Well deserved. Though, I have problems in "discovering" apps for a particular purpose. It would have helped if there was a vote-based curated app categories section.
My current strategy is googling for "[category (e.g. 2FA or note-taking)] + reddit + open-source" then opening up each suggestion's git source and manually look for things like tech stack or project stars or number of contributors.
burrish 2 hours ago [-]
Yeah exactly that's my issue #1 with Fdroid
focusedone 4 hours ago [-]
This fantastic news. It's possible to take an android out of the box, install F-Droid and have a reasonably useful phone without even logging into the play store.
Glad to see them getting some credit for the hard work!
drewbitt 3 hours ago [-]
I've got about 80% of my apps that would normally be on F-Droid installed through Obtainium (https://github.com/ImranR98/Obtainium), which handles Git releases (among other sources). The F-Droid client feels clunky and in the past I had some update errors that were annoying. With some improvements it should return to being a good discovery tool and app manager, so this is good news.
einpoklum 3 hours ago [-]
It seems that Obtainium "curates" apps, i.e. derives lists of downloadable apps, is by crowd-sourcing this task. See:
I also believe the client is doesn't limit itself to FOSS.
drewbitt 3 hours ago [-]
I was not aware of an Obtanium catalog like that. That's a nice feature that I see hidden at the bottom of the Add App screen. You can also use Obtanium to install from F-Droid sources and really just any apk, so it's superior in many ways, except in 1) discovery (which that catalog helps) 2) as devs aren't curating F-droid releases with care, sometimes it's a pain to setup, especially when a package is always `apk-latest` or something.
simonmales 4 hours ago [-]
For me, F-Droid is the apt of Android.
tengbretson 2 hours ago [-]
- Installs software adequately
- Terrible search ergonomics
It checks all the boxes.
ZYbCRq22HbJ2y7 4 hours ago [-]
What does that mean? Its a package manager? Or something deeper?
giancarlostoro 4 hours ago [-]
It is an F-Droid client.
amelius 4 hours ago [-]
Is that good or bad?
bityard 4 hours ago [-]
For me, it's good. Apt is famous for installing the software you want quickly, easily, and with no fuss.
amelius 4 hours ago [-]
For me Apt means that every time I install something, I have to be ready to give up my system because of resulting internal inconsistencies and because there is no rollback.
fsflover 4 hours ago [-]
And with no malware whatsoever.
johnisgood 4 hours ago [-]
I use "Droid-ify".
buyucu 3 hours ago [-]
It also connects to FDroid.
zcar 2 hours ago [-]
I use f-droid and the aurora store. The play store was disabled the day I got the phone. There has been a few issues but I stuck with f-droid for many years. Good for them.
Oh yeah just made a comment about it, I prefer it over F-Droid, too.
buyucu 1 hours ago [-]
F-Droid is really amazing. It makes you believe there is still good in the world.
captainbland 2 hours ago [-]
Couldn't deserve it more. Makes it easy to install FOSS alternative apps to what you find in the play store which aren't infested with dark patterns and adware.
_imnothere 4 hours ago [-]
F-Droid is indeed a nice alternative for Play Store, but still, it's not perfect.
Note that most of that page is a matter of the authors having a completely different security model than F-Droid rather than what I would consider to be true defects.
Setting aside agreement or disagreement, what about that comment is striking you as symptomatic of coming from an echo chamber?
udev4096 2 hours ago [-]
Oh please. It's a factual argument and you've contributed nothing to it apart from steering away from the goalpost
yjftsjthsd-h 1 hours ago [-]
In order:
It is; the authors appear to be operating in a model where they completely trust app authors and nobody else, though they never actually spell out the threat model (which really should make us view their assessment skeptically anyways), where F-Droid specifically avoids trusting app authors. Nearly all of their objections come down to this single difference.
What echo chamber? I'm not aware of anyone else arguing this position.
That post contains 3 items: One fixed audit finding that only affects initial install of an app, one claim of problems that are unspecified and therefore impossible to assess, and one allegation of poor behavior (which is worth noting but not a security concern).
awalGarg 55 minutes ago [-]
To add insult to the injury, they claim that most people should stick to Play Store - a malware repository controlled by an ad distribution company - for better privacy. We're supposed to take this seriously.
captainbland 2 hours ago [-]
This reads really weirdly and seems to downplay concrete threats/malicious activity in the play store and emphasise best practice/security model violations on F-Droid.
I get F-Droid is the subject, and it's reasonable to make space to highlight issues with it here but it doesn't seem reasonable to conclude your security posture is better if you go with the play store.
glenstein 2 hours ago [-]
I agree that the article is very bizarre and seemingly written by a non-expert.
The criticism of the inclusion policy sticks out like a sore thumb for strangeness. They criticize f-droid for requiring hosted apps that don't include proprietary software or ads. which of all the things you could criticize F-Droid for, is very strange.
