Premium
What's new in Accrescent 0.17.0
This release implements repository metadata caching, making Accrescent more usable without Internet and saving bandwidth!
Improvements
- Add caching for repository metadata
Updates
- Bump Compose compiler to 1.5.8
- Bump Kotlin to 1.9.22
- Bump KSP to 1.9.22-1.0.17
- Bump Lifecycle to 2.7.0
- Update Arabic translation (jonnysemon)
- Update Hebrew translation (
@yarons)
Misc
- Make Compose UI code more idiomatic
Feedback is welcome! Make sure to join #accrescent:matrix.org on Matrix to report bugs, suggest features, and participate in development and design discussion. Follow @accrescentapp on Twitter and @accrescent@infosec.exchange on Mastodon or join #accrescent-announcements:matrix.org for updates.
About Accrescent 0.17.0
This is Accrescent
A novel Android app store focused on security, privacy, and usability. Open-source forever.
Premium
About
Accrescent is a private and secure Android app store built with modern features in mind. It aims to provide a developer-friendly platform and pleasant user experience while enforcing modern security and privacy practices and offering robust validity guarantees for installed apps.
Features
- App signing key pinning: first-time app installs are verified so you don't have to TOFU.
- Signed repository metadata: repository contents are protected against malicious tampering.
- Automatic, unattended, unprivileged updates (Android 12+): updates are handled seamlessly without relying on privileged OS integration.
- First-class support for split APKs: downloaded APKs are optimized for your device to save bandwidth.
- No remote APK signing: developers are in full control of their app signing keys.
- No account required: users don't need an account to install apps, improving privacy.
For more details, check out the features page.
Download
Accrescent currently runs on Android 10 and up.
Social
Accrescent has multiple community chat rooms on Matrix and Twitter and Mastodon accounts for announcements. All source code is published on GitHub.
Contact
You can contact us at contact@accrescent.app.
Features
The following is a list of notable features Accrescent currently has. It is not exhaustive and not all features listed are exclusive to Accrescent, but they are some of the more distinguishing features and are intended to give the reader an idea of the benefits of Accrescent and how it works.
Signed repository metadata
Accrescent's repository contains metadata files used by the client to retrieve apps and display info about them to the user. One of these pieces of metadata is signed by a key hardcoded into Accrescent to protect against tampering of sensitive information in the event the server is compromised. This signed metadata supports key rotation, is downgrade-protected, and a minimum revision hardcoded into Accrescent is regularly updated to protect new installations and sideloaded Accrescent updates from being served old metadata.
Below is a list of what the signed metadata protects and the corresponding security implications for the user.
App signing key pinning
When a developer submits a new app to Accrescent, a hash of their app's public signing key is added to the signed repository metadata. This signing key hash is checked by the client every time it downloads the respective app. If it doesn't match, the installation is rejected.
This check is unnecessary for updates since Android already enforces key pinning for app updates. However, the OS takes a trust-on-first-use approach and doesn't provide a mechanism to verify that the initial installation was signed by the proper certificate, so pinning the certificate in signed metadata ensures that even the first installation is legitimate.
Minimum version pinning
Each app in the signed metadata has a minimum expected version which is updated regularly. Accrescent will refuse to install a version of a given app less than its minimum version.
This check mitigates the threat of an attacker serving obsolete versions of apps. If a minimum version was not set, an attacker in control of the server could specify the latest version of a given app as an old version with known security vulnerabilities. Android already enforces downgrade protection for existing apps, so this threat is only applicable to users installing a given app for the first time.
Name and icon verification
Accrescent stores app names and icon hashes in signed metadata. These are used to verify the app names and icons displayed to the user in the client UI.
Signing these items makes it much more difficult for an attacker to trick a user into installing a malicious copycat app. If names and icons weren't verified, a malicious actor in control of the server could modify them and trick a user into installing a different app than they intend.
Unattended updates
Accrescent supports unattended updates with or without privileged integration into the OS. By default, it will prompt for confirmation the first time an app is installed and perform updates in the background without prompting thereafter.
Accrescent also supports the privileged package management permissions on OSs which integrate it. When privileged, it will not prompt the user when installing or uninstalling apps.
Split APK support
Accrescent serves all apps as split APKs. This means that native code for different architectures, images for different screen densities, and strings for different languages aren't downloaded for a given device, saving bandwidth.
No remote APK signing
Accrescent doesn't sign apps itself. Developers sign (split) APKs with their own keys and upload them to Accrescent themselves.
This measure allows developers to maintain exclusive control over their app signing keys. Developers' signing keys cannot be compromised if Accrescent's servers are and Accrescent cannot deliver modified updates to developers' apps.
TLS certificate pinning
Accrescent pins Let's Encrypt root and intermediate TLS certificates for all connections to its repository. This feature mitigates the threat of a rogue/compromised certificate authority issuing a fraudulent certificate for the repository and initiating a man-in-the-middle attack.
No accounts
Accrescent doesn't have user accounts. Users can simply install the store and use it. This design makes Accrescent more accessible and more private since user accounts can often be used to track user behavior.
Note that developers still need to create accounts on the developer console to publish apps.
Download Accrescent 0.17.0
This release may come in several variants. Consult our handy FAQ to see which download is right for you.
Version:0.25.0
Uploaded:October 21, 2024 at 8:16PM UTC
File size:4.55 MB
Downloads:18
Version:0.24.0
Uploaded:September 27, 2024 at 11:56PM UTC
File size:4.53 MB
Downloads:11
Version:0.23.0
Uploaded:August 3, 2024 at 2:19AM UTC
File size:4.29 MB
Downloads:17
Version:0.22.0
Uploaded:July 4, 2024 at 8:41AM UTC
File size:4.44 MB
Downloads:10
Version:0.21.0
Uploaded:July 1, 2024 at 8:07AM UTC
File size:4.44 MB
Downloads:7
Version:0.20.0
Uploaded:April 25, 2024 at 3:42AM UTC
File size:4.39 MB
Downloads:24
Version:0.19.0
Uploaded:April 14, 2024 at 1:12AM UTC
File size:4.3 MB
Downloads:26
Version:0.18.0
Uploaded:March 19, 2024 at 11:25PM UTC
File size:4.29 MB
Downloads:7
Version:0.17.1
Uploaded:March 3, 2024 at 2:05AM UTC
File size:4.63 MB
Downloads:13
Version:0.17.0
Uploaded:January 22, 2024 at 11:02PM UTC
File size:4.58 MB
Downloads:20
