Store, they're being forced into donating. Second, Gadgetbridge will be supporting Google by giving a cut of whatever percentage is charged. Lastly, it doesn't exactly instill confidence - users should be able to go to any source and get the app for the same price.

The only argument against is the additional support burden that comes with a larger audience, but this is to be expected and will be inevitable once Gadgetbridge passes the Pebble app in terms of features.

Just leaving my two cents because why not. Ever since the official Pebble app died (and will soon start losing features like the app store/dictation/etc.), users require a solution to keep using their watches with the full feature-set that it came with. Gadgetbridge fills this gap. The main argument here is accessibility. By placing the app on the Play Store, users can actually use it without going through the F-Droid installation procedure (no matter how beneficial it is to the software world). It's an official Android channel, whether we like it or not. The vast majority of users go through it to get their software. If the app is only published to F-Droid or is only made available from an APK, most (Pebble) users would only download Gadgetbridge and then move on with their lives. I'd doubt they'd "convert" into actual regular F-Droid users. Even so, publishing the software to the Play Store gives the user a choice. They can download the software from the known proprietary channel, they can install F-Droid and use that, or they can just download the raw APK. If a user wants to support proprietary software and infrastructure (or just doesn't care enough), they will. This app won't really change that. I'd personally say using Gadgetbridge as a virtual soapbox is a rather disheartening choice. Users shouldn't be denied the use of the app because they're not libre-friendly (and don't want to or otherwise can't use F-Droid). This project is (edit: as best I can tell) meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software. As for charging for the app, I'd say that it just shouldn't be done. Google takes a percentage ([30%!](https://support.google.com/googleplay/android-developer/answer/112622?hl=en)) of all app profits. By publishing and charging for the app, Gadgetbridge will be doing a few interesting things. First (and foremost), we'll be removing a user's choice. If they want to get the app from the Play Store, they're being forced into donating. Second, Gadgetbridge will be supporting Google by giving a cut of whatever percentage is charged. Lastly, it doesn't exactly instill confidence - users should be able to go to *any* source and get the app for the same price. The only argument against is the additional support burden that comes with a larger audience, but this is to be expected and will be inevitable once Gadgetbridge passes the Pebble app in terms of features.
Owner

This project is meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software.

How can you know?

Seriously I started Gadgetbridge because I strictly ignore any kind of closed source software. On the PC and on the Phone. I wanted a pebble but there was nothing on F-Droid. So I created something.

In my opinion (however I am not the only author of the project anymore) this project is meant for people who care about free software. I still (and I wrote this multiple times already) have absolutely NO CLUE why anyone wants to use Gadgetbridge but uses other propitiatory software.

> This project is meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software. How can you know? Seriously I started Gadgetbridge because I strictly ignore any kind of closed source software. On the PC and on the Phone. I wanted a pebble but there was nothing on F-Droid. So I created something. In my opinion (however I am not the only author of the project anymore) this project is meant for people who care about free software. I still (and I wrote this multiple times already) have absolutely **NO CLUE** why anyone wants to use Gadgetbridge but uses other propitiatory software.
Avamander commented 4 years ago (Migrated from github.com)
Owner

@ashimokawa it works better offline, it's faster, I can contribute, it's maintained and lastly it's FOSS.

@ashimokawa it works better offline, it's faster, I can contribute, it's maintained and lastly it's FOSS.
KazWolfe commented 4 years ago (Migrated from github.com)
Owner

How can you know?

Seriously I started Gadgetbridge because I strictly ignore any kind of closed source software. On the PC and on the Phone. I wanted a pebble but there was nothing on F-Droid. So I created something.

This is just what I gathered from my (granted) short time on the project. You, as the project founder, would have a much more clear view of this than I do.

I [...] have absolutely NO CLUE why anyone wants to use Gadgetbridge but uses other propitiatory software.

In my case, I use Gadgetbridge because the official Pebble app is dying. It's not being maintained, and if I want to have development and new features continue for my watch, I need to use an alternative. At the time, the best alternative on the market is this app -- and it's only going to get better as time goes on.

Others still want to use only libre software but are forced into using proprietary software (e.g. an employer forcing the use of a proprietary chat application) or otherwise can't make the switch to libre (e.g. no utility exists or the libre utilities are not competitive with their proprietary counterparts).

I still stand by my point that GB should offer users a choice to either go the full-libre route or use whatever services they want. Putting GB on the Play Store doesn't suddenly make it proprietary software.

> How can you know? > > Seriously I started Gadgetbridge because I strictly ignore any kind of closed source software. On the PC and on the Phone. I wanted a pebble but there was nothing on F-Droid. So I created something. This is just what I gathered from my (granted) short time on the project. You, as the project founder, would have a much more clear view of this than I do. > I [...] have absolutely NO CLUE why anyone wants to use Gadgetbridge but uses other propitiatory software. In my case, I use Gadgetbridge because the official Pebble app is dying. It's not being maintained, and if I want to have development and new features continue for my watch, I need to use an alternative. At the time, the best alternative on the market is this app -- and it's only going to get better as time goes on. Others still *want* to use only libre software but are forced into using proprietary software (e.g. an employer forcing the use of a proprietary chat application) or otherwise can't make the switch to libre (e.g. no utility exists or the libre utilities are not competitive with their proprietary counterparts). I still stand by my point that GB should offer users a choice to either go the full-libre route or use whatever services they want. Putting GB on the Play Store doesn't suddenly make it proprietary software.
jrb commented 4 years ago (Migrated from github.com)
Owner

@ashimokawa Thank you for your work. When I was able to use GB before having to comply with security policy, it was fantastic.

I'm excited to read your post, because it implies you currently don't have to make a compromise with regard to open source. That can only mean you've located an Android device capable of operating without closed source drivers. I'd love to pick up such a device. Would you mind linking to it?

In the mean time, I suppose I'll use strive to use open source software, but continue to acknowledge I need to occasionally supplement it with closed source software in order to comply with regulatory bodies (see: closed basebands), and employers (PlayServices, Device policy).

