Comment on Google Play Store listing apps installed from F-Droid that it cannot update
mundane@feddit.nu 2 months agoMismatched signatures have been discouraged since day one of Android. A mismatched signature is a sign that some one other than the original publisher built this package, and the user needs to be aware that it might be malicious.
That F-Droid went with this setup with mismatched signatures was always going to make their apks look suspicious.
NeatNit@discuss.tchncs.de 2 months ago
You misunderstood the whole situation. The signatures are all fine. Google Play Store is trying to override an app installed from F-Droid. If the two stores had the same signature, the play store would be able to do this which would go completely counter to the user’s choice (they installed from F-Droid for a reason). It’s a good thing the signatures don’t match, there’s nothing suspicious about it.
It used to be that the play store just wouldn’t show updates to apps that it wasn’t actually able to update. They broke this behaviour.
Norgur@fedia.io 2 months ago
No, it's not a good thing. The solution would be to use a different package name for the f droid version. That's what's supposed to be done. It's not the signature or Google that's causing the problem. It's that there are two packages with identical names that should not be identical.
mundane@feddit.nu 2 months ago
The package name is the unique id. If you want to distribute multiple variants (like two versions with differing signatures) they should not have the same identifier. If they are not the same the id/package name should not be the same.
Having different package names would also prevent the Google play store from trying to update it.