Direct Download APK?

monomadic
monomadic
Community Member

I currently use GrapheneOS without any google apps, after switching away from iOS because of Apples recent move toward reckless privacy practices. I consider a googled phone MUCH more privacy invasive than iOS, but /e/ or grapheneOS to be much better than either.

I was able to mostly switch to open source software, or the few closed source apps I use made their apk available directly. I was very surprised to find 1password only deploying via the play store, even though it has been requested before with mediocre responses here.

For technical users, a direct download of the apk with sha256 sum to verify is the absolute best solution, and frankly the play store is unacceptable. I have been using 1password for years and have had no problems on any other device including linux, so it's a mystery why android is kept shut.

I don't want to register my device with the play store either, as I've removed google completely from my life including google accounts. I don't want to be logged in anywhere and I'm sure many people are feeling the same after the last creepy moves by google and apple.

I am dreading looking for an open source password manager just because of lack of android support. Is there any move toward providing an apk?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Thanks for sharing your question with us @monomadic! I'm sorry to read that you've found our previous responses to be less than satisfying, but hopefully I can provide some more context with this reply.

    You are correct that we currently only distribute 1Password for Android through the Google Play Store. The reason for this up until now is that the vast majority of Android devices ship with the Google Play Store and Google Play Services installed. Since this is also where almost all of our customers are, this is where we have focused our efforts.

    In recent years though, there does seem to be a trend towards unbundling of Google Play Services from a number of alternative Android distributions. And for at least one manufacturer, Google Play Services can no longer be bundled with their devices. The result is that an increasing number of our customers are using devices that don't have Google Play on them.

    While making an APK available for direct download would certainly allow us to serve customers on those devices, it doesn't come without its own share of challenges. We currently utilize Google Play in-app payments to set up 1Password subscriptions, so we need an alternative payment flow that works well for mobile. It's especially critical to keep security apps up-to-date, so we need a mechanism for detecting, fetching, and applying updates with as little friction as possible. Some optional features such as QR code scanning and FIDO2 security key support currently rely on Google Play Services, and need to be implemented using different technology stacks in order to provide feature parity between the Google Play version and a directly distributed version.

    None of these issues is insurmountable, but they all come with increased development cost. Having versions of the app that are implemented differently also increases the number of things that can possibly go wrong, which means that we need to invest more time and effort into testing as well. With that in mind, I can say that this is something that we're looking into, but I would also caution that it's not something that we expect to be able to offer in the near future. That's not necessarily the answer you were looking for, but I hope it provides more context than you had previously. Let me know if you have any follow-up questions!

  • MikeV
    MikeV
    Community Member
    edited December 2021

    As someone starting to look at alternative Android distributions, this definitely interests me too.

    Maybe a way to start would be to provide an app that might lack some things at first, to gauge demand for such an app, then work on them over time. I think many would just be happy to have the ability to access their vault first and foremost, and would understand that additional features would be brought in later. If we're going through the trouble to use a device with an alternate Android distribution, we're not going to be strangers to things being a little more bare-bones as a result of no Google integration.

    Payment flow... require that a user have an existing subscription to start (most likely if one is using an alternative Android distribution and seeking this APK, they already have a subscription), or provide a link to the website to process the subscription payment. Simple way to start, could be filled out later with a more integrated flow if needed.

    For other things that you use Google services for (QR, FIDO2, etc.)... Unless Google requires that you use their services to have your app in their Store (which would raise an alarm bell with me), you could change the Google Play app to use non-Google services to reduce differences. Google specifically has their services in order to make it harder to use an app in other non-Google Android environments. But getting away from Google means your app could also be available elsewhere, like Amazon's app store and Fire tablets (I'm pretty sure they don't have Google Play, but I've never used one so I can't say with certainty), in addition to alternative privacy/security Android distributions.

    Updates to the app... Security and privacy-minded individuals are well aware of the need to ensure apps remain updated. If a new version is available, simply provide a direct link to the new APK to download via browser. Again, something that could be made more integrated later, but would allow a simple start to get things going.

    Again, this wouldn't need to be a super-polished mirror of the Google Play app right out of the gate... just something to start would be a big step!

  • ehrt74
    ehrt74
    Community Member

    I also think this would be an interesting thing to have. Personally I have no problems with the services Google provides to make AOSP convenient to use as these services require a large amount of infrastructure (things like push notifications) and someone has to pick up the bill.

    However i do like to install lineageOS on old mobile phones to get more recent versions of the components which aren't updated through the Play Store. At the moment getting the phone workable as a daily driver requires also installing google services on the phone so i can install things like 1password or Evernote, and that's a pity.

  • Thanks for sharing your thoughts with us. As I mentioned above, we are looking at ways to decouple dependencies on Google Play services so that they aren't hard requirements for 1Password. For my team, this is driven mostly by a desire for more flexibility in how we implement features in the app, but it could potentially enable direct distribution of an APK at some point in the future. Either way, we view it as a long term win that we're aiming for.

