Introduction
Accrescent is an Android app store focused on security, privacy, and usability. This documentation currently covers how to use the Accrescent developer console, although eventually it will contain much more in-depth discussion about its inner workings, server infrastructure, etc..
Publishing
Similar to the Play Store, all apps in Accrescent are submitted and updated by their developers. This guide explains how to submit apps as a developer and the requirements for them to be accepted.
If you're a developer new to Accrescent, we recommend reading the getting started guide first. It explains how to sign up for the Accrescent Developer Console and gives a high-level overview of how it works. The other sections give more specific instructions for individual tasks.
Getting started
Developers manage their apps through the Accrescent Developer Console. To sign up, visit the website and sign in with your GitHub account. At this time only whitelisted users are permitted to register. You will be prompted to grant Accrescent access to your GitHub email addresses. This is required so that Accrescent can send email alerts when the status of your app changes.
After registering, you will be presented with a dashboard. From here you can click "New app" to start the process of uploading a new app. But before you do, be sure to read the rest of the publishing documentation.
Building
Although Accrescent accepts app submissions directly from developers, the process for building and signing an app is slightly different than what most developers are used to. Namely, Accrescent does not accept monolithic APKs. Read this section carefully to learn how to build apps in a format the Accrescent Developer Console will accept.
Setup
You need to install bundletool to build apps for Accrescent. bundletool is
the open-source tool Google uses to generate split APKs from app bundles in the
Play Store. Rather than signing split APKs from app bundles itself, Accrescent
accepts split APKs generated and signed by developers.
There are two primary ways to use bundletool. The first (and easiest) way is
using the bundletool Gradle plugin. The second is using the bundletool CLI.
Both methods are covered in the following sections.
Bundletool Gradle plugin
Installation
Note: This plugin is only compatible with Android Gradle Plugin 7.4.0+.
Apply the bundletool Gradle plugin to your app as described in the plugin's
home page. Then specify a signing configuration in your app-level build script
as follows:
bundletool {
signingConfig {
storeFile = file("keystore.jks")
storePassword = "password"
keyAlias = "release"
keyPassword = "12345"
}
}
Notice the similarity to how signing configs are specified for your app.
Building
You can now build split APKs for your app by running ./gradlew buildApks${variant}. For example, if your app has a release variant, you can
build the corresponding split APKs with the following command:
$ ./gradlew buildApksRelease
The resulting APK set will be generated as
app/build/outputs/apkset/${variant}/app-${variant}.apks.
Bundletool CLI
Installation
bundletool can be installed from its GitHub releases. There's also an AUR
package for Arch Linux users.
Building
There are two steps to building an app for Accrescent with the bundletool CLI:
- Building the app bundle
- Generating split APKs from the app bundle
See Google's documentation for how to build an app bundle (note: signing the bundle with an upload key is not necessary since the split APKs are signed later and are what is actually uploaded to Accrescent).
To build an APK set (set of split APKs) from bundletool, see bundletool's
documentation. Be sure to provide a non-debug keystore to the build-apks
command. The resulting APK set (.apks file) is what you will upload to the
developer console.
New apps
Submission process
To upload a new app, click the "New app" button on your dashboard. You will be
presented with an upload form. Upload the APK set (.apks file) you generated
earlier as well as an app icon. The APK set must be less or equal to 150 MiB in
size and the icon must be a 512 x 512 PNG. If you already have a Play Store
icon, you can use it here. If you don't have an icon, you can generate one in
Android Studio (make sure "Play Store icon" is selected).
Click "Upload" after you've selected the correct files. Once your files are finished uploading, you'll be presented with an autofilled form with basic information about your app. You may edit the display name if you wish. This is the name that will appear to users in the store. Once you're satisfied that your app's information is correct, click "Submit" to begin the review process.
If some or all of your app's functionality requires authentication to access, please provide test account credentials for the review process. This is currently not possible within the developer console, so you will need to contact the Accrescent team directly to provide them.
After you submit
A reviewer will be assigned to your app after you submit it. To increase its chances of being accepted, please review the app requirements later in this guide before submitting.
If the app is accepted, it will be passed on to have its metadata cryptographically signed into the store. This process ensures Accrescent's security even if one of its servers is compromised. You don't need to do anything at this point. Once your app is published, you will be notified and it will show up under "My apps" in the developer console
App updates
Submission process
To update one of your existing apps, go to "My apps" in the developer console and click "Upload new update" under the app you want to update. You'll be presented with a similar form to the new app form. Select an APK set that represents your app update and it will be automatically uploaded and checked. You'll be shown the info Accrescent could gather about your update. If you're satisfied, click "Submit."
Different things may happen with your update after you submit it depending on its content. The specific process is explained below.
Review process
Accrescent's update process is unique in that most of the time, developers don't need to wait to have their updates reviewed. Instead they are published immediately after the developer submits them. This approach may sound like a bad idea at first, but it has several advantages:
- security updates can be published immediately after they're ready
- updates can (theoretically) be fully automated through CD pipelines
- developers have fewer frustrating review experiences
- Accrescent developers spend less time reviewing and more time developing
To mitigate the potential for a malicious or compromised developer to abuse this process, all updates requesting new sensitive permissions (as determined by the developer console) will require manual review.
