Ability to add sideloaded apps to shortcuts.

[phatrickk]

Thanks for your efforts! Awesome little integration that has been getting much use since I discovered it.

I realise why you might want to disable sideloaded apps, but I'm struggling to think of how you could have someone who's this far down the rabbit hole (Android TV connected to HASS, creating issue requestins on Git) and unable to make reasonable security choices around sideloading apps. And surely some neatly placed warnings would be a reasonable enough coverage for any feeling of duty of care you should have?

The whole reason we're all here doing all this modification is because we're advanced or 'power users' trying to get the absolute most
out of our tech. I think it would be really valuable to be able to add apps outside the official app store. For me it's just syncler, but of course others will have other requests.

[PRProd]

@phatrickk,

HELLO! It's always a pleasure to have someone as enthusiastic as you join my GitHub discussions and to also submit issues! If you hang out here long enough, you might meet a few others. 😄

I fully understand your viewpoint on the sideloaded app situation, and I appreciate that you took the time to voice your criticism. Truth be told, over the past few weeks I have been relaxing my rigid stance on that topic, even changing a bit of the documentation. I think that the only thing left to change is the "New App Request" issue template. A few sideload only apps have actually been added to the Firemote release (such as #39, but there are others) recently as well.

I know that I'm paranoid and/or overly cautious, but you are correct - mostly everyone here doesn't get here by accident. I am curious, though, is there anything already in place with the Home Assistant ecosystem, the HACS add-on, or even my own HA-Firemote license that already protects me? I should probably know the answer to that question already, but admittedly I do not. Also, do you have a suggestion or two about placement and wording for my own "neatly placed warnings?" I'm open to suggestions!

Thank you for discussing this with me!

-Doug

[phatrickk]

And thank you for taking the time to firstly build this, and secondly keep it maintained for the users with functionality you yourself will no doubt never need.

I appreciate your openness to the suggestion and willingness to consider it. I must admit that I have no idea whether there is anything already in place with homeassistant for this kind of thing, but I would expect that reasonable warnings such as 'use at your own risk' and 'sideloaded apps can be harmful because of x , y ,z' in the information people need to install the integration through HACs which I think is the same as the info on GitHub? And then perhaps in the feature request/issue submission form would be well and truly enough.

In reality, people have already installed these apps and this is just a slightly more convenient way to launch them. I really don't think you can be considered responsible for the installation of a malicious piece of software just because it was launched (and let's be honest, almost certainly not for the first time) by a shortcut through your integration. Seems a very long bow for someone to draw.

In any case, wherever it gets to, you've done a great job. Appreciate your work so far.

[Vizavi]

Hi!
I'm absolutely agree with phatrickk:

0. Thank you for this lovely remote card, its looks and work just awesome!
1. Adding ability to add sideloaded apps by users on their own shouldn't make any legal issues (for example - google doesn't take responsibility for any illegal action's that was made using google chrome ...)
2. Ability to launch any sideloaded app already present in the ADB integration (see attached screenshot), at least on Nvidia shield - on the source drop-down list you will get and launch any installed app (both - from play market and sideloaded).

So if sideload app launch in the official integration doesn't make any issues, i don't think that sideload option in custom card from HACS will cause any problems

[PRProd]

Hello there, fellow programmer! I see your arrays start at zero! 😄
Thanks for your kind words!

[PRProd]

It's things like this that make me nervous...

• Google Play store removed the Downloader app because of a court order: https://arstechnica.com/tech-policy/2023/05/google-bans-downloader-app-after-tv-firms-complain-it-can-load-a-pirate-website/
• Quad9 DNS service had to refuse to resolve a domain because the domain had been serving copyrighted music for free: https://www.linkedin.com/pulse/dns-resolver-sentenced-block-access-illegal-website-mirko-br%C3%BC%C3%9F

Is it ridiculous? ABSOLUTELY, YES! Why don't we just sue the electric company for providing the electricity that made all of this possible? Am I a target? ...that would shock and surprise me greatly. But still, my paranoia isn't without merit.

With that being said, I did update my App Shortcut Request issue template just within the last week or so. As you can see, there are no longer any restrictions listed

[MacAce1]

Maybe this was already discussed but if you add the capability to have the specific FireTV app name behind a button as listed in the bridge (i.e. de.swr.ard.avp.mobile.android.amazon for a German TV app) this is flexible enough also for sideloads, you wouldn’t have to run these via request and therefore are not being engaged into providing access to it. I am sure for most people here this is easy enough to take it from there.