Something worth noting is that F-Droid is both an app to download other apps but they also maintains a repository of apps. You can use alternative store apps (like Droid-ify) with the F-Droid repository OR you could use the F-Droid app with a different repository (like IzzyOnDroid). You can mix and match to meet your needs.
I use the Droid-ify app with the F-Droid, IzzyOnDroid, microG, NewPipe, and Collabora repositories.
Once you start down this rabbit hole, give Obtanium a look.
Neostore is also a good alternative to the normal f-droid client
Yep. Their permission and tracker built in viewer is a super qol feature
Yes, I much prefer Neostore.
I wanted to like this one.
Neostore got stuck trying to sync repos or something and drained my battery from 80% to 20% within like an hour.
Uninstalled it immediately. No app should be able to malfunction in such a way to cause such battery drain.
Can you elaborate on what these different repos are and do? And, referring to a child comment, what is divest?
On Android, we’re used the “Play Store” being both the app that facilitates downloads as well as the collection of apps available. With F-Droid, you can add additional collections of apps to make available for download.
You might add an additional repository to gain access to apps not in the main F-Droid repository. You might add a developer’s repository to gain access to updates to their apps before those updates hit the main F-Droid repository.
Divest is the developer repository for app maintained by Divest OS, a fork of Lineage OS.
I have and use F-Droid but hadn’t caught on to repos and their function. Just seen it mentioned. Thanks for elaborating!
Some software developers prefer to host their own repos and have more control over the release process and/or don’t want to fill all the criteria for being included on f-droid, so they create their own repos. Some of these apps can still be found on vanilla fdroid, but often aren’t updated so frequently.
Izzyondroid, on the other hand, is a different project, aimed at hosting different apps that are usually from smaller devs and can’t be included on fdroid yet, for different reasons.
The greatest thing about fdroid is that it allows anyone to create their own repos and you aren’t forced to depend on anyone.
I would avoid adding other repositories because you are risking malware and anti features.
F-droid is slow to get updates but it also verifies each app
There is safety there, but you’re just as safe using the the developer’s own repository for their apps, like NewPipe, Collabora, or the Guardian Project.
Oh THAT’S what repos are for? I assumed they were all independently structured and incompatible with each other for different reasons lmao.
I just have the basic f droid app, the layout is awful and confusing. Is there one you suggest?
I’m a big fan of Droid-ify.
I think he did suggest droid-ify with fdroid repo: https://github.com/Droid-ify/client
Looks good, I will try it out. You have it in F-droid :)
Apologies, I didn’t follow what was a storefront and such.
Then check out droid-ify. It has a really clean looking UI that won’t get in your way.
Thanks
Don’t forget Divest, a must have repo. Also Molly for a foss signal client
Many years ago I tried to go completely de-googled, and that involved using only F-droid. One of the many problems I faced was the tedious update process. I needed to tap each and every app individually every time there were updates. I wonder if droid-ify could have fixed that. Unfortunately I didn’t come across that app at the time, so I didn’t try it out.
Oh for sure! Droid-ify offers a few different installation methods. The Legacy and Session install options are what you are used to. With those methods, you are prompted to download and install with each update.
With the Root install method, updates can be downloaded and installed in the background using root privileges. Lastly, and I think most intriguing, is using Shizuku. Shizuku is a utility that will give you close to root access using ADB. See link for details. So, with the Shizuku install methods, Droid-ify can keep all your F-Droid apps up to date with little intervention from the user.
Footnote: Because Shizuku leverages ADB, it needs to be started manually after each reboot.
That’s awesome! Looks like there’s been progress while I was not looking.
What do you think, is it now a viable option do daily drive a completely de-googled phone?
It’s a lot more feasible than it used to be. I also use Aurora Store to fill in the gaps.
I second Izzy, add:
Been using Fdroid to the point where my first boot into a new phone is:
Open chrome > download fdroid > open settings > uninstall/disable every single application I can > open fdroid > install all the relevant apps I require for making my phone useful
I’m just waiting for a small life upgrade in order to be able to support some app developers; it will be money better spent than using the standard google apps.
You might want to consider your next phone to be a pixel+grapheneOS.
any lineage os supported device is enough, i think
LineageOS isnt degoogled by default
It’s a lot better than stock, even though there are still some Google things left over. If you don’t install your own GApps, then the Google stuff in Lineage is minimal.
