Essentially the apps have same package name but different signatures and the app store that installed it should be the only one to recognize and update it.
But Google is likely trying this dark pattern to sway people away from F-Droid or alt stores by making users uninstall these apps and install it from the Google Play Store.
It’s been going on for a while and is annoying af.
It’s just cause it has the same package name and only checks the signature on attempt to install not cause Google has some alterior motive
It’s relatively new behaviour so they introduced it recently. And they need to fix it, but ignore it entirely…
Mismatched signatures have been discouraged since day one of Android. A mismatched signature is a sign that some one other than the original publisher built this package, and the user needs to be aware that it might be malicious.
That F-Droid went with this setup with mismatched signatures was always going to make their apks look suspicious.
You misunderstood the whole situation. The signatures are all fine. Google Play Store is trying to override an app installed from F-Droid. If the two stores had the same signature, the play store would be able to do this which would go completely counter to the user’s choice (they installed from F-Droid for a reason). It’s a good thing the signatures don’t match, there’s nothing suspicious about it.
It used to be that the play store just wouldn’t show updates to apps that it wasn’t actually able to update. They broke this behaviour.
Even if it’s new behavior, there is really no reason to assume that this was done to evoke some dark pattern or other. It just shows that Google will not think about 3rd party stores when they do anything with their services and that is hardly news, is it? Besides: I kinda get it honestly. If they’d take all the stuff out there for android into account before they did anything, nothing would be done at all.
So the question becomes less why that’s there, but more what stores like Samsung do to prevent this issue and if F-Droid can adapt the same behavior.
Maybe that’s true, but then:
- They previously had code to prevent this, why did they remove it?
- Why won’t they fix it now? I’ve reported this twice already and I’m not the only one, this is affecting a huge number of users, why are they ignoring it? I refuse to believe they’re not aware of it. And if they aren’t aware of it that points to an even bigger issue of having absolutely no idea the repercussions of that they do even when thousands/millions of users reach out to tell them.
I’ve only been seeing it in the past few months, definitely less than one year. Before that this never happened even when I had affected apps installed. Notably the Wikipedia app.
Since I found out about F-Droid and Aurora Store, I’m actively dodging the Play Store. No one will ever make me use it. Ads, promos, junk everywhere! And their shitty way of updating.
either download the official APK from f-droid.org or use the NeoStore app which is a better client imho. from there its some simple setup and basically works like the play store.
Has Aurora been improved since last year?
I tried to love it, but it was such a pita to actually update things. Like, it hardly actually updated without errors or issues. When it did “update” an app, I wouldn’t be able to actually open it. After it broke some important apps I was using, I uninstalled it.
It’s because they are using like 10 disposable Google accounts shared between all the users in the world, so access is throttled
But Google is likely trying this dark pattern to sway people away from F-Droid or alt stores by making users uninstall these apps and install it from the Google Play Store.
No, it’s the security measure. Anyone can use existing package ID. If the user installs a different app with the same package ID as the other, that new app just overwrites the old app and will have access to the sensitive data of it.
F-Droid apps are built and signed by the people at F-Droid. Apps from Google Play and GitHub are built and signed by the developers themselves. You can update Google Play apps from GitHub and vice versa. That’s why I use Obtainium over F-Droid.
This is an f-droid problem. If they use the same package name, they need to use the same signature. That has been the case since long before f-droid existed.
They could just build apks with alternate package names and this wouldn’t be an issue.
It’s a problem of trust. Differing signature is an indication of third party tampering. People shouldn’t start to see difference in signatures as an ordinary occurrence. It should be an high alert event.
Nope.
Often versions on Play Store are slightly different (telemetry). Sometimes they even have different versioning.
Yeah the worst part of it is that the version on Google Play is actually the older version.
They are shown on the update page for Google’s benefits only. This is anti customer.
It’s not though it’s because the developers use the same package name for the f-droid and play store versions but when the play store checks the signature before installing it sees it doesn’t match and it fails if the developers used different package names for play store and f-droid this would not be an issue
