As mentioned, the F-Droid server would distribute the very same APKs that are hosted by Hootan on Google Drive, untouched.
Which you'll be easily able to verify, by the way : for sure you already have MiX installed, from the same APKs I'm talking about, i.e. digitally signed by Hootan, which means your device, by secure design, will refuse to install an update that does not carry the same digital signature.
Meanwhile if I maliciously modify the APK, then the signature will be modified as well.
For more info : https://source.android.com/docs/security/features/apksigning
Actually that's not entirely correct as F-Droid will replace the author's key with their own. They use the same key for each and every app in the repo. If you install any app from their repo, and then download an update directly from the original source, Android will refuse to update and you would need to reinstall the app.
Yes, so I can provide users with a feature : automated updates.
Just like building custom ROMs including proprietary manufacturer blobs, to provide users with system updates beyond official support.
Just like modding apps containing too many ads/paywalls/dark patterns, to provide users with a better usage experience.
All of those things may not be legal, but they are legit.
And we're doing this voluntarily.
This discussion doesn't look productive though, so I'm going to stop talking for now.
I'll be be back once I'll be able to deliver what I promised, and eventually then read whatever nonsense (or surprisingly constructive) reply you'll send, if any.
Have a nice day !
It is perfectly possible to get instant updates for MiXplorer (or any other app for that matter) by using Obtainium! It can update your apps from the official (or any other) source directly, such as GitHub/Gitlab/custom F-droid repo's/any HTML page etc.
It will automatically check all available .apks from the configured source and look for the newest version for your architecture. If there is a newer version it will let you know and can update the app. You can even search for any app inside Obtainium and it will automatically search GitHub and then let you pick the right one from a dropdown with results. You only have to do this once per app and then you are set for life.
Obtainium is much faster as you get updates directly from the source and you don't have to wait for e.g. F-droid to sign and put the new version in the repository. Nowadays my updates almost exclusively come from Obtainium and not from Playstore or repo's that always lag behind.
More importantly it is much more secure, and not just because of instantaneous updates. If a third party repo that is distributing multiple self-signed apps gets compromised, so will each one of those apps on your phone, generally giving much wider system access and permissions.
The biggest problem with the F-droid repository is that developers' keys get removed and replaced with F-droid's own key. Thus all apps get signed with the same key. If this ever gets compromised than each single one of the F-droid apps will be. This makes it very attractive for hackers to target such a repository, as they can push updates to millions of users all with the same key.
Downloading from the source avoids this problem as each app will be signed with the developers' own keys, thus even if a malicious actor compromises the source, they would still need the developers' own key or Android will block it. If they only have the key, not control over source, no problem either. There's no single point of failure.
Going after a single developer is much less lucrative, and also harder, because their IP-adress is not publicly linked to the repository (unless self-hosting). Signing happens on a completely different private system, and only the .apk, not the key can be found at the source. In case of F-droid, hackers already know pretty much where they need to penetrate, simply by resolving the URL. The signing happens automatically and continuously on their server as new versions come out.
The app is pretty new, but gaining traction and updates very regularly with new features coming in lightning speed. I haven't had a single app that I couldn't get to work with Obtainium. The only downside is that you'll have to remove any app installed from the F-droid repository and then reinstall with the .apk from the source, as they will have a different key. Removing and reinstalling can be done through Obtainium though.
Upside of using source apk instead of Google Playstore version is that there are no automatically included Google Firebase and other trackers added in without the dev choosing to put it in their build.
Most apps can be found on Github/Gitlab and will be set-up in a few seconds due to their seamless integration(set-up a personal acces token for faster search results). If you're too lazy to confirm / look-up the source for each of your apps you could even import a backup from a user that has already configured all sources (optionally delete any apps from Obtainium that you don't have, and add-in any missing apps).
Of course you can also just add MiXplorer and leave it at that!