2. That app isn't on the google app store or you don't want to/can't use google services.
3. The app is not open source so it can only be built and packaged by the first party.
4. You don't want to manually update the app by downloading a new APK every time.
5. You don't want to give a black-box closed-source app you downloaded from the internet permissions to install new apps (and therefore grant them certain new permissions as well).
My example of this is WhatsApp. I hate the app. I think it's scummy as shit. However if I want the version of WhatsApp that doesn't package google services, I either have to download a 3rd party app store, update the app from their web page manually, or grant the app permission to update itself. I obviously don't want to install a (often closed source) 3rd party app store just to install this app without granting it keys to the castle. So instead as I already use F-Droid, I can install the FOSS build of Obtanium and pin my trust on F-Droid. Then I use Obtanium to manage my WhatsApp updates.
Technically this also extends to open source apps where you trust the first party enough to use the app but not enough to let it update itself and where you want to be able to just download updates from github releases.
You don't see the difference between allowing whatsapp to run, vs allowing whatsapp to install apps?
You don't see the difference between allowing a dedicated app installer app written by an author with no other goal and no other source of reputation to install apps, vs allowing a random app to install apps just to hopefully only use that power to keep itself updated and do so in a way that only serves your interests and not those of the apps author?
(ie it will never be a Facebook and one day decide that it wants you to use Messenger, and that's the nicest example let alone something hidden)
The thing that you give permission to install apps must be a seperate thing written by a seperate author who has no incentive to install or remove any other apps.
I do see a theoretical difference, but in reality there’s no guarantee that they don’t ship AB testing in the ipa/apk and do it at runtime. In fact, everything points to them doing exactly that already. By running a closed source medsenger client with a closed backend service, they have the power to say “WhatsApp off, use messenger now” if they want to- and they don’t need to push a client update to do so. I’m not concerned about meta having root access to my device - they already have access to my contacts for messaging, all ny message data (I’m in Europe, WhatsApp is my default communication method),Bluetooth and WiFi settings because you need it for location stuff. They have the data, and the permissions already. The only thing they can’t do is install another app (which I would have to grant the permissions WhatsApp already has) to do the nasty, but they can just do the nasty in the app I’m already running.
I sure don't use dubious WhatsApp mods, but in general, the advantage of updating through a website rather than through an internal update, is that you're much less likely to receive "customized" updates; it's more likely (though of course not guaranteed) that what's distributed through a website stays always the same, for everyone
1. You have an app you want to use.
2. That app isn't on the google app store or you don't want to/can't use google services.
3. The app is not open source so it can only be built and packaged by the first party.
4. You don't want to manually update the app by downloading a new APK every time.
5. You don't want to give a black-box closed-source app you downloaded from the internet permissions to install new apps (and therefore grant them certain new permissions as well).
My example of this is WhatsApp. I hate the app. I think it's scummy as shit. However if I want the version of WhatsApp that doesn't package google services, I either have to download a 3rd party app store, update the app from their web page manually, or grant the app permission to update itself. I obviously don't want to install a (often closed source) 3rd party app store just to install this app without granting it keys to the castle. So instead as I already use F-Droid, I can install the FOSS build of Obtanium and pin my trust on F-Droid. Then I use Obtanium to manage my WhatsApp updates.
Technically this also extends to open source apps where you trust the first party enough to use the app but not enough to let it update itself and where you want to be able to just download updates from github releases.