@ashimokawa Thank you for your work. When I was able to use GB before having to comply with security policy, it was fantastic. I'm excited to read your post, because it implies you currently don't have to make a compromise with regard to open source. That can only mean you've located an Android device capable of operating without closed source drivers. I'd love to pick up such a device. Would you mind linking to it? In the mean time, I suppose I'll use strive to use open source software, but continue to acknowledge I need to occasionally supplement it with closed source software in order to comply with regulatory bodies (see: closed basebands), and employers (PlayServices, Device policy).
Avamander commented 4 years ago (Migrated from github.com)
Owner

I tried to upload the current application with current package name to Play Store, someone has already done that, unless official maintainers have access to that developer account the package name has to be changed.

I tried to upload the current application with current package name to Play Store, someone has already done that, unless official maintainers have access to that developer account the package name has to be changed.
Owner

Android 8 introduces a nice feature, namely a permission that allows the user to trust any app to act as installer. This means that Oreo users don't have to enable untrusted sources when installing from fdroid. Going forward the adoption of fdroid will greatly benefit from this change, in my opinion.

I believe also a single application makes a difference at least for some users. I am old enough to remember the early "browser wars". Open source software did make a huge difference back then, but I digress.

GPL terms allow redistribution in binary form, and while there is no mention of "app stores" I'm sure they are considered just like every distribution channel. What we (core devs) don't want to happen is (malevolent) third parties distribute the code with the original package name that is altered in ways that could hinder the project (e.g. ads, other unwanted changes), for this reason the original package name is not available on the play store for third party to publish.

Android 8 introduces a nice feature, namely a permission that allows the user to trust any app to act as installer. This means that Oreo users don't have to enable untrusted sources when installing from fdroid. Going forward the adoption of fdroid will greatly benefit from this change, in my opinion. I believe also a single application makes a difference at least for some users. I am old enough to remember the early "browser wars". Open source software **did** make a huge difference back then, but I digress. GPL terms allow redistribution in binary form, and while there is no mention of "app stores" I'm sure they are considered just like every distribution channel. What we (core devs) don't want to happen is (malevolent) third parties distribute the code with the original package name that is altered in ways that could hinder the project (e.g. ads, other unwanted changes), for this reason the original package name is not available on the play store for third party to publish.
bluuub commented 4 years ago (Migrated from github.com)
Owner

If every app is published to the PlayStore due to the argument that "one single app does not change the users behaviour" then yes: the user most certainly will not change his behaviour.

On the other hand, and this is why I am very certain, that one app can make a difference, more and more tech channels mention this app. I think there is a list somewhere. Pebble users will probably someday somehow read such an article and subsequently try out Gadgetbridge.
The difference is that FDroid (in contrast to the PlayStore) activly encourages the user to have a look at the source (aka this github). Users sticking to the app will therefore much more likely become active themselves (even if that just means testing stuff or providing new ideas). Typical PlayStore users write some comment below the app and score the app. Then they wait for the next release and expect their request to be implemented. Just think about the comments that will demand (and yes I mean it like it sounds) the possibility to use internet (as they were used to with their old Pebble app) and rate this app at 1 star.

If every app is published to the PlayStore due to the argument that "one single app does not change the users behaviour" then yes: the user most certainly will not change his behaviour. On the other hand, and this is why I am very certain, that one app can make a difference, more and more tech channels mention this app. I think there is a list somewhere. Pebble users will probably someday somehow read such an article and subsequently try out Gadgetbridge. The difference is that FDroid (in contrast to the PlayStore) activly encourages the user to have a look at the source (aka this github). Users sticking to the app will therefore much more likely become active themselves (even if that just means testing stuff or providing new ideas). Typical PlayStore users write some comment below the app and score the app. Then they wait for the next release and expect their request to be implemented. Just think about the comments that will demand (and yes I mean it like it sounds) the possibility to use internet (as they were used to with their old Pebble app) and rate this app at 1 star.
Owner

@bluuub
Could not agree more.

But then again, I prefer a "blessed" play store release by the core devs than having a random guy publishing it.

And another pro play store argument: People started reuploading the apk from fdroid on some ad infested sharehoster sites (for whatever reasons) and/or linking to a specific release apk on fdroid. So there are a lot of people installing an old version.

@bluuub Could not agree more. But then again, I prefer a "blessed" play store release by the core devs than having a random guy publishing it. And another pro play store argument: People started reuploading the apk from fdroid on some ad infested sharehoster sites (for whatever reasons) and/or linking to a specific release apk on fdroid. So there are a lot of people installing an old version.
LuccoJ commented 4 years ago (Migrated from github.com)
Owner

@ashimokawa would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though? I am not so sure. But then, I guess if it were available on Play, some people would try looking it up there before downloading the random blog-provided APK.

@walkjivefly you say that

No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction

That may be true, but, which userbase would you like to have? "Publicity" (especially when it turns into "marketing") is something I'm always extremely wary of. Take LineageOS for instance, which is an open source project that has gained so much acceptance: many of its users not only don't care about its openness, but are actively opposed to people promoting open alternatives like microG within its community ("No xposed/magisk/supersu/microg/substratum discussion"), and this mentality has pretty much become an official stance, where disabling Google spyware features that study your device's behavior in detail is seen as tantamount to "lying about security features" (lying to whom? certainly not to the device's owner: just to apps, and possibly Google, about things that were never their business in the first place!).
If Gadgetbridge wants traction, then I ask: is this when it wants to be pulled by the traction?

@IzzySoft for example mentioned MicroG as a good alternative to using Play Services for people who really need to run apps that require them, but if he mentioned that on most LineageOS discussion platforms, he would be virtually yelled at.

@KazWolfe provides an example of a more relaxed, less "freedom is about complete freedom", view of Gadgetbridge, which I imagine could be similar as many LineageOS users have as an outlook:

This project is (edit: as best I can tell) meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software.

... to which @ashimokawa (being the original developer of Gadgetbridge) comprehensibly reacts with, to paraphrase, "how the hell do you know what I meant it to be?". So, this is possibly a very small example of community pressure, when you don't have quite the type of community you envisioned.

