You must log in or register to comment.
It’s also a buggy piece of crap…
Update notification? Sweet! Gotta click it, right? Oh, some obscure error message that doesn’t let me update the apps. I guess I start the app itself then, right? Oh, it immediately crashed with an even more obscure error message. And what’s this? It shows me updates for apps that I have already removed. I wonder why? Maybe I should clean the cache and update the repositories. Huh? Oh, the update is stuck somewhere and doesn’t move forward anymore and now I can’t even search for anything.I never had any issues with it
I haven’t had any of that, but I do notice that F-Droid can’t seem to automatically update itself without erroring. Something about failing to parse the package; I forget the exact error message. I wonder what the problem is…
I’ve had tons of bugs with it as well. Still usable but annoying.
Neostore may be a better client for you.
I made a website to help finding well-maintained F-Droid apps through Github/Gitlab metrics here: https://dbeley.github.io/fdroid-insights/
It’s awesome
Unless you submit a FOSS app and they don’t feel like including it.
Are you talking about a particular app? Usually apps are rejected because they don’t meet the inclusion policy, not merely because “they don’t feel like it.”
It meets it quite well, still didn’t include it because of rule they made on-the-fly.
Can you share what app it was? And maybe link relevant GitLab discussion
I use iOS now though had f-droid installed on my old android phones :)
If you sell your IPhone now it may not be too late for you! :-)
Does anyone have a good foss ebook and pdf reader?
Thanks!
@moitoi @possiblylinux127 mupdf
I second MuPDF viewer for quickly viewing PDFs, it acts exactly as I expect it to and feels very slim.
But I am not sure if it is a good ebook reader. I use KOReader in connection with Calibre on my Laptop.
I use Librera every day: the user interface looks a bit outdated but has support for any format known to man and a ton of features (and I mean A TON)
KOreader. But it’s more aimed at ereaders.
if you’re looking for a legit READING app, KOReader is the only way to go. especially if you have an ereader tablet too that uses KOReader too and/or use Calibre. I moved to it from Kindle + Kindle app on Android and I just have no idea what the purpose of Kindle is anymore unless you buy ebooks directly from Amazon. in which case you should… well… stop.
Yeah, it’s pretty good. But at first it’s difficult to get the hang of it
Librera (f droid)
Librera reader is pretty good
Love F-Droid but be aware of the risks and always try to use a developer repo when possible…
I actually would go for the main repo as all the software in the main repo is reviewed by the main Dev team
Did you even read the article? F-Droid signs all the apps in the main repo…
The author of this article completely misses the point of F-droid. They clearly are used to a world of proprietary software that takes “security” over freedom
So yes I did read the article and no it doesn’t change anything. If your going to make an argument you shouldn’t just link to someone else’s work. Part of the problem with the internet is no one thinks for tuemselves
Sure, I’ll spell it out for you since apparently the point went right over your head. Fdroid devs are a single point of failure by signing every application themselves. This introduces a potential for supply chain attack, not to mention Fdroid running on EOL servers.
When you use an individual dev repo, you can avoid any trojanized apps from Fdroid because the developers maintain their own infrastructure and sign their own apks.
That’s called… D I S T R I B U T E D T R U S T
The reason F-Droid builds from source is to ensure that they can enforce their inclusion criteria. If you go outside F-Droid you lose that guarantee. For example, self-published apks in github or google play may contain anti-features or proprietary code that are forbidden by the F-Droid standards.
From another point of view, what you call a single point of failure is a third party that represents the interests of the user community, independent from individual developers. This is the same model used in GNU/Linux distributions, and Drew DeVault explains here the role that software distributions play in the free software community.
Of course, this represents a trade-off, in that you are placing trust in the software distribution instead of or in addition to the upstream developer. The question is, how can you solve the problem without foregoing F-Droid’s inclusion standards? The answer is reproducible builds, where F-Droid builds from source and compares to the developer’s apk, and publishes the developer’s apk with their signature if the build reproduces successfully.
Until Reproducible builds are the norm in the Android free software world, I accept the trade-off because I value having software freedom in my computing, and I know I can’t trust upstream developers to care about that as much as F-Droid or I do.
Sure, atleast you admit there’s a trade off (security) for (FOSS) and maybe some additional privacy.
People should be made aware of the risks and choose according to their threat models, which is why I’ve highlighted some of these issues to begin with.
