Introduction

Accrescent is an Android app store focused on security, privacy, and usability. This documentation currently covers how to use the Accrescent developer console, although eventually it will contain much more in-depth discussion about its inner workings, server infrastructure, etc..

Publishing

Similar to the Play Store, all apps in Accrescent are submitted and updated by their developers. This guide explains how to submit apps as a developer and the requirements for them to be accepted.

If you're a developer new to Accrescent, we recommend reading the getting started guide first. It explains how to sign up for the Accrescent Developer Console and gives a high-level overview of how it works. The other sections give more specific instructions for individual tasks.

Getting started

Developers manage their apps through the Accrescent Developer Console. To sign up, visit the website and sign in with your GitHub account. At this time only whitelisted users are permitted to register. You will be prompted to grant Accrescent access to your GitHub email addresses. This is required so that Accrescent can send email alerts when the status of your app changes.

After registering, you will be presented with a dashboard. From here you can click "New app" to start the process of uploading a new app. But before you do, be sure to read the rest of the publishing documentation.

Building

Although Accrescent accepts app submissions directly from developers, the process for building and signing an app is slightly different than what most developers are used to. Namely, Accrescent does not accept monolithic APKs. Read this section carefully to learn how to build apps in a format the Accrescent Developer Console will accept.

Setup

You need to install bundletool to build apps for Accrescent. bundletool is the open-source tool Google uses to generate split APKs from app bundles in the Play Store. Rather than signing split APKs from app bundles itself, Accrescent accepts split APKs generated and signed by developers.

bundletool can be installed from its GitHub releases. There's also an AUR package for Arch Linux users.

Building

There are two steps to building an app for Accrescent:

  1. Building the app bundle
  2. Generating split APKs from the app bundle

See Google's documentation for how to build an app bundle (note: signing the bundle with an upload key is not necessary since the split APKs are signed later and are what is actually uploaded to Accrescent).

To build an APK set (set of split APKs) from bundletool, see bundletool's documentation. Be sure to provide a non-debug keystore to the build-apks command. The resulting APK set (.apks file) is what you will upload to the developer console.

New apps

Submission process

To upload a new app, click the "New app" button on your dashboard. You will be presented with an upload form. Upload the APK set (.apks file) you generated earlier as well as an app icon. The APK set must be less or equal to 150 MiB in size and the icon must be a 512 x 512 PNG. If you already have a Play Store icon, you can use it here. If you don't have an icon, you can generate one in Android Studio (make sure "Play Store icon" is selected).

Click "Upload" after you've selected the correct files. Once your files are finished uploading, you'll be presented with an autofilled form with basic information about your app. You may edit the display name if you wish. This is the name that will appear to users in the store. Once you're satisfied that your app's information is correct, click "Submit" to begin the review process.

After you submit

A reviewer will be assigned to your app after you submit it. To increase its chances of being accepted, please review the app requirements later in this guide before submitting.

If the app is accepted, it will be passed on to have its metadata cryptographically signed into the store. This process ensures Accrescent's security even if one of its servers is compromised. You don't need to do anything at this point. Once your app is published, you will be notified and it will show up under "My apps" in the developer console

App updates

Submission process

To update one of your existing apps, go to "My apps" in the developer console and click "Upload new update" under the app you want to update. You'll be presented with a similar form to the new app form. Select an APK set that represents your app update and it will be automatically uploaded and checked. You'll be shown the info Accrescent could gather about your update. If you're satisfied, click "Submit."

Different things may happen with your update after you submit it depending on its content. The specific process is explained below.

Review process

Accrescent's update process is unique in that most of the time, developers don't need to wait to have their updates reviewed. Instead they are published immediately after the developer submits them. This approach may sound like a bad idea at first, but it has several advantages:

  • security updates can be published immediately after they're ready
  • updates can (theoretically) be fully automated through CD pipelines
  • developers have fewer frustrating review experiences
  • Accrescent developers spend less time reviewing and more time developing

To mitigate the potential for a malicious or compromised developer to abuse this process, all updates requesting new sensitive permissions (as determined by the developer console) will require manual review.

For example, say an app was approved requesting the READ_SMS permission. The developer uploads an update that requests the READ_SMS and MANAGE_EXTERNAL_STORAGE permissions. Because MANAGE_EXTERNAL_STORAGE is newly requested and Accrescent considers it to be a sensitive permission, that update will require manual review.

Continuing the example, let's say that update is approved and the developer uploads another update requesting the READ_SMS and MANAGE_EXTERNAL_STORAGE permissions. Since the app was previously approved to request both of these permissions, the second update will not require manual review and will instead be published immediately after the developer submits it.