@walkjivefly also as a small detail about Play, when you say, and @henningvs makes a similar point

I wouldn't count on the swift or even favourable response @IzzySoft thinks Google might bestow on a takedown request. Pre-emptively publishing in the PlayStore might be a good idea for this reason alone. It would be unfortunate if that were the only reason for doing so.

I don't think this would be useful to control this potential issue: even if Gadgetbridge is "officially" released on Play, nothing prevents someone else from releasing a different version too. The only thing that can be done if that happens is a takedown request based on one of: trademark infringement; presence of malware; licensing violation.
However, this is simply no different from making a takedown request without having published an official version first. The risk that Google may not act on it promptly remains the same.

@danielegobbetti I am quite looking forward about Android 8's ability to selectively enable app stores... although it still considers them "unknown sources", in terminology, from my brief trial run of it, and makes you "agree to be responsible" for any damage they cause, which is a concept I hate, and which I use as a rebuttal to people who say that unlike iOS, the Android ecosystem is fully open in terms of installable software: it is really not, when you have to accept potentially legally-binding agreements stating that if you mistakenly install malware, it's your responsibility and not the responsibility of whoever wrote the malware. Add this to the fact that Google and mobile carriers do retain the ability to selectively disable phones they deem to be "a danger to the network": now you have no recourse against that, because you agreed to it!
What an awful state of affairs, really.

@danielegobbetti also points out

As an aside information, as far as i know paid apps require a postal address (of the seller). I understand that would be a low effort way of supporting the project though.

Well, I don't know how important this is, but even if you aren't selling your app, you will need to provide a one-time down payment of $25 using a credit card, which will just as well provide Google with the details of your identity and postal address, in most cases.

About takedown requests and all that... I hardly need to remind anyone that Gadgetbridge itself received one (in my non-legal, subjective opinion, quite bogus at that). The reaction after the issue was settled was to announce that Gadgetbridge, as a project, will strive to move away from GitHub as its main location, and become more distributed.
I'd see it as "one step forward and two steps back" to then publish it on Play, which is a place historically subject to many seemingly gratuitous takedowns... yes, it'd still be available on F-Droid, but by admission of the very proponents of including it in Play, Play is where a large userbase would come from - and then, become crucial.

To conclude, and say what I think should be done about this, I agree with @bluuub - sticking to F-Droid may in fact make a positive difference, even if this is just one app, just like voting supposedly makes a difference even if you're just one voter, when you zoom out and see group behavior.
With Gadgetbridge right now, in particular, it's having a surge of popularity due to the Amazfit watches, I think, which is also why the APK is being published left and right on "dodgy" forums and blogs where people barely even realize it's free software.

So... should the reaction to this be to cave in and let them keep not realizing, by publishing it on Play, or should the chores (as publishing it on Play will be a chore, in any case) be instead directed towards relentlessly commenting on every forum/blog post that portrays Gadgetbridge inaccurately or incompletely, to educate the people there who use it about what it really is, as well as point them to the wonderful resource that F-Droid is instead of the "dodgy APK"?

I think the answer is obvious.

@ashimokawa would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though? I am not so sure. But then, I guess if it were available on Play, some people would try looking it up there before downloading the random blog-provided APK. @walkjivefly you say that > No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction That may be true, but, *which* userbase would you like to have? "Publicity" (especially when it turns into "marketing") is something I'm always extremely wary of. Take LineageOS for instance, which is an open source project that has gained so much acceptance: many of its users not only don't care about its openness, but are [actively opposed](https://www.reddit.com/r/LineageOS/about/rules/) to people promoting open alternatives like [microG](https://microg.org/) within its community ("No xposed/magisk/supersu/microg/substratum discussion"), and this mentality has pretty much [become an official stance](https://www.lineageos.org/Safetynet/), where disabling Google spyware features that study your device's behavior in detail is seen as tantamount to "lying about security features" (lying to whom? certainly not to the device's owner: just to apps, and possibly Google, about things that were never their business in the first place!). If Gadgetbridge wants *traction*, then I ask: is this when it wants to be pulled by the traction? @IzzySoft for example mentioned MicroG as a good alternative to using Play Services for people who really need to run apps that require them, but if he mentioned that on most LineageOS discussion platforms, he would be virtually yelled at. @KazWolfe provides an example of a more relaxed, less "freedom is about complete freedom", view of Gadgetbridge, which I imagine could be similar as many LineageOS users have as an outlook: > This project is (edit: as best I can tell) meant to provide an alternative to the closed-source existing wearable apps, not be a crusader of libre software. ... to which @ashimokawa (being the original developer of Gadgetbridge) comprehensibly reacts with, to paraphrase, "how the hell do you know what *I meant* it to be?". So, this is possibly a very small example of community pressure, when you don't have quite the type of community you envisioned. @walkjivefly also as a small detail about Play, when you say, and @henningvs makes a similar point > I wouldn't count on the swift or even favourable response @IzzySoft thinks Google might bestow on a takedown request. Pre-emptively publishing in the PlayStore might be a good idea for this reason alone. It would be unfortunate if that were the only reason for doing so. I don't think this would be useful to control this potential issue: even if Gadgetbridge is "officially" released on Play, nothing prevents *someone else* from releasing a different version too. The only thing that can be done if that happens is a takedown request based on one of: trademark infringement; presence of malware; licensing violation. However, this is simply no different from making a takedown request *without* having published an official version first. The risk that Google may not act on it promptly remains the same. @danielegobbetti I am quite looking forward about Android 8's ability to selectively enable app stores... although it still considers them "unknown sources", in terminology, from my brief trial run of it, and makes you "agree to be responsible" for any damage they cause, which is a concept I hate, and which I use as a rebuttal to people who say that unlike iOS, the Android ecosystem is fully open in terms of installable software: it is really not, when you have to accept potentially legally-binding agreements stating that if you mistakenly install malware, it's *your* responsibility and not the responsibility of *whoever wrote the malware*. Add this to the fact that Google and mobile carriers do retain the ability to selectively disable phones they deem to be "a danger to the network": now you have no recourse against that, because you *agreed* to it! What an awful state of affairs, really. @danielegobbetti also points out > As an aside information, as far as i know paid apps require a postal address (of the seller). I understand that would be a low effort way of supporting the project though. Well, I don't know how important this is, but even if you *aren't* selling your app, you will need to [provide a one-time down payment of $25](https://support.google.com/googleplay/android-developer/answer/6112435) using a credit card, which will just as well provide Google with the details of your identity and postal address, in most cases. About takedown requests and all that... I hardly need to remind anyone that [Gadgetbridge itself received one](https://blog.freeyourgadget.org/our-dmca-takedown-a-post-mortem.html) (in my non-legal, subjective opinion, quite bogus at that). The reaction after the issue was settled was to announce that Gadgetbridge, as a project, will strive to move away from GitHub as its main location, and become more distributed. I'd see it as "one step forward and two steps back" to then publish it on Play, which is a place historically subject to many seemingly gratuitous takedowns... yes, it'd still be available on F-Droid, but by admission of the very proponents of including it in Play, Play is where a large userbase would come from - and then, become crucial. To conclude, and say what I think *should* be done about this, I agree with @bluuub - sticking to F-Droid *may* in fact make a positive difference, even if this is just one app, just like voting supposedly makes a difference even if you're just one voter, when you zoom out and see group behavior. With Gadgetbridge right now, in particular, it's having a surge of popularity due to the [Amazfit](http://outcasts.referata.com/wiki/Amazfit) watches, I think, which is also why the APK is being published left and right on "dodgy" forums and blogs where people barely even realize it's free software. So... should the reaction to this be to cave in and *let* them keep not realizing, by publishing it on Play, or should the chores (as publishing it on Play *will* be a chore, in any case) be instead directed towards relentlessly commenting on every forum/blog post that portrays Gadgetbridge inaccurately or incompletely, to educate the people there who use it about what it really is, as well as point them to the wonderful resource that F-Droid is instead of the "dodgy APK"? I think the answer is obvious.
Avamander commented 4 years ago (Migrated from github.com)
Owner

