[Android] Unable to specify self-hosted server on initial launch

[scottmando2000]

As the title specifies, when I initially launched the Android app, I was unable to specify a self-hosted server.
The only option as soon as it was started was an input for an email address.

[BrunoBernardino]

Hi @scottmando2000 ! The Android version is meant to be used with the SaaS offering at https://padloc.app. If you want to use it with a self-hosted version, you should build the app for it yourself.

You can see how we build it (signed) at https://github.com/padloc/padloc/blob/main/.github/workflows/build-cordova.yml#L64 so to build an unsigned version for yourself, you should be able to run:

PL_SERVER_URL=https://example.com/server/ npm run cordova:build:android

Assuming you've got the required dependencies installed, mentioned in https://github.com/padloc/padloc/tree/main/packages/cordova#requirements-android

Let me know if you need any further help!

[darkpixel]

It's a huge pain to set up the build infrastructure to accommodate Android and iPhone plus Chrome and Edge. There are tons of hoops to jump through both technically and in Google, Apple, and Microsoft's appstore/playstore/extension store ecosystems.

It would be about 100,000 times easier if there was a small button at the bottom of the app that said "custom server"....or if a user could open a browser on their android/iphone and go to https://padloc.customdomain.tld to sign in and there was a button with a urlscheme that launched the padloc app and pointed it to the custom server automatically.

[scottmando2000]

I agree with @darkpixel

I've already seen how much effort would need to be put in to maintain my own APK, and it would at best require me to run an F-Droid server and the deployed APK be kept up-to date whenever a new version is released.

The initial "solution" isn't a good fit for individual users who want to maintain their own password manager separate from a business context.

[scottmando2000]

@BrunoBernardino will you and the padloc team please take this into consideration.

Trying to manage a separate build of the app isn't exactly a straight forward task, and requires a good amount of knowledge in both app deployment and automated updates based on the upstream repo.

[BrunoBernardino]

Thanks for sharing your concerns @scottmando2000. You're correct that the process could be easier. That's why we prefer to work on simplifying the process of building the app yourself.

I'll still CC @MaKleSoft in case he thinks differently.

[scottmando2000]

There is a case to be made that there is also a possibility that there could be multiple different self-hosted padloc servers being used at the same time.

Examples of this would be running a personal server and also using one for say a company you work for and possibly even a client that wants to share some credentials for single user apps.

[dillfrescott]

Whenever an open source project has a paid option, and it's exceptionally difficult or an inconvenience to be able to self host it. I assume that the creators do this on purpose to try to get you to just give up and pay them money.

I'm not against the creators making money from a freemium product, I just think it should be easier to run yourself, if desired.

[darkpixel]

I think that's the root issue.
I have no problems donating money to an open source project that's useful.
I don't see a donate option. Just an option to sign up and have them host my data for a monthly fee.
I don't want them hosting my data, for security reasons, so I don't need an account.
...but without an account, the chrome plugin is useless....so I'm not interested in donating at this time.

EDIT: (...and let's face it. The bug was closed, not left open flagged as a 'feature request' which gives the impression they don't care what their users want)

[BrunoBernardino]

You should be able to build an Android app without any problems. If you're talking about wanting a ready-to-install app where you can specify a custom server, you can see our answer at #442

[darkpixel]

I would love to know the "security reasons" on why it would be apparently very, very bad to allow pointing to custom domains. I use a handful of open source apps that all allow connecting to self-hosted instances and none of them are hand-waiving about "security reasons".

[c4lliope]

Hello all; I'm sorry to be the one to make this recommendation, though I can claim no patience for a program which disregards the needs of their users as though they're meaningless. Anyone seeing this kind of issue (basically, all besides the paying customers) should begin using https://www.passbolt.com/ - their apps and browser addons ask for the custom URL on the first screen, and since July 2022 I've been using them with no issue - simly make sure you keep a copy of the GPG key you're assigned on signup so you can log in from other machines.

I had high hopes for Padloc upon seeing such slick design and clear security audits displayed in their branding. I had even been able to deploy the program on my homelab's Dokku alongside all my homemade code. After a couple days of hacking on the deployment I'd been sure I had a good solution. Then as soon as I reached for the browser extension and android apps I realized I had a serious problem.

11 months ago, @MaKleSoft had said:

Hi there! For security reasons, we do not currently support pointing the official apps to a custom server. However, are working on improving the tooling and documentation around building your own custom version of all apps and extensions! Additionally, we are considering releasing a "community edition" of all apps, which can be configured to be used with a custom server.

The "security" reason here is a red herring - custom domains are likely more secure than a single high-profile corporate domain handling all accounts. Padloc's programmers are saying, "you can run this yourself - if you can manage as large a presence on the app and browser stores as we do." This precludes any usage by the open-source coders who would likely help to make upgrades to the codebase after using it for personal or company use.

Padloc is disregarding user needs because they're picky regarding who their users are.
I do hope they make good on their promise of a "community edition" and once this happens I may rescind this.
For now, I'll be going back to https://www.passbolt.com/ and I recommend the same for many of you.

[Marco77577]

@c4lliope is right. This makes absolutely no sense. I love the design. I read through your security whitepaper, which looks sound. But I do not have the time and resources to maintain all the apps myself. Especially when wanting to host it for my family for a variety of different OS.

This makes padloc utterly unusable. I will check in again in a year or two. I sincerely hope you change that.

Also, the Android app currently not being available for Android 13 in the Play Store hurts the project too.

[scottmando2000]

@BrunoBernardino @MaKleSoft you need to reconsider your decision if you want to actually grow the padloc ecosystem.

You are artificially blocking users from being able to use their own self-hosted servers by forcing them to build the app on their own is absurd.

Basically the only reason I have yet to even bother using padloc.