Interesting. But should this apply to many apps on F-Droid? I also have an app published on both the Play Store and F-Droid and I don’t recall having seen requests to change the application ID to avoid clashes between stores.
KDE Connect is likely a special case; as it is a PC integration app, and a very feature-loaded one at that, it accesses a whole bunch of sensitive stuff like notifications, clipboard, direct file access, SMS functions, keyboard inputs and more.
More than any other non-root-accessing app, you do not want a trojanised version of KDE Connect on your phone.
If the signature matches, Google probably won’t care where they are installed from.
I suspect that the KDE Connect in fdroid is signed with a different certificate than on google play, causing it to be flagged as an impostor. This could probably be easily prevented by using the same cert or different app identifiers (to cause them to be treated as different apps).
All F-Droid apks are signed with a different key than the play store one: you do not upload your key when you publish on F-Droid and all the apps are built from source by the F-Droid build servers.
Interesting. But should this apply to many apps on F-Droid? I also have an app published on both the Play Store and F-Droid and I don’t recall having seen requests to change the application ID to avoid clashes between stores.
KDE Connect is likely a special case; as it is a PC integration app, and a very feature-loaded one at that, it accesses a whole bunch of sensitive stuff like notifications, clipboard, direct file access, SMS functions, keyboard inputs and more.
More than any other non-root-accessing app, you do not want a trojanised version of KDE Connect on your phone.
If the signature matches, Google probably won’t care where they are installed from. I suspect that the KDE Connect in fdroid is signed with a different certificate than on google play, causing it to be flagged as an impostor. This could probably be easily prevented by using the same cert or different app identifiers (to cause them to be treated as different apps).
All F-Droid apks are signed with a different key than the play store one: you do not upload your key when you publish on F-Droid and all the apps are built from source by the F-Droid build servers.
Ah, so all apps on fdroid should use a different identifier then to avoid collision with the play store build
KDE has their own repo I believe.