As I downloaded and installed on my Android 13 today's 12.3.2.0 hotfix (see #380) from GitHub to patch the hapless 12.3.1.0 previously downloaded from fdroid, the long awaited hotfix from GitHub (many thanks BTW <3) has been installed as a separate app, leaving me with a brand new Forkgram 12.3.2.0 on the one hand, and an unpatched Forkgram 12.3.1.0 on the other.
It's not the first time I get a hotfix from GitHub for a FOSS app originally installed from fdroid: this happens pretty regularly — mostly with NewPipe. But it is the first time an update is treated as a separate app. So I asked Claude who explained
Android uses the app's signing certificate as its unique identity. An update can seamlessly replace an existing app only if:
- Package name matches (e.g., com.example.app)
- Signing certificate matches - the new APK must be signed with the same cryptographic key (...)
Do you guys use the same signing certificate across repositories?