Doesn’t take long to De-google it up to 95% or so
It’s insane that I can’t make any steps towards ungoogling myself w/o paying 2.5 times the price of a phone. I can’t buy an allready degoogled pixel here, I can’t buy fairphone here, I can only use a package forwarding service from the US, declare it to customs - and watch them add a monstrous fee to it.
I wish I could have the courage to buy a pixel and try to replace the OS myself - but I fear I will just brick it…
Installing GrapheneOS is actually ludicrously easy if you’re expecting some kind of root exploit nonsense like you used to have to do with custom ROMs! Full instructions here, happy to answer any questions if you need!
You 99% won’t brick it, I guarantee you. Graphene’s install is really easy. You press a few buttons on a website and never touch a terminal, aside from if you’re on GNOME. As for price, I got a used Pixel 4a 5g for 100 and newer ones won’t be as expensive as the things you might’ve gone for. Try a used Pixel 6a? (Graphene doesn’t extend software support)
I just did it two days ago, had the same fears, everything went smooth like butter
Bricking is a possibility but for phones that can be unlocked, it should be a matter of following the instructions on Lineageos - unlock the bootloader, flash the recovery partition, flash lineageos + Google apps.
The biggest pain in the ass for me was trying to get the adb & fastboot tools to talk to the device in the first place. For example OnePlus requires drivers for its devices but Windows doesn’t install them automatically so you have to go find them. Except the adb driver works but the fastboot one didn’t. Then after a bunch of searching it turns out OnePlus forgot to sign the fastboot driver so Windows refused to install it and I had to boot Windows in a convoluted way to disable signature verification to get the driver installed.
After all that, the rest was relatively straightforward but it still took several hours of effort. IMO Lineageos is a pretty ugly dist but if you install Google Apps it’s not missing anything and it extends the phone’s life beyond what the manufacturer could be bothered to support.
The first issue is that you’re in the US.
As for installing Graphene, it’s very unlikely that you will brick your mobile, since with the new WebUSB installer, you don’t have to do anything. Just set it to install and have your favourite beverage whilst the Web installer deals with it
I just run lineage os
I’ve used so called entry level phones my entire life; I can’t motivate myself to spend the amount a Fair Phone costs, although the concept is appealing and regardless the geek in me going nuts with the idea of tinkering with my phone as I do with my computer. I also prefer rugged phones, which is something most brands don’t cater to.
My current phone is an Oukitel and has already passed the three year mark, still more than enough for my needs, in great part thanks to my option to run FOSS whenever possible.
I just run Lineage os. Sure its not as secure but it supports many phones and is clean and light.
Combine it with F-droid and your golden
I doubt I can get that to run on my phone. Being a minor brand, it is as if it doesn’t exist.
What device is it? There probably is an unofficial build.
Also 3 years is not that old. My phone is from 2019 and runs Android 13 just fine (Motorola-ocean)
Oukitel WP8 Pro
It has an MT6762D CPU, with 4GB RAM.
And now I’m doubting for how long I’ve had it, has the last update for the Android 10 it runs is from 2020 and I can remember updating it, for sure.
Ok, your right there is very little support for that device. Sorry I couldn’t be more help
Droid-ify is the best way to use f-droid imo
What are the perks of using this vs. the standard F-Droid app?
More built-in repositories and a nicer UI.
Nice. I just decided to try it, and this seems really nice so far. The built-in repositories feature is really nice, especially for people who are just getting acquainted with F-Droid
Does it have an update all button? That’s what prevented me to keep using it some months ago.
It does now yes.
Why would you ever want to do that? Sometimes the older version is better for about a third of the apps on my device.
Running outdated versions of software, whether on your phone or the desktop, will generally expose you to more vulnerabilities and is not best practice from a security perspective.
Huh, most of the time. I mean, people like you don’t have to use it at all, but I prefer to just press “Update all” once if I have >2 updates in a row.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
Droidify has an ignore all new versions button. And you can of course downgrade whenever you want.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
I know this thread is already a little old, but here is the list of my favorite apps from F-Droid/Izzy. I use a lot of these almost daily and just thought I would share these in case someone might find a new app they find useful
- Eternity (Infinity for Lemmy)
- Buckwheat (Budgeting)
- Aegis (Authentication)
- Lawnchair (Pixel-like launcher)
- Quillnotes (Markdown notes app)
- Forkyz (Crosswords)
- Geometric Weather
- Imagepipe (Removes exif data and reduces pics)
- AntennaPod (Podcast app)
- Olauncher (Beautiful and minimal text based launcher)
Geometric Weather has a more active fork called Breezy Weather.
