All apk install functions will soon be removed

[mikhoul]

but the problem is that even with the unrestricted version the install item in the menu don't come back ?

Just tab on the file and DO NOT tab + hold it until you open the context menu as shown on your screenshots. Only a single tab opens the installer menu.

Thanks a lot,

I don't know why I was only clicking and holding to have the context menu, thanks a lot !

[Som30ne]

For me all that is a useless discussion.
Christian is forced to have a TC version which confirms to Google rules.
It is not an importand function of a file manager to install APKs, who does this all the time.
One can simply use the Google internal file manager just to install APKs.
All other work can be done using TC.

Perhaps for you it is a useless discussion.
For others it apparently is not.
(I, for example, rarely use any other file manager)

There is no argue with the basic premise -
TC installed from google play store, cannot have the apk installer feature built-in.

The discussion, at lease from my point of view, is how to add/enable/restore this functionality.

The current flow requires installing complete TC apk from outside the google play store.
This might be a problem if/when google will make all other developers remove this feature as well,
and eventually block the option to install APKs from all applications altogether,
which will leave us without a simple way to install APKs outside of google play.
(I believe this is the direction they are taking, a little step at a time)

My suggestion is to have TC stripped of the installer functionality available in the play store (as required),
and have the installer functionality as an add-on to the main application.

Assuming such add-on will also be banned by google form being distributed in the play store,
and since APKs will not be installable by anything other than the play store app,
the add-on itself should not be an APK,
but some simple package (like zip), that a user downloads manually,
and is set-up in the TC manually by selecting or typing the location to where this zip file was extracted.

[babcca]

Hi 2ghisler(Author), I think I found possible reason why your application is not compliant with Google Play (GP) policy.

"An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism."

Please image this scenario steps:
1) User install TC app from Google Play
- Application is marked as trusted due to installation from GP
2) User download APK from TC forum
3) User use TC to install downloaded application

The problem is that APK downloaded from TC forum is signed with same key as application from GP. Android OS allows application update because of same signature. And maybe keep "installed from GP" flag.

So you can add any code to application and update trusted version from GP without GP review.

In my opinion, there are three solutions:
- Remove install functions
or
- Sign "TC forum" version with different key then GP version
Then TC commander will not be able to update itself and can keep install functions.
or
- Use GP signing for store version. There is possibility to migrate to new key.

Hope it helps & thank you for your great work

[ghisler(Author)]

When I got the first warning, I added code which checked if the app the user tries to install with the install function is Total Commander. If it is, the function refused to install the app. However, a week later I received another warning that my app isn't compatible. So your reasoning is probably not correct.

[babcca]

Hi 2ghisler(Author) , thank you for your reply.

"I added code which checked if the app the user tries to install..."
- yes, but this is not enough because all safety checks are only in your application (untrusted) and operating system cannot control it.

Let me explain better why I see same signing certificate as the issue. Hope I make it understandable.

- Why is it a problem?
When customer download and install app from google play, application get own secured storage where app store sensitive data.
App can generate private keys, etc. The Android is responsible for this sandboxing.
I, as user, believe there is not easy way to get access to this data.

It's not easy access this storage and the only way how to do this is application signed with same key.
Then you can override GP version (which is trusted, reviewed by GP) and get access to sensitive data and keep approved permissions.

If you get crazy and create app version which i.e. upload the previews cache and let TC download it on background on startup
and persuade user to install it (confirm installation) then you "published" bad version which override trusted GP version and was not reviewed by Google.

You exactly did what google wants to avoid.
There are two applications from different sources with exactly same signing.
One is at GP and second one is at Forum.
But version downloaded from GP can be updated with version from forum which add banned functions and has access to same sensitive data and approved permissions as previous installed GP version.

You have 10m+ impact so you have to pass more detailed GP analysis. This is usual on GP.
This is reason why other file browsers with free apk download don't facing this issue, yet.

We can believe you block TC installation but don't have to. No way how to confirm it.
GP doesn't analyse your code instruction by instruction so they don't know about some if in the flow.
All what they can see is:
The application contains code for data download and application install.
The application requesting privileged permission for file system access.
Two sources of same application with same signing. Second source can override version from first, trusted source.

Conclusion - The application with privileged permissions can download and install other version of self from not trusted source.
This is breaking trust in application supply chain.

