Ask HN: Robust and affordable alternatives to Google Play for app distribution?
To give you some context, for my dissertation project, I need to collect data using a custom Android research app installed on participants' phones for one year. The app requires a lot of permissions and continuously collects a lot of data. My colleagues discouraged me from using Play Store because Google banned their apps for no good reason and with no recourse, even though their research was approved by research ethics and human subject protections committees (IRB). This jeopardized their federally-funded studies and caused issues with their findings.
For this reason, I would like to distribute my app to ~50 adult study participants in the US using a different platform.
Four features are especially important to me. First, app updates need to be delivered reliably and relatively quickly over one year. Second, there can be no spyware, excessive tracking, unnecessary notifications, nudges to download other apps, and no annoying ads. Third, affordability is important because I would be paying for the distribution from my personal student savings. Finally, I would prefer a platform with good app update UX for non-technical users, including older adults.
So far, I have looked into APK Mirror, but according to their policy [1],
> If your app is new, doesn't have a proven track record, and not
> unique, it will likely not be approved.
I have also tried F-Droid, but at least on my Pixel 2 XL, updates of some apps downloaded from F-Droid often fail to install.Would you have any recommendations on what other platforms I could look into?
Thank you.
[1]: https://www.apkmirror.com/faq/#What_is_the_purpose_of_APKMir...
37 comments
[ 5.6 ms ] story [ 91.1 ms ] threadWhile I agree with your statement, this isn't what OP is concerned about.
You would need to build your own update function, but it could be a periodic fetch of a version file, and if the version is newer, download the apk and when done prompt the user to upgrade, opening the (already downloaded) apk in the system installer if they agree. You might need to carefully select the location where you download the apk, I don't know if you can install an APK with the system installer from app specific storage or if it needs to be in the 'external' storage. Relevant, ten year old, stack overflow answer. [1]
Google does put some scary warnings when you install an APK directly, but with 50 people, you can probably walk them through that.
[1] https://stackoverflow.com/a/6085670
Apart from vending on F-Droid, this is what we do as our app is pretty much under perennial threat of a PlayStore ban.
1. We plonk the apk in a not us-east-1 Lightsail Object Store [0]. Smaller sized apks (if less than 25MB) can be instead stored in Workers KV, which comes with a generous free-tier. Or one can split larger apks (if less than 100MB) and join them in a single buffer in Workers before sending out.
2. Front it with Cloudflare Workers, and use their free-to-use Cache API [1] to avoid hitting the relatively expensive Lightsail endpoint often.
3. The app-update api-endpoint is also on Workers. Latest app version-code is stored in a Workers env-variable. The origin Lightsail path in a bucket is a hash(versioncode+salt).
This setup costs less than $1/mo and we drive multiple TB traffic, with only ~5GB hitting Lightsail.
Fly.io also has a neat CDN-esque solution for this [2], whilst GitHub's also a viable alternative [3]
[0] https://lightsail.aws.amazon.com/ls/docs/en_us/articles/buck...
[1] https://developers.cloudflare.com/workers/runtime-apis/cache
[2] https://community.fly.io/t/first-look-static-asset-caching/
[3] https://docs.github.com/en/repositories/releasing-projects-o...
> would it be of interest to the HN audience?
I guess it is: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
The problem with breaking off from Google Play is you lose the ability to send push notifications.
You could look at Code Push [0] for seamless updates. TBH its not the easiest to integrate with.
[0] - https://microsoft.github.io/code-push/
I have looked into it and it seems that even internal testing apps have to pass Play's content review [1]. I will check out Code Push / App Center.
1. https://stackoverflow.com/questions/64296562/google-play-con...
Or you could go with Gotify-UP.
https://unifiedpush.org/users/distributors/gotify/
I know Firebase can handle app updates quite well and wonder if this avenue might be an option.
The first part probably isn't an issue, but depending on how non-technical your users are, getting them to successfully install it and then manually retrieve updates may be a bumpy ride (I'm thinking back to what I read about the Iowa Caucus disaster).
The Github page explains in detail how to set it up, and for the described use case you should stay within the Firebase free tier limit.
[1] https://developer.android.com/distribute/best-practices/laun...