@LuccoJ

would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though?

That's not the issue, people downloading from shady places is. Google Play is more reputable than any other source on Android right now.

but are actively opposed to people promoting open alternatives like microG ("No xposed/magisk/supersu/microg/substratum discussion")

If you had actually read the rules they are just talking about that r/LineageOS is for LineageOS, discussing other products and projects is for other places and to be honest LineageOS is not the topic here either. Keep in mind that I do not agree with the hostile stance against modifications people make to their own systems (FOSS is all about freedom over my own system after all), but there's some truth to people being annoying about breaking their systems

nothing prevents someone else from releasing a different version too

And that's an issue how? It is seriously doubtful something unofficial will gain as many installs and reviews and thus overtake the official app in search or other lists.

Well, I don't know how important this is, but even if you aren't selling your app, you will need to provide a one-time down payment of $25 using a credit card, which will just as well provide Google with the details of your identity and postal address, in most cases.

The difference is Google knowing vs. every Google Play user knowing

So... should the reaction to this be to cave in and let them not realize, by publishing it on Play, or should the chores (as publishing it on Play will be a chore, anyway) be instead directed towards relently commenting on every forum/blog post that portrays Gadgetbridge inaccurately or incompletely, to educate the people there about what it is, since they are using it, as well as point them to the wonderful resource that F-Droid is instead of the "dodgy APK"?

Publishing to Google Play can be done with a Gradle job (also known as "automation"), it's not a chore. I like F-Droid as a concept, but in practice it's definitely not as easy to use as both an user and a developer. It's not developer's job to educate or dictate how their app should be used, where it should be downloaded or how it may be distributed. It's up for the user to decide, and if the user makes a mistake deciding, frankly, it's their own fault. App developers aren't omnipotent that they could keep everyone safe from the evils of [insert thing here]. We have a saying in Estonian that is quite on-point here, "Loll saab kirikus ka peksa" which roughly translates to "The fool gets beaten even in the church".

@LuccoJ > would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though? That's not the issue, people downloading from shady places is. Google Play is more reputable than any other source on Android right now. > but are actively opposed to people promoting open alternatives like microG ("No xposed/magisk/supersu/microg/substratum discussion") If you had actually read the rules they are just talking about that r/LineageOS is for LineageOS, discussing other products and projects is for other places and to be honest LineageOS is not the topic here either. Keep in mind that I do not agree with the hostile stance against modifications people make to their own systems (FOSS is all about freedom over my own system after all), but there's some truth to people being annoying about breaking their systems > nothing prevents someone else from releasing a different version too And that's an issue how? It is seriously doubtful something unofficial will gain as many installs and reviews and thus overtake the official app in search or other lists. > Well, I don't know how important this is, but even if you aren't selling your app, you will need to provide a one-time down payment of $25 using a credit card, which will just as well provide Google with the details of your identity and postal address, in most cases. The difference is Google knowing vs. every Google Play user knowing > So... should the reaction to this be to cave in and let them not realize, by publishing it on Play, or should the chores (as publishing it on Play will be a chore, anyway) be instead directed towards relently commenting on every forum/blog post that portrays Gadgetbridge inaccurately or incompletely, to educate the people there about what it is, since they are using it, as well as point them to the wonderful resource that F-Droid is instead of the "dodgy APK"? Publishing to Google Play can be done with a Gradle job (also known as "automation"), it's not a chore. I like F-Droid as a concept, but in practice it's definitely not as easy to use as both an user and a developer. It's not developer's job to educate or dictate how their app should be used, where it should be downloaded or how it may be distributed. It's up for the user to decide, and if the user makes a mistake deciding, frankly, it's their own fault. App developers aren't omnipotent that they could keep everyone safe from the evils of [insert thing here]. We have a saying in Estonian that is quite on-point here, "Loll saab kirikus ka peksa" which roughly translates to "The fool gets beaten even in the church".
LuccoJ commented 4 years ago (Migrated from github.com)
Owner

@Avamander I will try to make this response briefer than my original post.

That's not the issue, people downloading from shady places is. Google Play is more reputable than any other source on Android right now.

