This screen that #Google shows on #Android when installing #FDroid really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if #FDroid marked anything that comes from Google as containing ads and trackers. 1/2
Looks like the latest release of #FDroid, v1.17.0, does not get flagged by #Google, at least in the #Android 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged #targetSdkVersion, but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.
@eighthave the irony of google claiming fdroid doesn't include their "privacy protections"
@eighthave I'm against #monopolies, but I fail to see a clear monopolistic behavior here. This check does not prevent running sideloaded apps, but it displays to users that there is some indication of potentially outdated and therefore unsafe apps. The targetSDK version is one of the few (and not that bad) programmatically checkable values.
Increasing the targetSDK version is just good practice, as it tightens the SELinux sandbox of apps and can enforce better/more private API usage.
@eighthave Just fix the app already! You had multiple years already. #fdroid
@mynacol I agree that bumping targetSdkVersion is good when there is no cost. When there is a cost, then devs should do a cost-benefit analysis. The targetSdkVersion sandbox also breaks features that people rely on, #UserFreedom means giving users real choices.
Looking at the new screen, it looks like Google has blocked installing the app. Many users have said as much. That's the monopolistic part.
And F-Droid v1.17 will have a higher targetSdkVersion. That cost a lot of dev time and money.
@eighthave What sandbox restrictions break existing features? Maybe we developers have to change APIs/add new permission requests etc., but fundamentally all the stuff the F-Droid client does should be possible.
(Except for the stuff #Termux does, there is currently no method known how to support current targetSDK versions)
I think like 95% of devices use something like android 8+
@eighthave No, because I have an ungoogled device with CalyxOS.
The Play store tells me that F-Droid was made for an older device.
@MyWoolyMastadon F-Droid Nearby is actually a different app, it is not the #FDroid client app, it is just the nearby app swapping functionality, nothing else. #GooglePlay does not allow other app stores in.
Thanks for clarifying. I was confused.
@eighthave no flagging here yet, on three devices.
@eighthave F-Droid 1.16.4 is flagged as unsafe. 1.17.0 isn't.
Fairphone 4 with Android 12.
@eighthave I use LineageOS and a warning pops up when I use an app targeted at an older Android version when it needs permissions. I don't see that warning on F-Droid but going in the settings revealed that it was considered as a "Legacy app", but installing F-Droid Basic Alpha (targets A13) I see no issues whatsoever.
@eighthave BTW I don't have gapps installed.
@vitali64sur Could you try installing version 1.17.0? I believe that's fixed now
@eighthave I use Droid-ify now.
@vitali64sur ok, that's fine. I was just hoping you could test the F-Droid client to see if it still triggers that warning
@eighthave F-Droid Basic alpha doesn't have this problem so I'd assume this is fixed. :)
@eighthave I like F-Droid
@eighthave By the way, as said before no warning pops up. In the settings it was just listed as a legacy app.
@eighthave if sideloading stops being allowed than it is time for me to find a new phone. this was the biggest advantage of android phones.
@eighthave Why not update the target SDK to get rid of this?
@lehtimaeki @eighthave because they want to support older versions? Idk much about Android dev
@lehtimaeki For those who believe that targetSdkVersion is more important than other features, #FDroid Basic is available, and it targets 33 (the latest). The official alpha is available already, the release will be out any day now https://f-droid.org/packages/org.fdroid.basic/
@eighthave I wounder if such #FUD is actionable, but that's #NotLegalAdvice...
The fact that #NSAbook and other #PRISM collaborators don't get this put in fron t of their Apps says everything...
@eighthave You don't get it! It is unsafe for #Google!
@eighthave It's important to read this in context: this is Google talking about privacy. I'll let you decide whose privacy is at stake here
@eighthave Google deserves to be fucked. This kind of stuff is why Google is an evil monopolistic capitalist corporation.
@eighthave also you should just install CalyxOS proper if you can, it'll make life so much easier than trying to brute force something Google doesn't want you to do.
@eighthave "Doesn't include the latest privacy protections"
As if they care, I recall them flagging Exodus as unsafe as well.
@eighthave Wow very nice warning on privacy from "google" ... haha what the faaak 😂
@eighthave
F-droid 1.16.4 here, not flagged (android 13)
I will go one step further and say that calling #FDroid an "unsafe app" by this standard is dishonest. It seems that some at #Google also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the #GooglePlay team is still focused on protecting their #monopoly, this time using scare tactics. 2/2