Quillnote has a more active fork called QuillpadSexy weather app. Thanks for the follow up comment. No more ads when I want to check the weather.
Thank you
Breezy however is not and (according to author of that fork) will not be in F-Droid repo. You can download it form IzzyOnDroid or wait for their own F-Droid repository.
What kinda good stuff is on F Droid they the average User might want?
deleted by creator
Newpipe - A YouTube client without ads.
Literally can’t say enough good stuff about Newpipe.
Everything YouTube SHOULD be, this is. LISTEN TO A VIDEO IN THE BACKGROUND!!!11. Playback speed infinitely adjustable- good for lectures, interviews, etc. No ads. No bullshit.
Most of the apps of tibor kaputa. I really like the simple gallery. The simple dialer and simple contacts are also really good. Just clean default apps that do what they should.(adfree)
NewPipe lets you listen to youtube videos without the screen on (and also download them or just the audio).
Probably the main thing I use
Endless Sky and Mindustry are some good, fun, deep games.
oh and shattered pixel dungeon also…
The UX for Mindustry sucks compared to something like Factorio, because it’s really tough to do those controls on touch screen, but it’s good enough. I’ve enjoyed it for the little I tried.
redreader, newpipe, session messenger(needs repo thing from website), aurora store, simple gallery pro
Osmand (offline GPS maps)
Same version as the android store but free.
Newpipe in particular is super important. It’s a better YouTube app with more features and no ads.
Sorry for not supporting Google, I know they need more money… /s
I prefer LibreTube because it doesn’t look outdated and it uses Piped, so you never actually connect to the YouTube servers and you can synchronize your subscriptions and playlists
Agreed. LibreTube is really good.
Just got it. Amazing! Thanks!
It’s a fantastic app. Remember to set your default YouTube links to open with it also, you can do that with android in app settings.
I use LibreSudoku. It’s a very nice Sudoku app.
Öffi, a non sucking public transportation app.
Thanks to US infrastructure I don’t need yet another map just for public transport! Thanks US government for looking out for us little people! (I really don’t think this is needed, but /s just in case.)
Pretty much all the basics are covered, here are some examples:
- Newpipe for videos and music
- FairEmail for email
- Organic Maps for maps and routes
- Aves Libre for gallery
- lots of privacy-oriented instant messaging apps (I use DeltaChat)
- Jerboa for lemmy
- plethora of calendars, todo apps, calculators, keyboards…
- some games
And then of course all you power-ish user stuff (alternate launchers, clients for self-hosted clouds and stuff, terminal emulators…)
Worth noting while checking out Aves libre it seems the developer has renamed it to just Aves and continued updating.
New to f-droid so if I have this wrong let me know
A lot of the utility is it having apps with similar capabilities but without the same kind of privacy invasions, and with better description of what anti-features an app has. So as far as ‘the average user’, I’d just say alternative apps (or even the same ones, if you’re already using FOSS apps) to the same ones they’d use on Play Store, and a few of the games.
Everything
Fdroid basic allows automatic updates!
The guadian project repos are also preset, albeit not enabled by default.
So does Neostore and Droid-ify. Those are worth looking into.
Are they planning on modernizing the app for Material You? It feels out of place in my phone in 2023.
edit: all the people who suggested Droid-ify know what’s up. Thanks, guys!
You can use neostore or droid-ify for material fdroid
Are they updated to use the new difference-based repository format?
EDIT: I was curious so I searched, they don’t.
Not sure about neostore, but droid-ify takes like a half a second to fetch repo updates, and fdroid takes me like 10 seconds.
The official F-droid client has material design. Material design 1, the only material design that has anything to do with the concept.
You’re not wrong there.
I have a lot of complaints about this too, but namely lack of seamless updates is baffling to me.
Luckily I found Droid-ify and solves both those problems. Also has the common repos frequently added, like IzzyOnDroid, easily pre-available to enabled in the settings.
This definitely replaced the archaeic fdroid client for me, they desperately need an overhaul as it’s a terrible first impression.
You can get Droidify and it provides a more pleasant visual experience.
I personally like it. However there are alternative apps
The ui seems ok, but the search is so ridiculously bad I’d don’t know how they did it.
I sure hope not. No no no. Material you is ugly, and in 99% of apps not an option, but a forced changed. No need for that. It looks good enough for an app store.
God I hope not
Try Neostore too…
^^^ This!