From my point of view GP wants to see that there is not public version of you application which can override GP version.
The way how to do this is using Play App Signing with new signing key (a bit longer way how to achieve it).
After that there is the only one way how to update TC app - only using GP where is stored the only one copy of signing key.
If you meet this condition then you can add install function because there is not way how to "...modify, replace, or update itself using any method other than Google Play's update mechanism."
The installation is rejected by Android OS itself because second application had to use different signing key.
This is one of trusted way how to prove you are not able to modify or install itself.

An another solution, i.e., is using lower build number for public version then build number on GP. Android OS do not allow application downgrade and block the installation.

Sorry for the long post, here's potato

[ghisler(Author)]

But I only offered the exact same version which was also on the play store when I got the warning! No one can prevent other users from saving the play store version and then upload them to apk mirror and similar sites. And when the user then downloads that file, we would be at the same point as when I offered the file for download.

[babcca]

Yes, I understand.
But with aab, obex, etc. there is not an easy way to get "application package" from not rooted device.
The collector must overcome obstacles.

If you use two signing keys then there is way how to distinguish if version on apk mirror is stolen from google play or is from official public download source. This is important for GP Protect service, antivirus.
With two signing keys you can guarantee that version downloaded from GP cannot be modified from outside (even by author).
Only when GP review and signing are done.
Version downloaded from GP should be trusted.

"... And when the user then downloads that file, we would be at the same point as when I offered the file for download."
With two signing key it's not true. Even if apk mirror download "application package" from GP then we know it's exactly same version as is on GP because no one has signing key except GP.
With one signing key the holder can sign and upload "bad" version to apk mirror and this version can update version from GP.
We must trust the holder of key that he will not publish "bad" version. ("I only offered the exact same version...")

Until privileged MANAGE_EXTERNAL_STORAGE permission it was acceptable but starting now it's not easy publish application with this permission on market.

[ghisler(Author)]

It can't be the reason for the warning from Google: When I had the exact same version for download as in the play store, I got the warning. Now I have a different version with added functionality (install functions) for download, and I didn't get any warnings for several weeks.

[babcca]

"and I didn't get any warnings for several weeks."
Yes, correct. You now satisfy condition "An app distributed via Google Play may not modify, replace, or update itself".
You removed code for apk install. It's one of correct solution. User should know do and must use 3rd app to modify/update TC app.

If you want add install functions back to the application you should split GP version from Forum version.
Maybe create new package id and identity for forum version.
Other top file managers on GP look like they are distributed only from GP (or are opensource).

Or do you have any other idea why you and not the others? This is only difference what I can see.

Disclaimer: I don't work for google or any file manager developer team. It's only my opinion on this warning.

[ghisler(Author)]

If you want add install functions back to the application you should split GP version from Forum version.

That's a bad idea, because users would lose access to all their stored passwords. They are stored in encrypted form by Total Commander when you use a master password. And if your assumption is wrong, I get a 3rd strike and lose all my apps in the play store. So implementing this would result either in a bad solution or a very bad solution.

[babcca]

I understand your worry.
Thank you for listening to me . I wanted show you possible explanation from different view.
I really hope my assumption is wrong.
Thank you and enjoy your day.

[franc]

I'm mildly confused. So now since I will update TC manually and never via PlayStore again - is the latest version suppossed to be in the 3.33 thread always? Because 3.40b2 is also there. Or where willI check best?
https://www.ghisler.ch/board/viewtopic.php?t=76644

Is there a way to export settings and plugins, so the change is a bit easier?
I wont accept the GP version like this, I will install the real totalcmd then...
But setting up all my settings is a bit annoying. Would be great if there were some export settings feature in the next GP version, so switch is easy.
Thank!

EDIT: sorry, it is updatable, the GP version, seems the real totalcmd version has the GP keys as well. GREAT!
Just did an update with the direct download from the download links page.
I will disable the auto update for totalcmd in GP and come here to install a new version when there is one in GP.
Same I do with Tasker, where the encryption Task is not present in the f..king GP version (the f..k means GP, not Tasker).
Thank.

[ghisler(Author)]

You don't need to disable auto updates: The download version has a much higher version number than then Play Store version, so it will not be replaced with the Play Store version any time soon. In the unlikely event that I will be allowed to put back the install functions, I will increase the version of the Play Store version to a higher number than the download version.

[ja_som]

It just makes no sense to me.
How Files (file manager from Google), X-plore and other file managers from the Store can install apk files and Total Commander is not allowed to do that.
Hopefully one day Google will tell you what "is wrong" with TC.
Thanks for the separate version.

[ghisler(Author)]

The warning came from a Google AI and Google support refused to tell me where exactly the problem is.