Everything the F-droid team does is out in the open. Your welcome to audit it once in a while and suggest changes to make it better. I’m sure they wouldn’t mind the help.
F-droid is the best tool we got. Its not a silver bullet but it is better than anything else I’ve seen
Those are some very strange objections to F-Droid. The outdated signing software on the backend doesn’t really affect the end user, for a start. The signing key problem is also present in Google Play, the only other app store people actually use, and it’s intentional.
F-Droid builds the sources developers make available, it doesn’t accept a developers 's build with the pinky promise that no malware was added when they compiled there code.
The loose requirements are a feature, not a bug; things like a low API target level are why Termux still works on F-Droid but not on GPlay. This does pose some privacy risks because of API compatibility stuff, but because of the requirements for an app to be even listed on there, the impact is minimal.
Should F-Droid improve their technical debt? Definitely. Does any of this pose an actual risk to users? Definitely not.
Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?
deleted by creator
The diminished security resulting from the increased likelihood of a (single point of failure) supply chain attack.
Yes its possible for malicious devs to trojan apps, but due to apk signing it is much more difficult for a third party entity to induce a supply chain attack, which is my real concern when it comes to phone security.
If you have a lower threat model, this post isn’t for you…
How does a supply chain attack work?
An upstream compromise that affects downstream hosts. A good example is the NPM supply chain attack -> https://hackaday.com/2021/10/22/supply-chain-attack-npm-library-used-by-facebook-and-others-was-compromised/
I don’t see how supply chain attacks on F-Droid are any different from other app stores. Supply chain attacks would also attack the APK compiled on a deb’s machine.
Also, APKs are signed on Google’s servers, devs don’t have control over those signatures anymore, unless they distribute their APKs through other means (which would impose similar if not worse risks compared to F-Droid, of course).
If you think Fdroid security is on par with Google security… then I got a bridge to sell you
Fdroid basic allows automatic updates!
The guadian project repos are also preset, albeit not enabled by default.
So does Neostore and Droid-ify. Those are worth looking into.
I thought fdroid was out of maintenance and they recommend droidify
No, it’s definitely in very active development and put out version 1.17 recently
I can’t find anything about this. Got a source?
Okay so its not out of service, so that’s my bad. But it’s using an old android SDK, which could present security issues. Tbh I have them both installed it looks like. I prefer the ui of fdroid https://youtu.be/IzpVI4zaso0 https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client–apps
Here is an alternative Piped link(s): https://piped.video/IzpVI4zaso0
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Don’t forget to add the New pipe repo!
I recommend the NewPipe-Sponserblock instead of default Newpipe
NewPipe Sponsorblock repo from Izzy:
https://apt.izzysoft.de/fdroid/index/apk/org.polymorphicshade.newpipe
Why is the Newpipe repo necessary when NewPipe is also in the F-Droid repo?
Faster release, sometimes it takes a while for the F-Droid to build the new version and Google has a tendency to break it.
thanks
Can also recommend the SimpleX chat, Bitwarden, Cryptomator and Briar repos. There’s also IzzyOnDroid, though I think they have less strict guidelines.
Is downloading it from the google playstore stupid or okay?
The F-Droid app? Its not distributed on GPlat officialy. Could be a trojan. On an unrelated note I would say I trust F-Droid more than GPlay too. Don’t have GPlay or Aurora atm
That is probably an imposter
Use the link in the other comment.
Its not on the google play store
Download from the link instead. Once you download the apk file you can install it straight from your phone. You probably need to give permission for it to be installed.
I don’t believe you can get F-Droid from Play Store. I would get it from their official website just to be sure.
One shows up, which is what made me hesitant. Sounds like stupid is the answer.
Droid-ify is the best way to use f-droid imo
Does it have an update all button? That’s what prevented me to keep using it some months ago.
deleted by creator
Droidify has an ignore all new versions button. And you can of course downgrade whenever you want.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
Huh, most of the time. I mean, people like you don’t have to use it at all, but I prefer to just press “Update all” once if I have >2 updates in a row.
Running outdated versions of software, whether on your phone or the desktop, will generally expose you to more vulnerabilities and is not best practice from a security perspective.
It does now yes.
What are the perks of using this vs. the standard F-Droid app?
More built-in repositories and a nicer UI.
Nice. I just decided to try it, and this seems really nice so far. The built-in repositories feature is really nice, especially for people who are just getting acquainted with F-Droid
Something worth noting is that F-Droid is both an app to download other apps but they also maintains a repository of apps. You can use alternative store apps (like Droid-ify) with the F-Droid repository OR you could use the F-Droid app with a different repository (like IzzyOnDroid). You can mix and match to meet your needs.
I use the Droid-ify app with the F-Droid, IzzyOnDroid, microG, NewPipe, and Collabora repositories.
Once you start down this rabbit hole, give Obtanium a look.
I second Izzy, add:
I just have the basic f droid app, the layout is awful and confusing. Is there one you suggest?
I think he did suggest droid-ify with fdroid repo: https://github.com/Droid-ify/client
Looks good, I will try it out. You have it in F-droid :)
Apologies, I didn’t follow what was a storefront and such.
I’m a big fan of Droid-ify.
Then check out droid-ify. It has a really clean looking UI that won’t get in your way.
Thanks
Neostore is also a good alternative to the normal f-droid client
I wanted to like this one.
Neostore got stuck trying to sync repos or something and drained my battery from 80% to 20% within like an hour.
Uninstalled it immediately. No app should be able to malfunction in such a way to cause such battery drain.
Yep. Their permission and tracker built in viewer is a super qol feature
Yes, I much prefer Neostore.
Oh THAT’S what repos are for? I assumed they were all independently structured and incompatible with each other for different reasons lmao.
Can you elaborate on what these different repos are and do? And, referring to a child comment, what is divest?
Some software developers prefer to host their own repos and have more control over the release process and/or don’t want to fill all the criteria for being included on f-droid, so they create their own repos. Some of these apps can still be found on vanilla fdroid, but often aren’t updated so frequently.
Izzyondroid, on the other hand, is a different project, aimed at hosting different apps that are usually from smaller devs and can’t be included on fdroid yet, for different reasons.
The greatest thing about fdroid is that it allows anyone to create their own repos and you aren’t forced to depend on anyone.
On Android, we’re used the “Play Store” being both the app that facilitates downloads as well as the collection of apps available. With F-Droid, you can add additional collections of apps to make available for download.
You might add an additional repository to gain access to apps not in the main F-Droid repository. You might add a developer’s repository to gain access to updates to their apps before those updates hit the main F-Droid repository.
Divest is the developer repository for app maintained by Divest OS, a fork of Lineage OS.
I have and use F-Droid but hadn’t caught on to repos and their function. Just seen it mentioned. Thanks for elaborating!
I would avoid adding other repositories because you are risking malware and anti features.
F-droid is slow to get updates but it also verifies each app
There is safety there, but you’re just as safe using the the developer’s own repository for their apps, like NewPipe, Collabora, or the Guardian Project.
Many years ago I tried to go completely de-googled, and that involved using only F-droid. One of the many problems I faced was the tedious update process. I needed to tap each and every app individually every time there were updates. I wonder if droid-ify could have fixed that. Unfortunately I didn’t come across that app at the time, so I didn’t try it out.
Oh for sure! Droid-ify offers a few different installation methods. The Legacy and Session install options are what you are used to. With those methods, you are prompted to download and install with each update.
With the Root install method, updates can be downloaded and installed in the background using root privileges. Lastly, and I think most intriguing, is using Shizuku. Shizuku is a utility that will give you close to root access using ADB. See link for details. So, with the Shizuku install methods, Droid-ify can keep all your F-Droid apps up to date with little intervention from the user.
Footnote: Because Shizuku leverages ADB, it needs to be started manually after each reboot.
That’s awesome! Looks like there’s been progress while I was not looking.
What do you think, is it now a viable option do daily drive a completely de-googled phone?
It’s a lot more feasible than it used to be. I also use Aurora Store to fill in the gaps.
Don’t forget Divest, a must have repo. Also Molly for a foss signal client
Neo store is a nice layout for f-Droid if you want a more modern look
What’s the average time for an app to be approved? I submitted my app almost 1 month ago and it never got any comments whatsoever like other submitted apps do. I love the store though, most of my phone apps are downloaded from there!
It should only be a few days, can you bump your submission?
Was there an automated not response? If there was any errors or warnings you should try to correct them.
If not I would follow up
Thanks! There was only the F-Droid Bot. But I don’t see what’s wrong if there’s something wrong. I’d appreciate the help! The merge request is at https://gitlab.com/fdroid/fdroiddata/-/merge_requests/13448
Try Neostore too…
^^^ This!