1. https://stackoverflow.com/questions/64296562/google-play-con...
[1] https://play.google.com/console/about/internal-testing/
I've never experienced this issue when the app was originally downloaded from F-Droid (as opposed to apps downloaded from a different source). Apps in the default F-Droid repository are signed with F-Droid's signing key. Since apps signed with different signing keys cannot be automatically updated without manual uninstallation and reinstallation, apps in the default F-Droid repository can only be updated through F-Droid if it was originally installed via F-Droid.
Instead of using the default F-Droid repo, you can also set up your own F-Droid repo on your own server. This allows you to distribute the app through the F-Droid client, but signed with your own key instead of F-Droid's key. You would also have greater control over the release schedule, without needing to wait for the F-Droid build bot to release updates.
Repomaker instructions: https://www.f-droid.org/en/tutorials/create-repo/
Manual repo setup instructions: https://f-droid.org/en/docs/Setup_an_F-Droid_App_Repo/
If that is an option that is agreeable to you and your users then using app center does provide a better experience than Google Play in my opinion.
Simply put the APK on a webpage and link to some instructions for installing an untrusted APK. For example, see http://driftwheeler.com
In particular, look at the "Can't install?" link.
If people really want to use your app, they will gladly do a little work to install it.
Does it have to be an actual Android app? Could it be packaged as a progressive web app instead? If so, that might be the best way to achieve what you are looking for. Participants can just follow a link to your app's website which can prompt them to "Pin to Home Screen". That gives them an "app-like" experience where you can easily and quickly push updates without worrying about the Play Store or other app distribution techniques.
How would I go about DM'ing you? Also, do you require apps to be created using your tools or do you support apps developed independently?
I guess you could fork it and change the apk it searches for - you'd end up with something exactly like what you want. N.b. i haven't looked at the code, maybe it's a rats' nest. But i'm optimistic given the simple domain. :)
> I don't want to use Google Play Store.
These requirements are likely in conflict
Unfortunately, Google hinders the competition when it comes to reliable automatic upgrades on Android. Third-party app stores cannot implement automatic upgrades or background upgrades, only the Play Store can. The exceptions are if your device is rooted or you had the app store baked into your vendor's ROM. Supposedly this design choice was somewhat addressed in Android 12.
> I have also tried F-Droid, but at least on my Pixel 2 XL, updates of some apps downloaded from F-Droid often fail to install.
This will happen if you try to use F-Droid to upgrade or reinstall apps you already have installed, but didn't originally install via F-Droid. Fresh installs from F-Droid seem to work for me.
> To give you some context, for my dissertation project, I need to collect data using a custom Android research app installed on participants' phones for one year. The app requires a lot of permissions and continuously collects a lot of data. My colleagues discouraged me from using Play Store because Google banned their apps for no good reason and with no recourse, even though their research was approved by research ethics and human subject protections committees (IRB). This jeopardized their federally-funded studies and caused issues with their findings.
This is a good example of how Google's anti-competitive actions, when it comes to their mobile OS and mobile app distribution, hinder innovation, research and the advancement of knowledge.
If you have time, or your colleagues do, please consider reporting this to the competition and antitrust divisions of the government. I've posted about the relevant regulatory and investigative bodies and how to get in touch with them here[1]. Here's what the Antitrust Division of the Justice Department says about reporting[2]:
> Information from the public is vital to the work of the Antitrust Division. Your e-mails, letters, and phone calls could be our first alert to a possible violation of antitrust laws and may provide the initial evidence needed to begin an investigation.
[1] https://news.ycombinator.com/item?id=28176193
[2] https://www.justice.gov/atr/report-violations
https://docs.microsoft.com/en-us/appcenter/sdk/distribute/an...
Firebase App Distribution: Pretty much the same like MS App Center but from Google. You can upload APKs and App Bundles and create public invitation links. The firebase SDK handles app updates as well. You can have up to 200 testers in one distribution.
https://firebase.google.com/docs/app-distribution?hl=en
If I recall correctly, MS App Center doesn't come with analytics unless you add it yourself. For firebase, you should explicitly disable analytics if you don't want it.
In both cases you will still have to explain to your users how to allow installation of "apps from unknown sources".