I have installed Davx5 from F-Droid, from IzzyOnDroid Repo. Today I have checked for updates with the Google playstore and the App was updated to the playstore variant. I thought this isn’t possible? What’s going on here?
The apps on IzzyOnDroid are built by the original developers and likely signed with the same key as the version on Google Play. As a result, Google is able to update them. Apps in the official F-Droid repository are signed by F-Droid. As a result, the keys are different and won’t be updated by the version from Google.
It can also happen with apps from the main repo. If the app is reproducible (about 5% so far, most new apps) then F-Droid will use the developer signature.
This makes sense. Yes, I have paid in the playstore for this app (and I would do it again and again). But if I understand it correctly this would also mean, I could download their v4.3.8-ose from the official GitHub repo for free, and it would be updated automatically from Playstore to v4.3.8-gplay version (which is not free). Strange.
But this app is worth every penny.
Izzydroid repo is using the dev signature, play store has an option to use the dev signature instead of Google signature. Same signature = update allowed
TIL there’s an option to have Google sign an app. Seems a bit sketchy to me.
All of my apps that are downloaded not from the Aurora store can be updated via Aurora. I have to blacklist them in Aurora so I don’t accidentally update them there. Many applications offer their “pro” versions for free in fdroid or just on Github and it’s up to you to choose to donate or not. OSM And~, Retro Music, Lemuroid, Notesnook, Voyager, Quillpad, FUTO Voice Input are all from Fdroid and I’ve needed to blacklist them. Even BlueWallet downloaded via Obtanium from Github is recognized in Aurora.
They both have the same signing keys. The F-Droid repo uses the F-Droid signing keys unless the build is reproducible.