@desirable_dialogue @eighthave @fdroidorg GrapheneOS focuses on security first and foremost. Meanwhile F-Droid approaches things from a Free Software (free as in freedom) mindset.

For F-Droid devs, installing an old and insecure game on an old and insecure smartphone is a valid use case. You should be free to do so. For Graphene devs, it's terrifying and should not be allowed by default.

1/?

@desirable_dialogue @eighthave @fdroidorg
F-Droid doesn't allow proprietary dependencies and lists non-free servers as a misfeature. Graphene devs consider this silly or even bizarre.

In general, the criticism of F-Droid is valid from the viewpoint of maximum security. However not everyone's threat model is the same, and not all of the criticism is important for everyone. I can ignore the part about displayed permissions being misleading, for example.

2/2

@desirable_dialogue @fdroidorg It is a valid criticism that sometimes updates are too slow, and one we're working on as a top priority. We recently optimized our release cycle to reduce it by 6 hours. Much bigger changes are coming soon:
https://gitlab.com/fdroid/wiki/-/wikis/Internal/Buildbot#production-launch-countdown

#GooglePlay also regularly delays updates. #GrapheneOS trusts Play more than free software communities, published external audits, reproducible builds, and a 15 year track record. On that, I think we can agree to disagree.

@eighthave @fdroidorg

An advantage of using #fdroid is that it reduces Google's ability to create fingerprints.

Some suggest people should create an googleplay account to download software. That allows #google to know what software I use, and when I download/update them.

From a privacy concerned perspective, this seems like a very counter intuitive approach.
I understand that GrapheneOS has a security first approach, but the guide I linked directed at anarchists and privacy-guides are both very concerned about privacy. So I don't understand their recommendation.

Do I misunderstand how googleplay works?