AppMaker FAQ
Last update: Oct 4, 2022
Performance
How does an AppMaker app perform? Will it handle media well, or does it load slow?
Videos and other media load quickly using the app. If there is no censorship in your region, the app works as quickly as any other app on your phone. If there is censorship in your region, the app will take slightly longer to deliver content to your device.
How does your VPN speed measure against other VPNs in China?
Welcome to the GreatFire Circumvention Central. We test all services inside the Great Firewall of China.
Will it work anywhere there’s censorship?
Yes.
Will I have an ad-free experience when I’m using an AppMaker app?
Yes.
If an article links to a page elsewhere on the internet, will our readers be able to go there?
Yes. People can use your app to surf the web. AppMaker is built on Chromium, which is what Chrome is built on. It offers a standard web browser experience.
How does the app update?
The app updates automatically.
If the app breaks, what should I do?
Contact the GreatFire team at support@greatfire.org sharing as much information as possible including:
Your phone model and version of operating system (OS)
The steps you took before encountering the issue
What you expected to happen
What happened instead
How can I know if my website is blocked in China? Is there a place I can go to test it?
We have a website for that! Check here: https://en.greatfire.org/analyzer
Once I share the app inside a censored geography, how do I know it will continue to work? Is there any way for me to know or see if it goes down or if people have problems with the app?
You can use Google Analytics to track user performance for your website in any geographic location. You can also contact support@greatfire.org at any time if you have any questions related to analytics.
Safety + Security
How safe is it to give people an app to put on their phones?
There is always a risk to circumventing censorship and accessing information that the authorities do not want people to access. Individuals must make their own choices regarding what level of risk they are willing to accept to be able to access uncensored information. This application allows users to access information that is blocked without having to use any other circumvention tool and without the need to pay money.
This application DOES NOT scan your device to see if you may already have malicious software installed. This application CANNOT prevent monitoring of your network by the authorities.
In some locations around the world, individuals may be asked to hand over their devices for inspection. If you believe that your potential users may live in a location where the likelihood that their device may be inspected by the authorities is high, we recommend that you choose a throwaway name for your application (i.e. “Flowers”) and choose an inconspicuous icon for your application (i.e. an image of a flower).
Is internet traffic from an AppMaker app encrypted?
Yes.
How do I know that the app I create with AppMaker doesn’t have a backdoor, monitoring or other vulnerability?
Index of /audits
Apps created using AppMaker are powered by Envoy, which can be reviewed here: https://github.com/greatfire/envoy.
Distribution
Overview
You have an app! Now what? If you’re sharing inside a free or lightly censored region, you can share the download page url or QR code for your app provided by AppMaker. That’s the easy part. Now, how do you get your app inside a censored region? There are a few different ways to provide access. They include:
Alternative app stores
Github or Gitlab
Mirror websites
Direct download
Once your app is available for download in China, promote it. Here are some useful tips:
Word of mouth
Google ads
QR codes: Create and share QR codes that link to the download page
Promoting via other platforms that are not blocked in China
Email: Directly send the download link or APK file to other people
Alternative app stores
If you have a download site setup, you can test it to make sure it works in China as you’re promoting the app. Check to see if a website is blocked in China here: https://en.greatfire.org/analyzer
Alternative App Store
Get it into a 3rd party app store.
There are over 50 alternative Android app stores to Google Play in China. Do note, however, that these app stores self-censor the apps which appear in their stores. You will also likely need to have local representation in China to be able to submit your app to one of these 50 app stores.
GreatFire operates its own uncensored Android app store for China - contact support@greatfire.org to submit your app to the GreatFire App Store.
How to do it: Please check the websites or submission guidelines of each app store.
Why it’s recommended: It’s the most familiar and easiest way for many ordinary mobile users to download apps from app stores. Although users may not have heard about your app, they can find it when searching other apps in the same categories. Your app may attract various new users through this approach.
What’s a third party app store? Are they trustworthy?
Almost all Android apps are downloaded via Google Play. But in some countries, Google Play is blocked and/or Google censors apps on their own platforms. This means that Android users need to find other ways to access apps. In China, the authorities blocked Google Play to force users to use local Chinese app stores which can be more easily controlled by the authorities. Apple, on the other hand, works closely with the Chinese authorities to censor any app that the authorities want to censor (see applecensorship.com).
For the average user, it is very difficult to determine if a third party App Store is trustworthy. If you are an expert Android developer or an expert security auditor, then you may be able to review the source code of an app and/or an independent security audit of an app. But most users will rely on word of mouth or recommendations from friends and trusted networks.
Github or Gitlab
Publish on Github or Gitlab.
On Gitlab, you can upload the software for your app directly to the website (the app’s APK). Visitors to the website can then download the app directly.
On GitHub and Gitlab you can also upload a QR code for your app. Users then need only scan the code to be able to directly download the app on their devices.