Even better obtanium installs direct from the Devs host. You could use fdroid to find the homepage/where they host and add it to obtanium
Installing through F-Droid is way easier tho and the IzzyOnDroid repo actually uses the binaries from the developer
Though, last I checked, IzzyOnDroid does warn that they usually only host things not found on F-droid. Once something they host gets included in F-droid it’s often removed from IzzyOnDroid without warning.
You could use Droid-ify and have the best of both worlds
I don’t know if you didn’t understand their comment or if Droidify has a feature I didn’t knew about.
Droid-ify offers apps from different repositories so you can have Izzyondroid and F-droid at the same time. It also scans for updates and does auto-updates if possible.
Yeah I know about that but what has that to do with IzziOnDroid apps which pulls the apps from GitHub being removed after they’ve been added to the official Fdroid repo
Apparently it seems that I don’t get it indeed.
I said Droid-ify is a 'best of both worlds because it offers the easy of use of F-droid but also pulls from IzzyOnDroid/GitHub.
I prefer F-droid as it adds a layer of checks to hopefully keep the devs from doing something malious
are you under the assumption that fdroid has security benefits?
Its not security I’m looking for. If I wanted security I would be running stock with all of the apps from large corporations.
What’s good about F-droid is the freedom you get when you use it. All of its apps are libre. You have the ability to tweak them anyway you want and the source code it yours to study, learn, modify and distribute.
not… after… security… hmm. 😶
That’s correct
Some people like to live dangerously.
This is actually the way
Love F-Droid but be aware of the risks and always try to use a developer repo when possible…
Those are some very strange objections to F-Droid. The outdated signing software on the backend doesn’t really affect the end user, for a start. The signing key problem is also present in Google Play, the only other app store people actually use, and it’s intentional.
F-Droid builds the sources developers make available, it doesn’t accept a developers 's build with the pinky promise that no malware was added when they compiled there code.
The loose requirements are a feature, not a bug; things like a low API target level are why Termux still works on F-Droid but not on GPlay. This does pose some privacy risks because of API compatibility stuff, but because of the requirements for an app to be even listed on there, the impact is minimal.
Should F-Droid improve their technical debt? Definitely. Does any of this pose an actual risk to users? Definitely not.
Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?
What diminished security, though? “Apps you can install may be evil” is true of any software repository, whether it’s the Microsoft Store or Steam.
You should trust the devs of anything you install as much as the Google devs. Not just the devs of the app store itself, also the devs behind the apps these stores serve.
If you don’t trust them, don’t use their product. Not trusting a third party is one of the major reasons F-Droid is even a thing, because Google can’t exactly be trusted to have your best interests in mind with their app store.
The diminished security resulting from the increased likelihood of a (single point of failure) supply chain attack.
Yes its possible for malicious devs to trojan apps, but due to apk signing it is much more difficult for a third party entity to induce a supply chain attack, which is my real concern when it comes to phone security.
If you have a lower threat model, this post isn’t for you…
I don’t see how supply chain attacks on F-Droid are any different from other app stores. Supply chain attacks would also attack the APK compiled on a deb’s machine.
Also, APKs are signed on Google’s servers, devs don’t have control over those signatures anymore, unless they distribute their APKs through other means (which would impose similar if not worse risks compared to F-Droid, of course).
If you think Fdroid security is on par with Google security… then I got a bridge to sell you
How does a supply chain attack work?
An upstream compromise that affects downstream hosts. A good example is the NPM supply chain attack -> https://hackaday.com/2021/10/22/supply-chain-attack-npm-library-used-by-facebook-and-others-was-compromised/
I actually would go for the main repo as all the software in the main repo is reviewed by the main Dev team
Did you even read the article? F-Droid signs all the apps in the main repo…
The author of this article completely misses the point of F-droid. They clearly are used to a world of proprietary software that takes “security” over freedom
So yes I did read the article and no it doesn’t change anything. If your going to make an argument you shouldn’t just link to someone else’s work. Part of the problem with the internet is no one thinks for tuemselves
Sure, I’ll spell it out for you since apparently the point went right over your head. Fdroid devs are a single point of failure by signing every application themselves. This introduces a potential for supply chain attack, not to mention Fdroid running on EOL servers.
When you use an individual dev repo, you can avoid any trojanized apps from Fdroid because the developers maintain their own infrastructure and sign their own apks.
That’s called… D I S T R I B U T E D T R U S T
The reason F-Droid builds from source is to ensure that they can enforce their inclusion criteria. If you go outside F-Droid you lose that guarantee. For example, self-published apks in github or google play may contain anti-features or proprietary code that are forbidden by the F-Droid standards.