And instead of making like a systematic point about process or about best practices or standards, it meanders into an anecdote about one instance of an app where the developer packaged an outdated version of WebRTC to comply, and then blames F-Droid for the way that the developer packaged the app. And then bizarrely refers to this as a "case study". There's an informal sense in which you can say case study, which I guess is fair enough, but when speaking a bit more formally case studies are real research projects, not just one-off anecdotes loosely summarized in a paragraph.
A lot of the language here is used in this gray area of formal and informal, seemingly characteristic of a high school essay.
captainepoch 4 hours ago [-]
I hope they use the money to improve all the issues people have arised over the years. It can be a really good platform, if they're open to change. Otherwise, it might be dead in the future.
dtgm92 3 hours ago [-]
I like it, gives you the option for older versions as well. When I updated my old browser and the look and feel completely changed, I had to go back years but I eventually found what I liked.
imsurgio 4 hours ago [-]
Great news. First place I check for OSS android software. App needs a bit of work but there are open alternatives.
ranger_danger 2 hours ago [-]
OTF's money comes from US Congress. They also donated 50M to Signal.
I might just have my tinfoil hat on too tight, but this doesn't make me feel warm and fuzzy inside.
F-Droid also builds AND signs packages themselves on behalf of developers, and even though reproducible builds are a thing, they are not widely used properly or publicly verified often enough for my comfort.
I was having major issues each time F-Droid decided to update itself and then the only app I cared about on it implemented self-updating so I let it go. Has major GIMP vibes IMO.
jfkrrorj 1 hours ago [-]
Hopefully this will improve their ethics! Their code of conduct does not even mention minorities, diversity, LGBTQF+, BLM and so on!
tomaytotomato 53 minutes ago [-]
I think this is an unfair comment.
This is like complaining about an agriculturist being awarded money for a novel agricultural technique they developed, but they aren't saving the penguins in the Antarctic...
jfkrrorj 47 minutes ago [-]
It is absolutely fair! Farms have to cull cows, to reduce methane emissions, to save penguins!
F-Droid does not exist in vacuum, their actions send message!
talldayo 49 minutes ago [-]
As a queer person I don't even know what I'd want from a CoC like that. It feels like I'd be giving up the freedom I love from F-Droid so I could better police other apps (which is something I don't want or need).
Considering how absolutely useless CoCs are in other software I use, I'm pretty happy with where F-Droid is today.
Rendered at 18:19:43 GMT+0000 (Coordinated Universal Time) with Vercel.
https://github.com/NeoApplications/Neo-Store
My current strategy is googling for "[category (e.g. 2FA or note-taking)] + reddit + open-source" then opening up each suggestion's git source and manually look for things like tech stack or project stars or number of contributors.
Glad to see them getting some credit for the hard work!
https://apps.obtainium.imranr.dev/
I also believe the client is doesn't limit itself to FOSS.
- Terrible search ergonomics
It checks all the boxes.
The client is better IMHO.
https://privsec.dev/posts/android/f-droid-security-issues/
It is; the authors appear to be operating in a model where they completely trust app authors and nobody else, though they never actually spell out the threat model (which really should make us view their assessment skeptically anyways), where F-Droid specifically avoids trusting app authors. Nearly all of their objections come down to this single difference.
What echo chamber? I'm not aware of anyone else arguing this position.
That post contains 3 items: One fixed audit finding that only affects initial install of an app, one claim of problems that are unspecified and therefore impossible to assess, and one allegation of poor behavior (which is worth noting but not a security concern).
I get F-Droid is the subject, and it's reasonable to make space to highlight issues with it here but it doesn't seem reasonable to conclude your security posture is better if you go with the play store.
The criticism of the inclusion policy sticks out like a sore thumb for strangeness. They criticize f-droid for requiring hosted apps that don't include proprietary software or ads. which of all the things you could criticize F-Droid for, is very strange.
And instead of making like a systematic point about process or about best practices or standards, it meanders into an anecdote about one instance of an app where the developer packaged an outdated version of WebRTC to comply, and then blames F-Droid for the way that the developer packaged the app. And then bizarrely refers to this as a "case study". There's an informal sense in which you can say case study, which I guess is fair enough, but when speaking a bit more formally case studies are real research projects, not just one-off anecdotes loosely summarized in a paragraph.
A lot of the language here is used in this gray area of formal and informal, seemingly characteristic of a high school essay.
I might just have my tinfoil hat on too tight, but this doesn't make me feel warm and fuzzy inside.
F-Droid also builds AND signs packages themselves on behalf of developers, and even though reproducible builds are a thing, they are not widely used properly or publicly verified often enough for my comfort.
https://news.ycombinator.com/item?id=42653176
https://www.privacyguides.org/en/android/#f-droid
This is like complaining about an agriculturist being awarded money for a novel agricultural technique they developed, but they aren't saving the penguins in the Antarctic...
F-Droid does not exist in vacuum, their actions send message!
Considering how absolutely useless CoCs are in other software I use, I'm pretty happy with where F-Droid is today.