On GitHub and Gitlab you can also direct users to a special download page (see below).
How to do it: Sign up for accounts on GitHub or Gitlab. It’s free and these websites are freely accessible in all countries.
Mirror Website
Set up a mirror website with the app download.
If your website is blocked in your target country, you should create another website where users can download your app. You can then promote this website address to your target market (i.e. using GitHub and Gitlab as described above). Do continue to monitor the status of your website using tools like this: https://en.greatfire.org/analyzer
If your website gets blocked, then be prepared to repeat the process, ensuring that you update the website address across all promotional material.
Direct Downloads
Share the direct download file (APK) in a messaging app, via email, etc.
Android apps can be shared as files. These files can then be distributed using messaging apps or via email.
-
How to do it:
Email: Your organization may already have a mailing list of users in the target country. Your subscribers can then be sent QR codes, links to download websites, or the actual APK file itself.
Messaging app: If you have contacts of your target users, you can send the QR codes, download link, or APK file to them.
Social Media: Post the QR code images, download link, or APK file on your social media accounts.
Telegram: Set up a public channel and share the link with others. Then you can share the QR codes, download link, or APK file only with the participants.
Why it’s recommended: This is recommended if you are already in contact with your target users and they trust you. It can be considered as spam or phishing if recipients do not know you nor trust you.
Is it okay to share my app on WeChat?
Yes, although WeChat censors much information on their platform (see freewechat.com) and the public sharing of the app might also result in you losing your WeChat account. If you share the app on WeChat, you can also share it with friends via private messages.
Sideloading
What is sideloading?
Sideloading refers to the practice of installing software on a phone without using an approved app store or official (verifiable) distribution channel.
On an Android phone, it’s possible to download an app from a (direct download) link sent to you by someone you trust. You may also notice that websites will sometimes offer a direct download option for Android apps.
Is it safe?
Sideloading can be safe, but also carries some risk. If you are sharing a download link, make sure you know that what you are sharing is the official and latest version of the app. Also, it’s recommended that you send the link to the official source code (usually on Gitlab or Github). This gives people a way to download the latest version directly from the source if they can.
Is it possible to verify the authenticity of an app?
You can check if an app is authentic or malicious in the following ways:
-
AppMaker | AppMaker website
-
VirusTotal
If you are still suspicious, you can also contact the app distributor or us (support@greatfire.org) for verification.
Privacy
-
What information does GreatFire know?
We may collect information that is NOT personal information and does not identify you.
We may log standard technical information, such as your Internet Protocol (IP) address, identification of your browser software and your operating system, and info about the link you followed to access our Tools & Services, if any.
GreatFire does NOT store this information for any longer than is necessary to provide you with access to the Tools & Services, and we anonymize, obfuscate, aggregate and/or delete unneeded technical information.
GreatFire does NOT share, rent, or sell your personal information.
We can see the number of user sessions and the country. And that's about
-
What information does Google know?
The app is based on Chromium, which is what Google’s Chrome browser is based on. It offers the same level of privacy as Chrome.
Metrics & Impact
How do I know if people are downloading and using it?
You can use Google Analytics to track website visits.
-
[GA4] Set up Analytics for a website and/or app - Analytics Help
How do I access metrics for my app?
-
[GA4] Set up Analytics for a website and/or app - Analytics Help
Future
What is on the roadmap for AppMaker?
We are improving AppMaker apps so that they can allow a user to use any app on their device without the need to install a VPN.
The Team
The People Behind AppMaker
“A healthy society should have more than one voice.” — Dr. Li Wenliang
GreatFire is an anonymous organization based in China. They launched their first project in 2011 in an effort to help bring transparency to online censorship in China. Now they focus on helping Chinese to freely access information.
Apart from being widely discussed in most major mass media, GreatFire has also been the subject of a number of academic papers from various research institutions. FreeWeibo.com won the 2013 Deutsche Welle “Best Of Online Activism” award in the “Best Innovation” category. In 2016, GreatFire won a Digital Activism fellowship from Index on Censorship.
Boneyard – DO NOT INCLUDE ON WEBSITE
Scenarios to address:
Phone inspections: If the authorities seize your device and perform a detailed inspection, they will likely discover that your “Flowers” app is not about flowers.
Phone activity monitoring (for malware apps to detect the apps and activity on the phone): If your phone is compromised by spyware that survelis activity on the phone, the attacker could see the content you read, watch, listen to, or write on the device.
-
Network monitoring: If you use an unsecure internet connection (i.e. public wifi at a hotel, airport, cafe, etc.; OR wifi without password; OR unencrypted connection), the authorities, internet service provider, or hackers may be able to see your activity on the internet if they want to.
it.
-
What information about me could be leaked to a bad actor or 3rd party?
Refer to ‘scenarios to address’ under ‘Safety + Security’.