Direct Download APK?

I currently use GrapheneOS without any google apps, after switching away from iOS because of Apples recent move toward reckless privacy practices. I consider a googled phone MUCH more privacy invasive than iOS, but /e/ or grapheneOS to be much better than either.

I was able to mostly switch to open source software, or the few closed source apps I use made their apk available directly. I was very surprised to find 1password only deploying via the play store, even though it has been requested before with mediocre responses here.

For technical users, a direct download of the apk with sha256 sum to verify is the absolute best solution, and frankly the play store is unacceptable. I have been using 1password for years and have had no problems on any other device including linux, so it's a mystery why android is kept shut.

I don't want to register my device with the play store either, as I've removed google completely from my life including google accounts. I don't want to be logged in anywhere and I'm sure many people are feeling the same after the last creepy moves by google and apple.

I am dreading looking for an open source password manager just because of lack of android support. Is there any move toward providing an apk?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • mverdemverde

    Team Member

    Thanks for sharing your question with us @monomadic! I'm sorry to read that you've found our previous responses to be less than satisfying, but hopefully I can provide some more context with this reply.

    You are correct that we currently only distribute 1Password for Android through the Google Play Store. The reason for this up until now is that the vast majority of Android devices ship with the Google Play Store and Google Play Services installed. Since this is also where almost all of our customers are, this is where we have focused our efforts.

    In recent years though, there does seem to be a trend towards unbundling of Google Play Services from a number of alternative Android distributions. And for at least one manufacturer, Google Play Services can no longer be bundled with their devices. The result is that an increasing number of our customers are using devices that don't have Google Play on them.

    While making an APK available for direct download would certainly allow us to serve customers on those devices, it doesn't come without its own share of challenges. We currently utilize Google Play in-app payments to set up 1Password subscriptions, so we need an alternative payment flow that works well for mobile. It's especially critical to keep security apps up-to-date, so we need a mechanism for detecting, fetching, and applying updates with as little friction as possible. Some optional features such as QR code scanning and FIDO2 security key support currently rely on Google Play Services, and need to be implemented using different technology stacks in order to provide feature parity between the Google Play version and a directly distributed version.

    None of these issues is insurmountable, but they all come with increased development cost. Having versions of the app that are implemented differently also increases the number of things that can possibly go wrong, which means that we need to invest more time and effort into testing as well. With that in mind, I can say that this is something that we're looking into, but I would also caution that it's not something that we expect to be able to offer in the near future. That's not necessarily the answer you were looking for, but I hope it provides more context than you had previously. Let me know if you have any follow-up questions!

  • MikeVMikeV
    edited December 2021

    As someone starting to look at alternative Android distributions, this definitely interests me too.

    Maybe a way to start would be to provide an app that might lack some things at first, to gauge demand for such an app, then work on them over time. I think many would just be happy to have the ability to access their vault first and foremost, and would understand that additional features would be brought in later. If we're going through the trouble to use a device with an alternate Android distribution, we're not going to be strangers to things being a little more bare-bones as a result of no Google integration.

    Payment flow... require that a user have an existing subscription to start (most likely if one is using an alternative Android distribution and seeking this APK, they already have a subscription), or provide a link to the website to process the subscription payment. Simple way to start, could be filled out later with a more integrated flow if needed.

    For other things that you use Google services for (QR, FIDO2, etc.)... Unless Google requires that you use their services to have your app in their Store (which would raise an alarm bell with me), you could change the Google Play app to use non-Google services to reduce differences. Google specifically has their services in order to make it harder to use an app in other non-Google Android environments. But getting away from Google means your app could also be available elsewhere, like Amazon's app store and Fire tablets (I'm pretty sure they don't have Google Play, but I've never used one so I can't say with certainty), in addition to alternative privacy/security Android distributions.

    Updates to the app... Security and privacy-minded individuals are well aware of the need to ensure apps remain updated. If a new version is available, simply provide a direct link to the new APK to download via browser. Again, something that could be made more integrated later, but would allow a simple start to get things going.

    Again, this wouldn't need to be a super-polished mirror of the Google Play app right out of the gate... just something to start would be a big step!

  • I also think this would be an interesting thing to have. Personally I have no problems with the services Google provides to make AOSP convenient to use as these services require a large amount of infrastructure (things like push notifications) and someone has to pick up the bill.

    However i do like to install lineageOS on old mobile phones to get more recent versions of the components which aren't updated through the Play Store. At the moment getting the phone workable as a daily driver requires also installing google services on the phone so i can install things like 1password or Evernote, and that's a pity.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file