Accrescent icon

Frequently Asked Questions

This page aims to answer the most frequently asked questions about Accrescent. If your question isn't answered here, the best place to ask is our primary Matrix room.

When will Accrescent become stable?

There isn't an ETA for Accrescent's stable release, but there is a public roadmap that represents its current stage of development. If you would like to help Accrescent become stable sooner, check out the high priority open issues on the roadmap.

How do apps get into Accrescent?

Accrescent is currently in a pre-alpha stage of development, so all apps in its repository are uploaded by Accrescent's lead developer for testing purposes. This is only a temporary measure until Accrescent is ready to enter public alpha.

When Accrescent becomes open to the public, developers will be able to sign into a web portal (the "developer portal") with their GitHub credentials and upload their apps as signed APK sets (which are basically ZIPs of split APKs) generated by bundletool. Some automated checks will be run on the app, and if all is well, the app will be marked for submission. If not, the app will either be rejected with a reason or marked as requiring manual review.

Once approved, the new app will be added to the signed repository metadata by the repository maintainer. This step will only be necessary for new apps. After this point, the app will be published and become available for all users of Accrescent.

This description is only an outline of how app submissions in Accrescent will work. Once the developer portal is online, more detailed instructions and procedures will be published on this website.

What kind of checks will Accrescent do on submitted apps?

Accrescent has strict quality control measures to ensure the security and privacy of all submitted apps. They are separated into two categories: automatic and manual. Automatic checks are run whenever a developer submits an app, and, depending on the check, may cause the app to be immediately rejected or marked for manual review if it fails. Manual checks require a trusted reviewer to compare an app against documented rules to determine whether it should be rejected or accepted.

This FAQ entry doesn't intend to cover all automatic checks and criteria for passing manual review since they have yet to be finalized. The full list will become available once the developer portal comes online. However, below are a few samples of the checks and criteria that will be included.

Sample automatic checks:

  • New apps and app updates must target an SDK more than or equal to the Play Store's Requirements.
  • Existing apps must target an SDK more than or equal to the Play Store's requirement for new apps minus 1. For example, if the Play Store requires new apps to target SDK 30 then Accrescent will remove an existing app if it targets SDK 28 or lower.
  • Apps must not set the android:debuggable attribute in their manifests to "true."

Sample manual checks:

  • Apps requesting the MANAGE_EXTERNAL_STORAGE permission must require it as part of the app's core functionality (e.g. file manager apps).
  • Apps requesting the BIND_ACCESSIBILITY_SERVICE permission must require it as part of the app's core functionality and should only be used to aid disabled users.

Overall, Accrescent aims to meet or exceed the quality control requirements of the Play Store and uses them as a baseline.

Does Accrescent support third-party repositories?

Accrescent intentionally does not support third-party repositories and has no plans to support them. There are a few technical reasons for this. For one, supporting third-party repositories breaks the Android security model. Android assumes one app (e.g. Accrescent) is a single app source. When this assumption is broken, bad things can happen. For example, say Accrescent supported third-party repos and is integrated into an Android-based OS as a first-party app source. If a given user or work profile is restricted from installing apps from third-party sources by an MDM or OS settings, they could trivially bypass said restrictions by adding a third-party repository.

Another reason Accrescent doesn't support third-party repos is lack of available security features. The chain of trust between Accrescent and the signed repository metadata would be weakened since Accrescent can't reasonably maintain a list of hardcoded keys for all third-party repos. TLS certificate pinning is also impractical to implement for third-party servers.

Do apps in Accrescent need to be open-source?

Apps do not need to be open-source to be submitted to Accrescent. Although open-source software provides additional transparency and can make it easier for users to check overall code quality, it is not inherently more secure or private than closed-source software. Likewise, proprietary software is not inherently less secure or private than open-source software. Since Accrescent is focused on security and privacy it wouldn't make sense for it to restrict developers to a specific source model.

However, Accrescent recognizes the benefits of open-source and so is completely open-source itself. In the future, apps in the store will additionally be able to be tagged as open-source and filtered for in the client.

How can I verify my download of Accrescent is legitimate?

Accrescent's signing certificate hash can be verified by using apksigner with the --print-certs option. Certificate hashes are published here, on GitHub, and on Twitter.

You should check the certificate hash from a different source than you got the app from. For example, if you download Accrescent from GitHub, you should verify the certificate hash from Twitter or this website to distrust the server.

Signing certificate hash: 067a40c4193aad51ac87f9ddfdebb15e24a1850babfa4821c28c5c25c3fdc071.

How can I contribute to Accrescent?

There are many ways to contribute to Accrescent even if you can't code. Below is a list of all of the ways you can help the project.

Programming

The most obvious way to help Accrescent is to contribute code. All repositories can be found under the GitHub organization. If you're not sure what to work on, the public roadmap contains all project issues sorted into different categories based on priority.

Bug reports / feature suggestions

Another way to help is by testing and reporting bugs in the app and other Accrescent subprojects. Bug reports are accepted in the respective repository issue trackers and the meta issue tracker if you're not sure where to report the bug. You can also report issues in the Matrix room although they're more likely to get lost in the chat there. Feature suggestions can be made in the same places.

Translation

Translations are accepted for the Accrescent app on Hosted Weblate or through pull requests. Currently the website is English only, but there are plans to accept translations for it in the future.

Documentation

Documentation improvements are welcome. All documentation is hosted on this website, and you can submit changes to https://github.com/accrescent/accrescent.app. There isn't much documented at the moment, but more help will be needed with it later once the developer portal goes live.