  • FrankBreech
    FrankBreech
    Community Member

    With finite resources, I'd have to say I'd prefer 1PW stay focused on up to date security issues and support of current platforms, rather than get diluted down.

  • Thanks for the input, @FrankBreech. We appreciate your feedback, and we'll continue to make 1Password as secure as possible.

  • OnlyAName
    OnlyAName
    Community Member

    I originally subscribed to 1Password via a desktop browser on Linux and much like other users I have been actively seeking out alternatives to Google/Apple for mobile. I very much appreciate that 1Password is more about security than privacy, but having an available APK would absolutely be a major differentiator. Certainly, it is a niche market, but I don't think it is an insignificant one. Like MikeV points out, those of us that are interested in such a product are certainly willing to sacrifice convenience and polish. Even an early release like the first Linux version I ever used before it was "officially" supported would be a huge win to me. Nonetheless, I am happy to see that this is still an ongoing discussion.

  • Hello @OnlyAName thanks for weighing in on this. We really appreciate your feedback and your interest has been noted.

  • WhyNotHugo
    WhyNotHugo
    Community Member

    It's currently possible to download the app using something like Aurora Store.

    While not ideal and still tied to Google, it does work. However, logging in when using 2FA is no possible, and one needs to disable 2FA to log in. While disabling 2FA serves as a workaround, it's far from ideal for something as critical as a password manager.

    Do you have in sights addressing this particular item?

  • FrankBreech
    FrankBreech
    Community Member

    I don't mean to get in trouble here, but what about apkpure.com ?

  • WhyNotHugo
    WhyNotHugo
    Community Member

    I don't mean to get in trouble here, but what about apkpure.com ?

    It's a bit risky to download the apk from a third party; you can't be sure they haven't tampered with it.

  • Hey @WhyNotHugo thanks for joining us on the forum!

    After disabling 2FA and signing into 1Password for Android, you should be able to re-enable 2FA and authenticate your device without getting stuck at sign in. This has worked for most users I've chatted with who have run into this. Let us know if it works for you!

    Thank you for your comment as well. We definitely don't recommend downloading 1Password from a third party and we can't guarantee its authenticity.

  • HerbertCunningham
    HerbertCunningham
    Community Member

    Besides Google Play, there are many places to download Apk you can find on the Internet

  • As WhyNotHugo and my colleague Timothy mentioned above, those aren't paths we can recommend or support.

    Ben

  • GuernseyMan
    GuernseyMan
    Community Member

    It's a dissappointing stance, but not a surprising one. Since buying a tablet from "they who shall not be named" I've run into this quite a bit. Some publishers allow direct downloads of APKs, others simply publish SHA256 code.

    I download from APKPURE for most of my APKs, including 1Password. If you look at what they're doing they simply point to the Google repository anyway, but there's always that nagging doubt that it's not a completely legitimate version. Happily the 1Password 8 beta is now available there as well after some delays.

    The point is that technical users are able to source the APK from other sources and install it. It would be good if 1Password could make the SHA256 code available, either on these forums or in the support pages. It would give some of your users more peace of mind. This is especially true since your product is security based.

    When my subscription is up I need to look at alternatives. I don't want to be in the position that two of my devices could possibly be running dodgy versions of software that I rely upon for security. This isn't a threat or blackmail; just stating what I need to consider.

  • WhyNotHugo
    WhyNotHugo
    Community Member
    edited June 2022

    So essentially, downloading 1Password on Android can't be done unless you install all of google's services and spyware. Even if you do download it with an unsupported method like Aurora Store, logging in with two factor (a yubikey in my case) doesn't work.

    It seems that to use 1P on Android you need to sign up for all of Google's tracking and install their extremely privacy-invasive privileged services (which isn't even easy or always feasible).

    Personally, I just consider 1Password unsupported on Android. Having to disable 2FA on an online service like this is not reasonable, but support made it clear that it's the only choice. 1P's main selling point is their great iOS support (where other password managers kinda struggle), so its reasonable that this is their main target.

  • Hello @GuernseyMan, thanks for adding your thoughts, I would be happy to share them with the team. We would certainly be sorry to see you go, but I can understand that you need a solution that works for you. If you continue using 1Password in the future, you know we'll be here to help!

    I did also want to note that if you're using a device that does not have access to a 1Password app, you can sign in to your account through the browser on 1Password.com to find all your saved information.

    @WhyNotHugo, I'm really sorry to hear 2FA isn't working with 1Password on your device. In my experience, when Google Play Services isn't installed, signing in to 1Password for Android prior to enabling 2FA allows you to continue signing in as expected. It doesn't sound like that's been the case for you and I apologize for the inconvenience.

This discussion has been closed.