Yes, but my question was precisely whether people (who learn about Gadgetbridge from the very "shady" places that tout it as a way to hack the Amazfit firmwares) would stop getting the APKs from those places just because there is now a version on Play instead of just F-Droid. Why would they stop if they don't realize it's dangerous to get a random APK from a random website like that in the first place?

If you had actually read the rules they are just talking about that r/LineageOS is for LineageOS, discussing other products and projects is for other places and to be honest LineageOS is not the topic here either.

I have read the rules, but I have also mentioned that a similar stance is about LineageOS itself on their very wiki, and I could mention that in their IRC channel, I have witnessed people being turned on from getting support just because they mentioned they had microG, Magisk, or other such things installed. This is a pattern, not something specific to that particular subreddit.

And that's an issue how? It is seriously doubtful something unofficial will gain as many installs and reviews and thus overtake the official app in search or other lists.

It is an issue in the same way that random APKs that people seemingly do download (as much of this discussion revolves around that) is an issue, which apparently it is.
Why would random, extremely unofficial, dodgy APKs gain any concerning number of installs or be at all worrying? Apparently, they are, or we wouldn't be here.

Publishing to Google Play can be done with a Gradle job (also known as "automation"), it's not a chore.

No, the publishing itself is not much of a chore: fulfilling @danielegobbetti's bullet points might be, though, as might having to fulfill other Google requirements banning "Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections" (which I believe has been used about apps that can "hack" firmwares), or apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem" (which means the app can be taken down because someone else you don't control, such as the aforementioned dodgy blogs, "promotes" them in deceptive ways, due to the "benefits" phrasing).

It's not developer's job to educate or dictate how their app should be used, where it should be downloaded or how it may be distributed. It's up for the user to decide, and if the user makes a mistake deciding, frankly, it's their own fault.

Under that reasoning, if the user downloads the random untrusted APK from random blogs or forums, it's their fault, and not this project's problem, then.

I also suspect some Gadgetbridge developers would object to the concept that it's not their job to decide where and how the app can be distributed: according to the license they chose, it most definitely is, to various extents.

@Avamander I will try to make this response briefer than my original post. > That's not the issue, people downloading from shady places is. Google Play is more reputable than any other source on Android right now. Yes, but my question was precisely whether people (who learn about Gadgetbridge from the very "shady" places that tout it as a way to hack the Amazfit firmwares) would stop getting the APKs from those places just because there is now a version on Play instead of just F-Droid. Why would they stop if they don't realize it's dangerous to get a random APK from a random website like that in the first place? > If you had actually read the rules they are just talking about that r/LineageOS is for LineageOS, discussing other products and projects is for other places and to be honest LineageOS is not the topic here either. I *have* read the rules, but I have also mentioned that a similar stance is *about LineageOS itself* on their very wiki, and I could mention that in their IRC channel, I have witnessed people being turned on from getting support just because they mentioned they had microG, Magisk, or other such things installed. This is a pattern, not something specific to that particular subreddit. > And that's an issue how? It is seriously doubtful something unofficial will gain as many installs and reviews and thus overtake the official app in search or other lists. It is an issue in the same way that random APKs that people seemingly do download (as much of this discussion revolves around that) is an issue, which apparently it is. Why would random, extremely unofficial, dodgy APKs gain any concerning number of installs or be at all worrying? Apparently, they are, or we wouldn't be here. > Publishing to Google Play can be done with a Gradle job (also known as "automation"), it's not a chore. No, the publishing itself is not much of a chore: fulfilling @danielegobbetti's bullet points might be, though, as might having to fulfill other Google requirements banning ["Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections"](https://play.google.com/about/privacy-security/device-network-abuse/) (which I believe has been used about apps that can "hack" firmwares), or [apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem"](https://play.google.com/about/storelisting-promotional/app-promotion/) (which means the app can be taken down because *someone else you don't control*, such as the aforementioned dodgy blogs, "promotes" them in deceptive ways, due to the "benefits" phrasing). > It's not developer's job to educate or dictate how their app should be used, where it should be downloaded or how it may be distributed. It's up for the user to decide, and if the user makes a mistake deciding, frankly, it's their own fault. Under that reasoning, if the user downloads the random untrusted APK from random blogs or forums, it's their fault, and not this project's problem, then. I also suspect some Gadgetbridge developers would object to the concept that it's not their job to decide *where and how* the app can be distributed: according to the license they chose, it most definitely is, to various extents.
walkjivefly commented 4 years ago (Migrated from github.com)
Owner

@LuccoJ

No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction
That may be true, but, which userbase would you like to have? "Publicity" (especially when it turns into "marketing") is something I'm always extremely wary of.

I wasn't really equating "publicity" with "marketing", more like public awareness and availability. I think GB is a great app. It is functional, under active development and I can tinker around with it. It works well and I'd like other people to be able to benefit from it. The privacy/"libre" nature is a plus too but I'm more a pragmatist than an evangelist. Many more people are likely to find it and use it from the PlayStore than from F-droid or random blogs/APK links.

If Gadgetbridge wants traction, then I ask: is this when it wants to be pulled by the traction?

Apparently not. If it was, or if market penetration/size of userbase was a top priority for the devs then GB would already be available on PlayStore. @ashimokawa has stated his reasons for developing GB were a refusal to use proprietary software and a wish for privacy. I am grateful to him and the other devs for their hard work and their generosity in sharing their efforts with others. If the channels they choose to share through don't have the largest audience, so be it.

@LuccoJ >No publicity is bad publicity. Adding GB to PlayStore will increase the potential userbase enormously and help it gain traction That may be true, but, which userbase would you like to have? "Publicity" (especially when it turns into "marketing") is something I'm always extremely wary of. I wasn't really equating "publicity" with "marketing", more like public awareness and availability. I think GB is a great app. It is functional, under active development and I can tinker around with it. It works well and I'd like other people to be able to benefit from it. The privacy/"libre" nature is a plus too but I'm more a pragmatist than an evangelist. Many more people are likely to find it and use it from the PlayStore than from F-droid or random blogs/APK links. > If Gadgetbridge wants traction, then I ask: is this when it wants to be pulled by the traction? Apparently not. If it was, or if market penetration/size of userbase was a top priority for the devs then GB would already be available on PlayStore. @ashimokawa has stated his reasons for developing GB were a refusal to use proprietary software and a wish for privacy. I am grateful to him and the other devs for their hard work and their generosity in sharing their efforts with others. If the channels they choose to share through don't have the largest audience, so be it.
Avamander commented 4 years ago (Migrated from github.com)
Owner

@LuccoJ

Yes, but my question was precisely whether people (who learn about Gadgetbridge from the very "shady" places that tout it as a way to hack the Amazfit firmwares) would stop getting the APKs from those places just because there is now a version on Play instead of just F-Droid.

