✨ Feature Suggestion | Create section for F-Droid, recommend reproducable builds #1800
Comments
|
We could also have a summary list of the other android apps we recommend, with a link to F-Droid as well as a handful of open source alternatives that people might like. Eg a fitness app, sound recorder, calendar, camera, notepad etc.. The requirements would have to be that it is maintained, in f-droid and meets decent QA usage. |
|
I'm also thinking it would have 3 headings:
Yes this page would be specific to Android, and no iOS equivalent would exist. The fact of the matter is that iOS is a proprietary platform, and most of the apps in AppStore are not open source let alone reproducible. |
|
As for the issue just referenced and closed: My app listings help in chosing privacy-friendly apps:
and more – like links to reviews, guides… |
|
We may use it for some inspiration, but we won't be using the actual site itself, and this shortlist certainly won't be an exhaustive "all apps for everything" list. There will be indeed some areas where we do not offer recommendation. Each application will require:
|
|
Don't forget AuroraDroid which is F-Droid replacement from AuroraStore guys and is more stable then F-Droid |
|
Ah, OK – so you're going pretty strict, which is a good thing. Besides: item 4 automatically implies item 5 – as proprietary components are not accepted by F-Droid. Especially GCM/FCM was a stumbling block for many apps in the past (as it seems nowadays even toilet paper cannot do without that) – either they managed to create a flavor coming without GCM/FCM, or they were not accepted. Other apps are no longer updated because they've added such crap. Item 4 also implies item 1, as F-Droid builds from source. For that, the source is checked multiple ways. Thanks for your "general description" in item 4 btw; this currently would match f-droid.org and the Guardian repo, but there might be more in the future. |
|
Basically the reason for being so strict is because otherwise there isn't much point in bothering at all if we allow anything/everything. There's really not much strength gained by using F-Droid unless you're making use of build verification. In fact I'd argue that repositories third party to Google are probably less secure if not verified. We also don't want it to become an exhaustive list of "all the apps in the world", just a few alternatives that don't really fit in elsewhere, in addition to having things that we recommend already on various pages. There are also particular areas that we won't be including, such as things which really can be done in the web browser without an app. Eg. you really don't need a weather app, when a bookmark in a web browser will be just as good. The more apps people install, the more code that must be trusted, and thus audited. We do not want to encourage the "app for everything" ideology. |
|
@beerisgood why would fdroid need a replacement though? |
|
I am inclined to try out AuroraDroid especially if it provides a more stable experience. However I don't like the idea of it having repositories with proprietary apps only a single tap away. F-Droid is pretty good, but would we miss anything if we recommended AuroraDroid? The original plan was to mention Aurora Store as a last resort, not a first-stop.
I think for the time being we'll only recommend the F-Droid app. |
Because it has a lot of problems with search and install updates in background. Even with the privileged stuff installed. Also from the AuroraDroid page:
|
|
It works perfectly fine here? |
Are you sure? On every device i see it doesn't. For example on one device here with Android 9 it doesn't update nor check for updates for a week. And this with the privileged stuff installed. This isn't how it should be work |
|
@beerisgood This issue was introduced by Oreo (Android 8) – I do not have it on the one device still running Nougat (Android 7; but yes, confirmed on Oreo and up). The client needs the |
This. We already have Android 10 since fall last year and Android 11 is comming. Also F-Droid host a lot of old and insecure apps (some are 6+ years old). And also the updates are provided very very slow. |
|
@beerisgood we're getting slightly OT here, but short on the points: I fully agree on the client being a problem solved too late (who wouldn't). Standard apology: team is lacking resources (no bashing here, but I agree this takes far too long – without blaming anyone). Old apps: you can always suggest having them moved to archive. "Old" alone is no argument for that – insecure is. And glad I was able to help – though my repo certainly won't be recommended by PTIO (not even partly) as it e.g. doesn't meet point 4 (verification server support). |
|
@dngray why use some weird third party app if we got a good looking perfectly work first party app with a years long trusted reputation. |
This is the point. I'm reluctant to suggest something which is not as mainstream as the F-Droid application. At least not to begin with.
I have to admit I also only have LineageOS 16 and a Graphene device on hand, ie Android 9/10.
Those apps won't be subject to the list. This list will be a very short list as everything must be well maintained. We will be auditing what gets added so we won't be adding a huge number of things. |
|
@IzzySoft Do you know if F-Droid supports APK v2 signing? |
|
@lynn-stephenson it supports v2 signatures (so does my repo). But it looks like it always signs v1 only, no idea why. You could raise that question in the corresponding issue tracker (most likely fdroidserver) or on IRC. |
We should create a section mentioning F-Droid, why it should be used etc.
Some links we should use:
The section should also recommend https://gitlab.com/AuroraOSS/AuroraStore if Google Play apps are required.
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1577
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/338
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1201
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/874
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1248
Fixes: https://github.com/privacytoolsIO/privacytools.io/pull/1575
Fixes: #1956
The text was updated successfully, but these errors were encountered: