Bypass the app store monopoly and fetch updates directly from the source.
by Alien Investor
────────────────
We live in a digital feudal system. You may physically own your smartphone, but the software running on it is controlled by Google and Apple.
App stores are "walled gardens"—golden cages that promise security but deliver surveillance and potential censorship. If a platform decides an app is "undesirable," it disappears.
To achieve digital sovereignty, you must break out of this loop.
The tool for this is Obtainium. It is not another app store. It is a declaration of independence from centralized platforms.
────────────────
The Problem: The Middlemen
In the standard model, a developer uploads code to Google. Google checks it, signs it (often with their own keys via Play App Signing), and delivers it to you. You are forced to trust the store operator.
Obtainium changes the rules. It is an update manager that eliminates the middleman. The app fetches updates directly from the source—usually GitHub, GitLab, or the developer's website.
> Obtainium represents a direct supply chain for software. From the coder directly to your device. No censorship, no store tracking.
────────────────
How It Works Under the Hood
Obtainium has no central servers. It is a local tool on your device that monitors specific URLs.
1. Direct API Access This is the cleanest method. Obtainium queries the APIs of platforms like GitHub or Codeberg. It checks for new release tags and fetches the APK. This is extremely fast—you often get the update minutes after release.
Note: GitHub limits anonymous API requests. Power users with many apps should add a "Personal Access Token" (PAT) in settings to increase rate limits.
2. HTML Fallback For apps hosted on private websites (like Signal or WhatsApp), Obtainium uses web scraping. It scans the HTML for links ending in .apk.
3. Version Detection Developers are inconsistent with version naming. Obtainium uses heuristic algorithms to detect new releases. If no version number is found, it can track the cryptographic hash of the file to detect changes.
────────────────
Security: "Don't Trust, Verify"
The most common concern is: "If I don't use the Play Store, won't I get malware?"
If you understand the Android security model, the opposite is often true.
The Android Signature Anchor Every Android app must be cryptographically signed by the developer. Android will ONLY install an update if the signature matches the currently installed version.
> If a hacker compromises a GitHub account and uploads a malicious APK, the installation will fail on your device because the hacker does not possess the developer's private signing key.
Trust On First Use (TOFU) The risk exists only during the very first installation. To mitigate this, Obtainium integrates with AppVerifier. This allows you to compare the fingerprint of a new app with a database of known open-source projects or verify it manually against the developer's website.
────────────────
Strategic Comparison
Obtainium vs. Google Play Google Play requires an account, tracks your behavior, and can censor apps. Obtainium requires no account, resists censorship, and respects your privacy.
Obtainium vs. F-Droid F-Droid is excellent, but it typically builds apps itself and signs them with F-Droid keys. This means you must trust F-Droid, not just the developer. Updates can also be delayed.
Obtainium fetches the original APK signed by the developer. This minimizes the "patch gap" for security updates.
────────────────
The Trade-offs
Sovereignty requires effort. Obtainium is for users who are willing to take responsibility.
-
No Discovery: There are no "Top Charts." You need to know which app you want and where to find its source code.
-
Architecture: You must know your device architecture (usually
arm64-v8a) to select the correct APK. -
Split APKs: Some massive apps use complex split formats. While Obtainium handles many, it is less seamless than the Play Store.
────────────────
Conclusion
Obtainium is more than an app. It is infrastructure for digital autonomy.
For power users, Bitcoiners, and privacy advocates, it is the tool of choice. It removes Google's control over your software distribution. If you use GrapheneOS or another de-googled Android system, Obtainium is essential.
It demands competence. In return, it gives you a device that truly belongs to you.
────────────────
> Further Research: The Zap Store > > Another possibility to make yourself independent of Google is the Zap Store. Here you find exclusively freedom apps and no slave technology. > > * Nostr Zap Store: Attacking the App Store Monopoly
────────────────
Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽 (German Only)