zurück zum Artikel

GitHub Store 1.7.0: Updates without click, security without root

Moritz Förster
Github logo on building wall

(Bild: Sundry Photography / Shutterstock.com)

Automatic updates, silent install, app-repo linking and signature verification: GitHub Store becomes a power-user tool with version 1.7.0.

In version 1.7.0, GitHub Store significantly expands its open-source software towards automation and power-user features. The focus is on automatic background updates with optional silent installation on Android, a new function to link installed apps with their GitHub repositories (called "Link Apps"), and a revised settings interface. Security features such as APK signature verification and support for GitHub Artifact Attestations are also included.

The GitHub Store uses GitHub repositories as a source for applications. Users install apps directly from release artifacts, track updates, and obtain open-source software without a traditional app store. The project sees itself as an alternative to platforms like F-Droid, but with GitHub as the central distribution channel. Despite its name, the project is not an official Microsoft product.

Background updates – without a tap

Among the most important innovations is the combination of automatic update checks and silent installation. Users specify the interval – between three and 24 hours – at which the client checks for new versions. In conjunction with Shizuku, it installs updates on Android without further interaction. Shizuku allows access to privileged system APIs without requiring root privileges. This way, frequently updated tools or nightly builds remain automatically up-to-date without APK files needing to be installed manually.

The new "Link Apps" function links locally installed applications with their GitHub repositories. Users select an installed app, provide the repository URL, and assign the appropriate release asset. The client checks the package name and signature key to ensure correct mapping. This solves a common problem with GitHub-based installations: releases cannot always be clearly assigned to an installed app. After linking, the store automatically takes over update tracking. Links can also be exported and imported again – practical when changing devices.

To improve security, version 1.7.0 checks the APK signature before each installation. The client compares fingerprints to detect tampering or inconsistent releases. Additionally, it supports GitHub Artifact Attestations. These are signed metadata that allow the origin and integrity of a build artifact to be traced, for example, in the sense of SLSA. If signature keys do not match, the client displays a warning.

Settings centrally bundled

The project has consolidated the settings in a new "Tweaks Screen". Categories such as network, updates, installation, or display can be configured centrally there. The profile area is now limited to account and collection functions.

Furthermore, the release brings a series of convenience and discovery improvements. The client saves search histories locally and only triggers search queries upon explicit confirmation – this saves unnecessary API calls. A recently viewed overview shows recently opened repositories. The home screen now also supports theme-based filtering of projects using GitHub Topics – caching ensures fast results. Repositories that have already been viewed can be marked as "seen" and hidden from the feed.

In addition to the new features, version 1.7.0 fixes numerous bugs, including those related to network and proxy connections on the desktop, as well as handling downloads and package installations. For Linux desktop users, the release also introduces Flatpak support. The previous version 1.6.0 [1] had significantly expanded Linux support. The build infrastructure has also been revised: the project integrates ktlint and now executes Gradle builds in parallel. All changes in detail are listed in the Release Notes on GitHub [2].

Mehr von iX Magazin Mehr von iX Magazin [3]

(fo [4])

Don't miss any news – follow us on Facebook [5], LinkedIn [6] or Mastodon [7].

This article was originally published in German [8]. It was translated with technical assistance and editorially reviewed before publication.

URL dieses Artikels:
https://www.heise.de/-11240372

Links in diesem Artikel:
[1] https://www.heise.de/news/GitHub-Store-1-6-0-Plattformuebergreifender-App-Store-fuer-Open-Source-11196528.html?from-en=1
[2] https://github.com/OpenHub-Store/GitHub-Store/releases/tag/1.7.0
[3] https://www.heise.de/ix
[4] mailto:fo@heise.de
[5] https://www.facebook.com/heiseonlineEnglish
[6] https://www.linkedin.com/company/104691972
[7] https://social.heise.de/@heiseonlineenglish
[8] https://www.heise.de/news/GitHub-Store-1-7-0-Updates-ohne-Klick-Sicherheit-ohne-Root-11229957.html

Copyright © 2026 Heise Medien