Let me quote your previous comment, two totally different questions, one is about possibly malicious distribution and second is downloading from potentially malicious places:

would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though?

I have read the rules, but I have [...]

Again, off-topic.

Google requirements banning "Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections" (which I believe has been used about apps that can "hack" firmwares), or apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem"

Communicating with smartwatches is not hacking and Gadgetbridge is neither deceptive or harmful to users or the developer ecosystem. But they're specifically written so vague to benefit Google. It's also a reason we aren't seeing proper actual tools like airmon-ng on Play Store :(

Under that reasoning, if the user downloads the random untrusted APK from random blogs or forums, it's their fault, and not this project's problem, then.

You understood me perfectly.

I also suspect some Gadgetbridge developers would object to the concept that it's not their job to decide where and how the app can be distributed: according to the license they chose, it most definitely is, to various extents.

As long as you comply with the license, there's literally nothing they can do, but it's then the license dictating how it may be distributed not the devs (devs by proxy though).

@LuccoJ > Yes, but my question was precisely whether people (who learn about Gadgetbridge from the very "shady" places that tout it as a way to hack the Amazfit firmwares) would stop getting the APKs from those places just because there is now a version on Play instead of just F-Droid. Let me quote your previous comment, two totally different questions, one is about possibly malicious distribution and second is downloading from potentially malicious places: > would silly blogs, etc, really stop uploading their "own" shady versions of Gadgetbridge on shady places, just because it's available on Play, though? > I have read the rules, but I have [...] Again, off-topic. > Google requirements banning "Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections" (which I believe has been used about apps that can "hack" firmwares), or apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem" Communicating with smartwatches is not hacking and Gadgetbridge is neither deceptive or harmful to users or the developer ecosystem. But they're specifically written so vague to benefit Google. It's also a reason we aren't seeing proper actual tools like airmon-ng on Play Store :( > Under that reasoning, if the user downloads the random untrusted APK from random blogs or forums, it's their fault, and not this project's problem, then. You understood me perfectly. > I also suspect some Gadgetbridge developers would object to the concept that it's not their job to decide where and how the app can be distributed: according to the license they chose, it most definitely is, to various extents. As long as you comply with the license, there's literally nothing they can do, but it's then the license dictating how it may be distributed not the devs (devs by proxy though).
ishotjr commented 4 years ago (Migrated from github.com)
Owner

Hi all! :bowtie: @danielegobbetti pointed me to this thread and asked if I'd be able to assist with publishing your app to Google Play. As it happens, I'm extremely experienced with this, as I do it over a hundred times a year. I have no problem creating a new account for this (preferably for Rebble as a whole) and associating my private data with it in order to pay the $25 fee. I'm not clear where things are at in the should we/shouldn't we debate at this point, but I wanted to offer my assistance and (slightly off-topic) invite you to share your progress via Rebble's regular blog and social media updates etc. Thanks! :bowtie:

Hi all! :bowtie: @danielegobbetti pointed me to this thread and asked if I'd be able to assist with publishing your app to Google Play. As it happens, I'm extremely experienced with this, as I do it over a hundred times a year. I have no problem creating a new account for this (preferably for [Rebble](https://github.com/pebble-dev) as a whole) and associating my private data with it in order to pay the $25 fee. I'm not clear where things are at in the *should we/shouldn't we* debate at this point, but I wanted to offer my assistance and (slightly off-topic) invite you to share your progress via Rebble's regular blog and social media updates etc. Thanks! :bowtie:
RichiH commented 3 years ago (Migrated from github.com)
Owner

I agree with the intent of gently moving people to more privacy-conscious solutions, but as it is, there's a Google Play version clearly marked as unofficial.

As it stands, non-tech-savvy users are being driven to either use the unofficial version of this app, or Mi Fit. Both options are worse from the PoV of both privacy and security.

A possible middle ground would be to add information in the Play store version that informs the user about what F-Droid is, where to get it, and why this matters.

I agree with the intent of gently moving people to more privacy-conscious solutions, but as it is, there's a Google Play version clearly marked as unofficial. As it stands, non-tech-savvy users are being driven to either use the unofficial version of this app, or Mi Fit. Both options are worse from the PoV of both privacy and security. A possible middle ground would be to add information in the Play store version that informs the user about what F-Droid is, where to get it, and why this matters.

@RichiH

A possible middle ground would be to add information in the Play store version that informs the user about what F-Droid is, where to get it, and why this matters.

Unfortunately, that doesn't comply to Google Play Store TOS ("Thou shalt not have another app store next to me"). Apart from that, most of us here at GB were opposed to the playstore release – so you better complain there, with the repo of the fork. Nothing we can do about it. It's the task of who puts the unofficial version up to playstore to get this straight. The GB team has no access to that playstore account.

@RichiH > A possible middle ground would be to add information in the Play store version that informs the user about what F-Droid is, where to get it, and why this matters. Unfortunately, that doesn't comply to Google Play Store TOS ("Thou shalt not have another app store next to me"). Apart from that, most of us here at GB were opposed to the playstore release – so you better complain there, with the repo of the fork. Nothing we can do about it. It's the task of who puts the unofficial version up to playstore to get this straight. The GB team has no access to that playstore account.
LuccoJ commented 3 years ago (Migrated from github.com)
Owner

I agree with the intent of gently moving people to more privacy-conscious solutions, but as it is, there's a Google Play version clearly marked as unofficial.