For example, say an app was approved requesting the READ_SMS permission. The
developer uploads an update that requests the READ_SMS and
MANAGE_EXTERNAL_STORAGE permissions. Because MANAGE_EXTERNAL_STORAGE is
newly requested and Accrescent considers it to be a sensitive permission, that
update will require manual review.
Continuing the example, let's say that update is approved and the developer
uploads another update requesting the READ_SMS and MANAGE_EXTERNAL_STORAGE
permissions. Since the app was previously approved to request both of these
permissions, the second update will not require manual review and will instead
be published immediately after the developer submits it.
Post-approval
Badges
You can generate a clickable badge to advertise your app's presence on Accrescent from the developer console. To do so, go to "My apps" and click "More" on the app want to generate a badge for. You'll be presented with a preview and with HTML source code to put on your website.
Requirements
Accrescent has certain minimum requirements for all apps submitted to it to ensure the privacy and security of its users. This page documents these requirements for developers to reference before submitting their app so they know how to best improve their chances for acceptance.
These requirements are not exhaustive and Accrescent reserves the right to modify them at any time. However, the Accrescent developers attempt to make this list as thorough as possible and give notice to developers well in advance for major requirement updates. If you see something missing or incorrect, please submit a pull request at this site's GitHub repository.
Automated checks
The following checks are run automatically on all apps before the developer submits them. If any of them fail, an error will show in the developer console and the app cannot be submitted.
App size
The size of the uploaded APK set must be no more than 128 MiB.
Bundletool version
The bundletool version used to generate uploaded APK sets must be 1.11.4 or
newer to ensure Accrescent can take advantage of newer features.
Target SDK
Accrescent currently follows Google Play's target SDK requirements with a few major changes:
- there are no formal timeline extension requests
- Accrescent will remove apps when they don't meet the target SDK requirements for existing apps, not just make them less discoverable
android:debuggable
The android:debuggable attribute in the Android manifest must not be "true".
android:testOnly
The android:testOnly attribute in the Android manifset must not be "true".
android:usesCleartextTraffic
The android:usesCleartextTraffic attribute in the Android manifest must not
be "true". This check may move to manual review in the future.
Manual checks
The following are checks done by reviewers in reference to this document when manually reviewing an app.
Debug certificate
Apps may not be signed with a debug certificate. They are insecure by design and so are not permitted in Accrescent. This check will eventually be automated.
Self-updaters
Apps may not have self-updaters. This includes improper use of the
REQUEST_INSTALL_PACKAGES permission as outlined below, downloaders which
prompt the user to update from an APK, and direct links to sources which may
encourage or confuse the user into updating from a location outside of
Accrescent.
Sensitive permissions
Addition of any of the following permissions in an app update will trigger a manual review and their usage will also be reviewed in new apps:
ACCESS_BACKGROUND_LOCATIONACCESS_COARSE_LOCATIONACCESS_FINE_LOCATIONBLUETOOTH_SCANCAMERAMANAGE_EXTERNAL_STORAGENEARBY_WIFI_DEVICESPROCESS_OUTGOING_CALLSQUERY_ALL_PACKAGESREAD_CALL_LOGREAD_CONTACTSREAD_EXTERNAL_STORAGEREAD_MEDIA_AUDIOREAD_MEDIA_IMAGESREAD_MEDIA_VIDEOREAD_PHONE_NUMBERSREAD_PHONE_STATEREAD_SMSRECEIVE_MMSRECEIVE_SMSRECEIVE_WAP_PUSHRECORD_AUDIOREQUEST_INSTALL_PACKAGESSEND_SMSWRITE_CALL_LOGWRITE_CONTACTSSYSTEM_ALERT_WINDOW
Review will fail if an app requests a permission it does not reasonably require to function or uses a permission to share sensitive user data without informed consent. More specific requirements are laid out below for the following permissions:
MANAGE_EXTERNAL_STORAGEREQUEST_INSTALL_PACKAGES
MANAGE_EXTERNAL_STORAGE
The MANAGE_EXTERNAL_STORAGE permission may only be requested for one or more
of the following use cases:
- file management, such as for a file manager app
MANAGE_EXTERNAL_STORAGE is highly invasive and almost always unnecessary.
Developers should heavily consider using internal app storage, the MediaStore
API, and/or the Storage Access Framework instead.
REQUEST_INSTALL_PACKAGES
The REQUEST_INSTALL_PACKAGES permission may only be requested for one or more
of the following use cases:
- web browsers
- file sharing
- messengers which support sending APKs
REQUEST_INSTALL_PACKAGES may not be used for self-updating or updating or
installing other apps.
Service intent filters
Adding any of the following actions to a service's intent filter will trigger a manual review:
android.accessibilityservice.AccessibilityServiceandroid.net.VpnServiceandroid.view.InputMethod
More specific requirements for the following actions are laid out below:
android.accessibilityservice.AccessibilityServiceandroid.net.VpnService
android.accessibilityservice.AccessibilityService
Accessibility services are highly invasive, presenting a security and privacy risk to users. As such, they are heavily restricted on Accrescent and may only be used to help users with disabilities interact with the device.
android.net.VpnService
VPN services may only be used by apps that have a VPN as their core functionality. They must encrypt all data between the device and the VPN tunnel endpoint. They may not be used to collect sensitive user data without informed consent.