Post-approval

Badges

Get it on Accrescent

You can generate a clickable badge to advertise your app's presence on Accrescent from the developer console. To do so, go to "My apps" and click "More" on the app want to generate a badge for. You'll be presented with a preview and with HTML source code to put on your website.

Requirements

Accrescent has certain minimum requirements for all apps submitted to it to ensure the privacy and security of its users. This page documents these requirements for developers to reference before submitting their app so they know how to best improve their chances for acceptance.

These requirements are not exhaustive and Accrescent reserves the right to modify them at any time. However, the Accrescent developers attempt to make this list as thorough as possible and give notice to developers well in advance for major requirement updates. If you see something missing or incorrect, please submit a pull request at this site's GitHub repository.

Automated checks

The following checks are run automatically on all apps before the developer submits them. If any of them fail, an error will show in the developer console and the app cannot be submitted.

App size

The size of the uploaded APK set must be no more than 128 MiB.

Bundletool version

The bundletool version used to generate uploaded APK sets must be 1.13.1 or newer to ensure Accrescent can take advantage of newer features.

Target SDK

Accrescent currently follows Google Play's target SDK requirements with a few major changes:

  • there are no formal timeline extension requests
  • Accrescent will remove apps when they don't meet the target SDK requirements for existing apps, not just make them less discoverable

android:debuggable

The android:debuggable attribute in the Android manifest must not be "true".

android:usesCleartextTraffic

The android:usesCleartextTraffic attribute in the Android manifest must not be "true". This check may move to manual review in the future.

Manual checks

The following are checks done by reviewers in reference to this document when manually reviewing an app.

Debug certificate

Apps may not be signed with a debug certificate. They are insecure by design and so are not permitted in Accrescent. This check will eventually be automated.

Sensitive permissions

Addition of any of the following permissions in an app update will trigger a manual review and their usage will also be reviewed in new apps:

  • ACCESS_BACKGROUND_LOCATION
  • ACCESS_COARSE_LOCATION
  • ACCESS_FINE_LOCATION
  • BLUETOOTH_SCAN
  • CAMERA
  • MANAGE_EXTERNAL_STORAGE
  • NEARBY_WIFI_DEVICES
  • PROCESS_OUTGOING_CALLS
  • QUERY_ALL_PACKAGES
  • READ_CALL_LOG
  • READ_CONTACTS
  • READ_EXTERNAL_STORAGE
  • READ_MEDIA_AUDIO
  • READ_MEDIA_IMAGES
  • READ_MEDIA_VIDEO
  • READ_PHONE_NUMBERS
  • READ_PHONE_STATE
  • READ_SMS
  • RECEIVE_MMS
  • RECEIVE_SMS
  • RECEIVE_WAP_PUSH
  • RECORD_AUDIO
  • REQUEST_INSTALL_PACKAGES
  • SEND_SMS
  • WRITE_CALL_LOG
  • WRITE_CONTACTS
  • SYSTEM_ALERT_WINDOW

Review will fail if an app requests a permission it does not reasonably require to function or uses a permission to share sensitive user data without informed consent. More specific requirements are laid out below for the following permissions:

  • MANAGE_EXTERNAL_STORAGE
  • REQUEST_INSTALL_PACKAGES

MANAGE_EXTERNAL_STORAGE

The MANAGE_EXTERNAL_STORAGE permission may only be requested for one or more of the following use cases:

  • file management, such as for a file manager app

MANAGE_EXTERNAL_STORAGE is highly invasive and almost always unnecessary. Developers should heavily consider using internal app storage, the MediaStore API, and/or the Storage Access Framework instead.

REQUEST_INSTALL_PACKAGES

The REQUEST_INSTALL_PACKAGES permission may only be requested for one or more of the following use cases:

  • web browsers
  • file sharing
  • messengers which support sending APKs

REQUEST_INSTALL_PACKAGES may not be used for self-updating or updating or installing other apps.

Service intent filters

Adding any of the following actions to a service's intent filter will trigger a manual review:

  • android.accessibilityservice.AccessibilityService
  • android.net.VpnService
  • android.view.InputMethod

More specific requirements for the following actions are laid out below:

  • android.accessibilityservice.AccessibilityService
  • android.net.VpnService

android.accessibilityservice.AccessibilityService

Accessibility services are highly invasive, presenting a security and privacy risk to users. As such, they are heavily restricted on Accrescent and may only be used to help users with disabilities interact with the device.

android.net.VpnService

VPN services may only be used by apps that have a VPN as their core functionality. They must encrypt all data between the device and the VPN tunnel endpoint. They may not be used to collect sensitive user data without informed consent.