From another point of view, what you call a single point of failure is a third party that represents the interests of the user community, independent from individual developers. This is the same model used in GNU/Linux distributions, and Drew DeVault explains here the role that software distributions play in the free software community.
Of course, this represents a trade-off, in that you are placing trust in the software distribution instead of or in addition to the upstream developer. The question is, how can you solve the problem without foregoing F-Droid’s inclusion standards? The answer is reproducible builds, where F-Droid builds from source and compares to the developer’s apk, and publishes the developer’s apk with their signature if the build reproduces successfully.
Until Reproducible builds are the norm in the Android free software world, I accept the trade-off because I value having software freedom in my computing, and I know I can’t trust upstream developers to care about that as much as F-Droid or I do.
Sure, atleast you admit there’s a trade off (security) for (FOSS) and maybe some additional privacy.
People should be made aware of the risks and choose according to their threat models, which is why I’ve highlighted some of these issues to begin with.
Everything the F-droid team does is out in the open. Your welcome to audit it once in a while and suggest changes to make it better. I’m sure they wouldn’t mind the help.
F-droid is the best tool we got. Its not a silver bullet but it is better than anything else I’ve seen
Don’t forget to add the New pipe repo!
I recommend the NewPipe-Sponserblock instead of default Newpipe
Can also recommend the SimpleX chat, Bitwarden, Cryptomator and Briar repos. There’s also IzzyOnDroid, though I think they have less strict guidelines.
NewPipe Sponsorblock repo from Izzy:
https://apt.izzysoft.de/fdroid/index/apk/org.polymorphicshade.newpipe
Why is the Newpipe repo necessary when NewPipe is also in the F-Droid repo?
Faster release, sometimes it takes a while for the F-Droid to build the new version and Google has a tendency to break it.
thanks
I have never found anything useful in it. And god I have tried. I end up uninstalling it every time.
Here’s mine:
- AnkiDroid - mobile version of popular desktop flashcards software Anki
- Bitwarden (don’t remember if this needed a repo) - favourite password manager
- Catima - holds loyalty cards
- Fennec F-Droid - Build of Firefox without ads and that supports more extensions
- DiskUsage - see what’s taking up your disk
- GadgetBridge - FOSS app for smart watches, Mi bands etc.
- Lawnchair - Home screen replacement that’s visually identical to the default one but allows me to double tap to lock
- Material Files - file manager
- Loop - Habit tracker
- p!n - Pin reminders to notifications
- muPDF Reader - fast PDF reader that doesn’t crap out when I zoom in and out unlike Google Drive
- Simple Gallery - lightweight gallery app
- NextCloud and NextCloud Notes - Access NextCloud
- Scrambled EXIF - Share pictures without giving away EXIF data
- Tusky - nice Mastodon client
- Shattered Pixel Dungeon - a game way too addictive to be safe to install
- NewPipe - FOSS frontend with AdBlock and downloader for YouTube, SoundCloud, Bandcamp and others
- Librera - read EPUBs
- Lemoroid - Nice libretro client to play video games
- Infinity - Reddit client that still works. I believe they did something hacky with the API key to get around the block.
- Migraine Log - Nice app for migraine sufferers to log their attacks
- Scarlet - Beautiful notes app
Thanks for the mentioning GadgetBridge. Just revived an Amazefit Smartwatch that I wasn’t using because of the default app!
Mull browser, termux, nextcloud, Jerboa, Infinity reddit, organic maps, and espeak just to name a few
Ok, yeah, I use termux on my android tablet, and it’s awesome. But other than that, I don’t find any other app interesting. Who knows, maybe with time.
And the stuff you do want to use is often best installed from the Dev’s repo because fdroid takes forever to update theirs.
And last time I checked they still hadn’t implemented the now years old APIs that would let them to silently update apps, so unless the phone is rooted you need to click for every update…
Try f-droid basic, it lets you update automatically
I’ve always had a niggling worry that downloading apps from 3rd party app stores came with a higher risk of getting apps with viruses and spyware.
any truth to this?
Not really.
Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.
The repository is also highly focused on privacy and security and will warn if applications have security flaws or depend on non free services.
As an example, I use NewPipe instead of the standard YT app and it has a warning it depends on non-free services.
One other example I can give is Librera. It’s a very feature rich ebook/pdf/etc reader. At some point, a security flaw was discovered and the app was instantly flagged has having such problems and users were advised to not install it.
How is Librera to download now?
Works fine for me.
Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.