If it really is "clearly marked as unofficial" (and it is, and it goes as far as telling you where to find the official one on GitHub and its license, which is the best one can do on Play Store without breaching the ToS), then I don't see the issue: a person curious about what that entails could write the publisher to inquire, or make a simple Google search and find out about the official https://gadgetbridge.org/ and F-Droid, and how open source works. Or hey, they can simply click on the links provided within the description.

On the other hand, a person who will read it's unofficial and still not give a damn... do you expect them to give a damn just by virtue of being offered an even more explicit damn to give?

> I agree with the intent of gently moving people to more privacy-conscious solutions, but as it is, there's a Google Play version clearly marked as unofficial. If it really is "clearly marked as unofficial" (and it is, and it goes as far as telling you where to find the official one on GitHub and its license, which is the best one can do on Play Store without breaching the ToS), then I don't see the issue: a person curious about what that entails could write the publisher to inquire, or make a simple Google search and find out about the official https://gadgetbridge.org/ and F-Droid, and how open source works. Or hey, they can simply click on the links provided *within* the description. On the other hand, a person who will read it's unofficial and still not give a damn... do you expect them to give a damn just by virtue of being offered an even more explicit damn to give?
Owner

Just a quick reminder that walled gardens are never a good idea: https://twitter.com/oekomobil/status/1015894622789406721

Tweet is in German but basically it says that an app for public transport was removed without explanation from the play store.

Transportr (app that uses the same library and is open source) also commented in english: https://twitter.com/TransportrApp/status/1015964122880643073

Just a quick reminder that walled gardens are never a good idea: https://twitter.com/oekomobil/status/1015894622789406721 Tweet is in German but basically it says that an app for public transport was removed without explanation from the play store. Transportr (app that uses the same library and is open source) also commented in english: https://twitter.com/TransportrApp/status/1015964122880643073
nkomarov commented 3 years ago (Migrated from github.com)
Owner

I just wanted to briefly share my use case.
I bought Mi Band 3 with Chinese firmware, Chinese UI. On popular forums they suggest using Gadgetbridge to flash it with the right firmware. I looked at Google Play Store but there was this app from TaavieE (not any of the original authors) which required a lot of permissions. I was alarmed by 1) the difference of authors of the original Gadgetbridge and Play Market app 2) no info about Google Play situation in the Gadget Bridge wiki FAQ. 3) No reference to the official Gadget Bridge app in the Google Play App by TaavieE.

Could you please add cross references and a short FAQ explanation? It would help privacy-unresponsible people like me to easily make sure that they download a more or less official version of the Gadget Bridge from Google Play?

I just wanted to briefly share my use case. I bought Mi Band 3 with Chinese firmware, Chinese UI. On popular forums they suggest using Gadgetbridge to flash it with the right firmware. I looked at Google Play Store but there was this app from TaavieE (not any of the original authors) which required a lot of permissions. I was alarmed by 1) the difference of authors of the original Gadgetbridge and Play Market app 2) no info about Google Play situation in the Gadget Bridge wiki FAQ. 3) No reference to the official Gadget Bridge app in the Google Play App by TaavieE. Could you please add cross references and a short FAQ explanation? It would help privacy-unresponsible people like me to easily make sure that they download a more or less official version of the Gadget Bridge from Google Play?
LuccoJ commented 3 years ago (Migrated from github.com)
Owner

@nkomarov the way I see it, either it's official or it's not, there is no "more or less"... and there is no official Gadgetbridge in the Play Store, as it's just not officially distributed there.

I don't see why even "privacy-unresponsible" people cannot download it using F-Droid: that's the preferred channel, and if you don't want to use the F-Droid app itself you can always download the APK from the F-Droid web page instead (although you'll lose updates that way, but then again, why not get F-Droid?). It's all pretty simple to do, without any real drawbacks. This is a free app, and its developers are entitled to "nudge" people towards a more free distribution channel, instead of accommodating their use of Play.

I think I agree that a FAQ entry or other prominent notice may be warranted, since the Play Store is so pervasive and people may assume "everything is in there". Then again, apps like NewPipe are quite popular even though they are only in F-Droid (because they are outright banned from Play, which shows one of its issues).

@nkomarov the way I see it, either it's official or it's not, there is no "more or less"... and there is no official Gadgetbridge in the Play Store, as it's just not officially distributed there. I don't see why even "privacy-unresponsible" people cannot download it using F-Droid: that's the preferred channel, and if you don't want to use the F-Droid app itself you can always download the APK from the F-Droid web page instead (although you'll lose updates that way, but then again, why not get F-Droid?). It's all pretty simple to do, without any real drawbacks. This is a free app, and its developers are entitled to "nudge" people towards a more free distribution channel, instead of accommodating their use of Play. I think I agree that a FAQ entry or other prominent notice may be warranted, since the Play Store is so pervasive and people may assume "everything is in there". Then again, apps like NewPipe are quite popular even though they are only in F-Droid (because they are outright banned from Play, which shows one of its issues).
Owner

@nkomarov
Gadgetbridge for the "privacy-unresponsible" is just a tool to flash the firmware, for us it is a (imperfect but working) Mi Fit replacement. And as such, we need all these permissions.
We never published in the Play Store, @TaaviE did, you have to trust him, not us. We do not think his fork does anything evil, but of course we cannot guarantee it. If you want to be sure to have the latest official version, download it from F-Droid. It is also newer most of the time.

@nkomarov Gadgetbridge for the "privacy-unresponsible" is just a tool to flash the firmware, for us it is a (imperfect but working) Mi Fit replacement. And as such, we need all these permissions. We never published in the Play Store, @TaaviE did, you have to trust him, not us. We do not think his fork does anything evil, but of course we cannot guarantee it. If you want to be sure to have the latest official version, download it from F-Droid. It is also newer most of the time.
nkomarov commented 3 years ago (Migrated from github.com)
Owner

I understand it all, I just briefly described an example of how an average person hears about GB for the first time and what happens. Just FYI :-) Thanks for your comments and quick reaction 👍

I understand it all, I just briefly described an example of how an average person hears about GB for the first time and what happens. Just FYI :-) Thanks for your comments and quick reaction 👍
  1. the difference of authors of the original Gadgetbridge and Play Market app
  2. no info about Google Play situation in the Gadget Bridge wiki FAQ
  3. No reference to the official Gadget Bridge app in the Google Play App by TaavieE.

