✨ Feature Suggestion | Create section for F-Droid, recommend reproducable builds #1800
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1800
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We should create a section mentioning F-Droid, why it should be used etc.
Some links we should use:
The section should also recommend https://gitlab.com/AuroraOSS/AuroraStore if Google Play apps are required.
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1577
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/338
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1201
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/874
Closes: https://github.com/privacytoolsIO/privacytools.io/issues/1248
Fixes: https://github.com/privacytoolsIO/privacytools.io/pull/1575
Fixes: https://github.com/privacytools/privacytools.io/issues/1956
We could also have a summary list of the other android apps we recommend, with a link to F-Droid as well as a handful of open source alternatives that people might like. Eg a fitness app, sound recorder, calendar, camera, notepad etc..
The requirements would have to be that it is maintained, in f-droid and meets decent QA usage.
I'm also thinking it would have 3 headings:
F-Droid, why we recommend it
Some apps in F-Droid that we recommend
Finally mention Aurora Store if the app is only in Google Play
Yes this page would be specific to Android, and no iOS equivalent would exist. The fact of the matter is that iOS is a proprietary platform, and most of the apps in AppStore are not open source let alone reproducible.
As for the issue just referenced and closed: My app listings help in chosing privacy-friendly apps:
and more – like links to reviews, guides…
We may use it for some inspiration, but we won't be using the actual site itself, and this shortlist certainly won't be an exhaustive "all apps for everything" list.
There will be indeed some areas where we do not offer recommendation.
Each application will require:
Don't forget AuroraDroid which is F-Droid replacement from AuroraStore guys and is more stable then F-Droid
Ah, OK – so you're going pretty strict, which is a good thing. Besides: item 4 automatically implies item 5 – as proprietary components are not accepted by F-Droid. Especially GCM/FCM was a stumbling block for many apps in the past (as it seems nowadays even toilet paper cannot do without that) – either they managed to create a flavor coming without GCM/FCM, or they were not accepted. Other apps are no longer updated because they've added such crap.
Item 4 also implies item 1, as F-Droid builds from source. For that, the source is checked multiple ways. Thanks for your "general description" in item 4 btw; this currently would match f-droid.org and the Guardian repo, but there might be more in the future.
Basically the reason for being so strict is because otherwise there isn't much point in bothering at all if we allow anything/everything.
There's really not much strength gained by using F-Droid unless you're making use of build verification. In fact I'd argue that repositories third party to Google are probably less secure if not verified.
We also don't want it to become an exhaustive list of "all the apps in the world", just a few alternatives that don't really fit in elsewhere, in addition to having things that we recommend already on various pages.
There are also particular areas that we won't be including, such as things which really can be done in the web browser without an app. Eg. you really don't need a weather app, when a bookmark in a web browser will be just as good.
The more apps people install, the more code that must be trusted, and thus audited. We do not want to encourage the "app for everything" ideology.
@beerisgood why would fdroid need a replacement though?
I am inclined to try out AuroraDroid especially if it provides a more stable experience.
However I don't like the idea of it having repositories with proprietary apps only a single tap away.
F-Droid is pretty good, but would we miss anything if we recommended AuroraDroid?
The original plan was to mention Aurora Store as a last resort, not a first-stop.
I think for the time being we'll only recommend the F-Droid app.
Because it has a lot of problems with search and install updates in background. Even with the privileged stuff installed.
Also from the AuroraDroid page:
It works perfectly fine here?
Are you sure? On every device i see it doesn't.
Start from automatic installs in backgrounds to simple automatic check for updates. No matter which network or Android version or device.
For example on one device here with Android 9 it doesn't update nor check for updates for a week. And this with the privileged stuff installed. This isn't how it should be work
@beerisgood This issue was introduced by Oreo (Android 8) – I do not have it on the one device still running Nougat (Android 7; but yes, confirmed on Oreo and up). The client needs the
FOREGROUND_SERVICE
on Oreo & higher to not be "cancelled" by Android. The issue is known to the client team, and being worked on. Admittedly, that takes a bit too long for my feeling as well…This. We already have Android 10 since fall last year and Android 11 is comming.
I wonder why implemate this is so hard and why AuroraDroid get it but not F-Droid.
Also F-Droid host a lot of old and insecure apps (some are 6+ years old). And also the updates are provided very very slow.
Thanks to you, @IzzySoft i got for example FairEmail updates daily! Not possible with nativ F-Droid.
This is a mess
@beerisgood we're getting slightly OT here, but short on the points: I fully agree on the client being a problem solved too late (who wouldn't). Standard apology: team is lacking resources (no bashing here, but I agree this takes far too long – without blaming anyone).
Old apps: you can always suggest having them moved to archive. "Old" alone is no argument for that – insecure is. And glad I was able to help – though my repo certainly won't be recommended by PTIO (not even partly) as it e.g. doesn't meet point 4 (verification server support).
@dngray why use some weird third party app if we got a good looking perfectly work first party app with a years long trusted reputation.
This is the point. I'm reluctant to suggest something which is not as mainstream as the F-Droid application. At least not to begin with.
I have to admit I also only have LineageOS 16 and a Graphene device on hand, ie Android 9/10.
Those apps won't be subject to the list. This list will be a very short list as everything must be well maintained. We will be auditing what gets added so we won't be adding a huge number of things.
@IzzySoft Do you know if F-Droid supports APK v2 signing?
@lynn-stephenson it supports v2 signatures (so does my repo). But it looks like it always signs v1 only, no idea why. You could raise that question in the corresponding issue tracker (most likely fdroidserver) or on IRC.