Reviewed by who though? Malicious apps even get through apple and Google’s screening. I can’t see how fdroid can match the capabilities of those guys.
Malicious apps can make it onto F-Droid as they can onto any app store. The biggest difference is that F-Droid compiles apps from the published source code rather than accent uploads from the developer directly. That means only apps with source available are installable by default, built from the source everyone else can read.
If there’s any malware in these apps, the malicious code can be found in the public source code.
There is a manual vetting process before an app is accepted into the repo which should detect shady behaviour but updates aren’t subject to this strict process, so it’s not a full fix.
The benefit of open source apps is anyone can view the code to see if there is malware or other installed.
This is a bit of a fallacious point in this context - it suggests:
- apps will be investigated by its users (not guaranteed, nor even likely for unpopular apps)
- an app will even have users capable of detecting malware (I don’t know squat about phone malware patterns, so I wouldn’t be effective at it even if I did scan through thousands of lines of code)
What I can tell you is that Google was extremely detailed in their monitoring of my apps - even looking up e.g. rate limits of the steam api to check if I properly deal with those. And I pick that example since I don’t want to talk about the ways I mishandled user data out of negligence or ignorance.
Back then I perceived it as harassment. Today I will certainly not install any apps that didn’t pass their testing.
And we’re not even talking about deliberate malware but simple incompetence. I would consider the average hobby app project to be borderline malware and a proper QA needs qualified personnel. I don’t see how F-Droid can ever reach those standards.
Play’s reputation for being full of malware stands directly at odds with your assessment.
Hobbyists are rarely incompetent. They actually take pride in their work, and aren’t just trying to quickly slap something together for a quick buck.
Not sure what gave you the impression that most phone apps have gone through professional QA, but I very seriously doubt that they have.
As for mishandling user data, it’s a lot easier to avoid doing that when user data never leaves the user’s device in the first place. Proprietary apps collect user data for profit; free and open source apps often don’t.
Thats what they want you to think
But its because they want your money
Yes but F-droid is an exception. Be careful of adding third party repos though
What is your justification for this claim?
I use F-Droid as my main app store, and while I trust most of the apps on there and haven’t found any asking for permissions they don’t need, I wouldn’t claim any Android app store is more secure than the Play Store. This post goes into technical detail comparing the two: https://privsec.dev/posts/android/f-droid-security-issues/ - Note: emphasis in the conclusion mentioning that these criticisms may or may not really matter, depending on your threat model. (as an aside - if anyone here doesn’t know what a threat model is, determine yours before participating in any privacy community or you’ll just end up with useless paranoia)
That said, I would guess that Play Store may have a higher risk of malicious apps only due to the fact that there are far, far, far, far more potential victims, and being the default app store, victims less likely to be technically experienced enough to notice false apps. So, almost all attackers will probably aim for the most targets and only bother targeting the Play Store, despite the extra challenges.
[tagging @elbowgrease@lemm.ee ]
You should make up your own mind. Don’t be a puppet to some guy online who wrote an article
I did make up my mind, and both I and the article both explicitly emphasise people to apply the facts it presents to their own circumstances. What you just wrote is very condescending and insulting.
Well my intention was not to offend you. However, I still firmly believe that using a proprietary app store run by google is not as good as a app store that takes libre software as a priority.
Sorry if you interpreted as a insult. I just don’t like when people blindly follow others. I am not sure if that’s some you are doing but its something I see a lot of. I’m not perfect either and I probably should work on my wording to make it less harsh.
It’s alright, and just to be clear, I do use and support F-Droid because I personally think it is better and suits my privacy goals. I didn’t mean to sound as if I wasn’t supporting it, just that it’s a bit more nuanced when talking about the security side: like almost everything in security, it’s more complex than one took being universally better than another.
deleted by creator
Even small companies have to deal with, “supply chain”, attacks, criminals putting code into open source repositories to steal data and get access to servers. App stores are major targets too.
There have been weather apps that need your location to show you weather and oops we also send your location history to our data center in China and sell that data.
There have been, “document scanner”, apps that help you take pictures of things like credit card statements and did we not mention we send those images to Russian servers?
Do use a major brand phone like Samsung, keep your OS up to date, and don’t expose private info to these apps or give them special privileges, especially, “accessibility”, or, “screen reader”, and you should be okay.
I made a website to help finding well-maintained F-Droid apps through Github/Gitlab metrics here: https://dbeley.github.io/fdroid-insights/
Neo store is a nice layout for f-Droid if you want a more modern look