I've made it really clear that it's not official in the Play Store listing and explained what has been changed.

We do not think his fork does anything evil, but of course we cannot guarantee it.

It still lacks the INTERNET permission, unless I have found a 0day in Android there's nothing really I could even do (I don't have a 0day, if I did I'd probably claim a bounty instead of burning it).

It is also newer most of the time.

Depends.
There are two major roadblocks with updating it at the moment:

  • Due to Google Play policy changes the use of certain permissions requires filling out an exemption form, I submitted it but haven't yet heard back for months now, new updates have to (AFAIK) comply (or be exempt) or it will be unpublished
  • There's a bug with Android Studio that stops me from signing updates
> 1) the difference of authors of the original Gadgetbridge and Play Market app > 2) no info about Google Play situation in the Gadget Bridge wiki FAQ > 3) No reference to the official Gadget Bridge app in the Google Play App by TaavieE. I've made it **really** clear that it's not official in the Play Store listing and explained what has been changed. > We do not think his fork does anything evil, but of course we cannot guarantee it. It still lacks the INTERNET permission, unless I have found a 0day in Android there's nothing really I could even do (I don't have a 0day, if I did I'd probably claim a bounty instead of burning it). > It is also newer most of the time. Depends. There are two major roadblocks with updating it at the moment: * Due to Google Play policy changes the use of certain permissions requires filling out an exemption form, I submitted it but haven't yet heard back for months now, new updates have to (AFAIK) comply (or be exempt) or it will be unpublished * There's a bug with Android Studio that stops me from signing updates

I've just added a short hint to the wiki. If someone could write up a summary of our discussion here, that would be much appreciated and could be added to the wiki. Feel free to ping me for copying it over – or add it to the wiki yourself and put the link to where you placed it in another comment here.

Thanks to all who participated in this!

I've just added a short hint [to the wiki](https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki/Home). If someone could write up a summary of our discussion here, that would be much appreciated and could be added to the wiki. Feel free to ping me for copying it over – or add it to the wiki yourself and put the link to where you placed it in another comment here. Thanks to all who participated in this!
Owner

Since the unofficial hasn't been updated since February, I have thought of adding the following to the bug_report.md template:

  • I am have downloaded Gadgetbridge from F-Droid or i built it myself from source code.

@IzzySoft what do you think? Feel free to ping me on matrix.

Since the unofficial hasn't been updated since February, I have thought of adding the following to the bug_report.md template: - [ ] I am have downloaded Gadgetbridge from [F-Droid](https://f-droid.org/app/nodomain.freeyourgadget.gadgetbridge) or i built it myself from source code. @IzzySoft what do you think? Feel free to ping me on matrix.

@vanous I'm not at Matrix. Sounds good to me, though (you might wish to add "from the latest tag or commit" to the end). Decision is up to @ashimokawa 😉

@vanous I'm not at Matrix. Sounds good to me, though (you might wish to add "from the latest tag or commit" to the end). Decision is up to @ashimokawa :wink:
Owner

@vanous
good idea, the biggest problem is really that the version on google play is outdated.

@vanous good idea, the biggest problem is really that the version on google play is outdated.

@ashimokawa isn't that the whole point of what @vanous suggests?

@ashimokawa isn't that the whole point of what @vanous suggests?
Owner

Perhaps this can be made better:

I got Gadgetbridge from:

  • F-Droid
  • i built it myself from source code (specify tag, commit)
  • Play Store (this version is quite old by now, try using latest version first)
Perhaps this can be made better: ### I got Gadgetbridge from: - [ ] [F-Droid](https://f-droid.org/app/nodomain.freeyourgadget.gadgetbridge) - [ ] i built it myself from source code (specify tag, commit) - [ ] Play Store (this version is quite old by now, try using [latest version](https://f-droid.org/app/nodomain.freeyourgadget.gadgetbridge) first)

@vanous make the last point a comment (no checkbox) saying "Play Store: this version is unsupported here. Please try one of the other two before reporting." (or something along the lines). You could even point to TaaviE's repo and say "report over there" – but unfortunately, he has disabled issues saying "report over here" (it's the original Readme) 😢


I got Gadgetbridge from:

  • F-Droid
  • I built it myself from source code (specify tag / commit)

If you got it from Google Play, please note that version is unofficial and not supported here; it's also often quite outdated. Please switch to one of the above versions.


@vanous make the last point a comment (no checkbox) saying "Play Store: this version is unsupported here. Please try one of the other two before reporting." (or something along the lines). You could even point to [TaaviE's repo](https://github.com/TaaviE/Gadgetbridge) and say "report over there" – but unfortunately, he has disabled issues saying "report over here" (it's the original Readme) 😢 ---- ### I got Gadgetbridge from: * [ ] F-Droid * [ ] I built it myself from source code (specify tag / commit) If you got it from Google Play, please note [that version](https://github.com/TaaviE/Gadgetbridge) is unofficial and not supported here; it's also often quite outdated. Please switch to one of the above versions. ----
Owner

Good, ok, thank you.

Good, ok, thank you.

Then it's up to @ashimokawa now to have the final say – and include it with the templates if saying "yes" 😉

Then it's up to @ashimokawa now to have the final say – and include it with the templates if saying "yes" :wink:
Owner

@IzzySoft
I think the latest proposal is good ;)

Also I remove the "malicious" wording from the wiki, because I tend to think that TaaviE is not a bad guy, he just has a different attitude then me. And it would sound like an accusation, which would be unfair.

@IzzySoft I think the latest proposal is good ;) Also I remove the "malicious" wording from the wiki, because I tend to think that TaaviE is not a bad guy, he just has a different attitude then me. And it would sound like an accusation, which would be unfair.

Full ack @ashimokawa (and you can make that an "us" as I'd side with you here, with the same connotation 😉)

Full ack @ashimokawa (and you can make that an "us" as I'd side with you here, with the same connotation :wink:)
Sign in to join this conversation.
No Milestone
No Assignees
6 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.