This screen that shows on when installing really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if marked anything that comes from Google as containing ads and trackers. 1/2

Follow

I will go one step further and say that calling an "unsafe app" by this standard is dishonest. It seems that some at also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the team is still focused on protecting their , this time using scare tactics. 2/2

Looks like the latest release of , v1.17.0, does not get flagged by , at least in the 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged , but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.

Show thread

@eighthave the irony of google claiming fdroid doesn't include their "privacy protections"

@eighthave I'm against #monopolies, but I fail to see a clear monopolistic behavior here. This check does not prevent running sideloaded apps, but it displays to users that there is some indication of potentially outdated and therefore unsafe apps. The targetSDK version is one of the few (and not that bad) programmatically checkable values.
Increasing the targetSDK version is just good practice, as it tightens the SELinux sandbox of apps and can enforce better/more private API usage.

@eighthave Just fix the app already! You had multiple years already. #fdroid

@mynacol I agree that bumping targetSdkVersion is good when there is no cost. When there is a cost, then devs should do a cost-benefit analysis. The targetSdkVersion sandbox also breaks features that people rely on, means giving users real choices.

Looking at the new screen, it looks like Google has blocked installing the app. Many users have said as much. That's the monopolistic part.

And F-Droid v1.17 will have a higher targetSdkVersion. That cost a lot of dev time and money.

@eighthave What sandbox restrictions break existing features? Maybe we developers have to change APIs/add new permission requests etc., but fundamentally all the stuff the F-Droid client does should be possible.

(Except for the stuff #Termux does, there is currently no method known how to support current targetSDK versions)

@eighthave what's the problem with updating the SDK version? Just provide a f-droid legacy app for old devices...

I think like 95% of devices use something like android 8+

@eighthave No, because I have an ungoogled device with CalyxOS.

@mark22k yeah me too, that's the hard part. We want to make it easy for users stuck on to escape. That means making things work well on Google devices.

@MyWoolyMastadon F-Droid Nearby is actually a different app, it is not the client app, it is just the nearby app swapping functionality, nothing else. does not allow other app stores in.

@eighthave F-Droid 1.16.4 is flagged as unsafe. 1.17.0 isn't.

Fairphone 4 with Android 12.

@eighthave I use LineageOS and a warning pops up when I use an app targeted at an older Android version when it needs permissions. I don't see that warning on F-Droid but going in the settings revealed that it was considered as a "Legacy app", but installing F-Droid Basic Alpha (targets A13) I see no issues whatsoever.

@vitali64sur Could you try installing version 1.17.0? I believe that's fixed now

@vitali64sur ok, that's fine. I was just hoping you could test the F-Droid client to see if it still triggers that warning

@eighthave F-Droid Basic alpha doesn't have this problem so I'd assume this is fixed. :)

@eighthave By the way, as said before no warning pops up. In the settings it was just listed as a legacy app.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml