If an app is present in the izzydroid repo, it can be updated from the fdroid and play store because the signatures match. You can add those them to a list of non-updatable apps
F-Droid
F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Matrix space | forum | IRC
Is there any downside to leaving them out of the non-updatable list?
It won't be updated from fdroid, that's all. If you mistakenly add fdroid signed apps to the list, you could miss some updates. But that's reversible. No permanent downside as far as I know.
I mean the inverse. I don’t add anything to the list, will both stores attempting to update the app cause any problems?
No, only one store can update the app at the time. If even one is available in both apps
I see something similar with updates on vanilla f-droid, the Play Store and F-Droid will install updates essentially when the same update releases to either store. From what I can tell, I don't think it's anything to worry about. If Android is like any other system, I don't believe it would allow for installing the same app twice.
Apps have unique IDs like com.liftoffapp.liftoff
and f-droid/play store don’t know who installed an app. They just show you all installed apps that are in their repos and look for updates for them. If they wouldn’t handle it like that, you wouldn’t get any updates if you installed an .apk
manually. If an .apk
gets installed and there is already an app with that ID, it replaces it and that’s how updates work. So if they both do an update, the first update will replace the old version and the second update will replace the first.
In the past apps from play store and from official f-droid repo wouldn’t replace each other without further user confirmation and deletion of user data. I don’t know if it’s still handled like that. F-Droid builds and signs packages on it’s own, which results in a signature key mismatch. It’s different for repos like IzzyOnDroid which just distribute official builds and therefore are signed with the same key. Though IzzyOnDroid has a key mismatch with F-Droid.
Usually a different key means that somebody modified the app and you don’t want an malicious app to be blindly installed or have access to the app’s user data. But F-Droid have no other choice when they build the packages themselves.
I don't understand. Are you saying Neo-store is installing anon FOSS app?
No it's only when an app is on both fdroid and play store