|
|
Subscribe / Log in / New account

Android without the mothership

Android without the mothership

Posted Jun 19, 2014 5:05 UTC (Thu) by kpc (guest, #46024)
In reply to: Android without the mothership by cworth
Parent article: Android without the mothership

Couple other options for downloading Play Store apps without installing any Google packages on your device:

APK Downloader service: http://apps.evozi.com/apk-downloader/

APK Downloader Chrome extension: https://chrome.google.com/webstore/detail/apk-downloader/...

BlankStore (NOGAPPS project): http://forum.xda-developers.com/showthread.php?t=1715375

The latter is deprecated, but it still works. Initial setup requires a bit of elbow grease.

> Interestingly, the CyanogenMod 11.0 M7 installation included the Play Store app

This is very surprising. I just flashed cm-11-20140618-NIGHTLY-hammerhead.zip (Nexus 5) today and it has no Google packages.

to post comments

Android without the mothership

Posted Jun 19, 2014 9:50 UTC (Thu) by Seegras (guest, #20463) [Link]

> BlankStore (NOGAPPS project): http://forum.xda-developers.com/showthread.php?t=1715375

That was enlightening. Not particularly because of BlankStore, but because of the maps API and the NetworkLocation.apk.

With these, I got a load of applications running (namely, the time tables for ZVV and for the german railways).

Android without the mothership

Posted Jun 19, 2014 11:02 UTC (Thu) by job (guest, #670) [Link] (2 responses)

Please be careful with the evozi link. There are claims on Reddit that it serves malware if you visit with an Android device.

Get the Chrome extension from XDA-Developers instead. It's easy to find with Google.

Android without the mothership

Posted Jun 19, 2014 19:34 UTC (Thu) by kpc (guest, #46024) [Link] (1 responses)

FWIW, this site claims that the evozi-hosted Chrome extension (for your PC) is an unauthorized fork that contains spyware:

https://lekensteyn.nl/apk-downloader/

Note that if a third party modifies an APK, they will not be able to generate a new signature that can be validated with the original author's certificate. This means:

- If you already have an official release of the app installed, and evozi serves up a malware-infested update, it will not install due to a certificate mismatch

- If you install a malware-infested version (fresh) and then later try to update to an official version, you will see a certificate mismatch at that time

- For the same reason, you cannot easily switch between official author-signed APKs and F-Droid builds of the same package, because F-Droid always signs the binaries with their own key. FAQ entry: https://f-droid.org/wiki/page/FAQ_-_App_Developers#What_a...

Older Android releases have signature validation bugs that may allow these protections to be bypassed:

http://www.saurik.com/id/19

Android without the mothership

Posted Aug 3, 2014 17:41 UTC (Sun) by Tuxicoman (guest, #98170) [Link]

You can also use GooglePlayDownloader.

It's fully open source and in Python. So you can ensure you get the APK straight from Google servers without malwares a third party could inject in.

I coded the graphical interface and packaging of this software.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds