Follow

is not the only one dreaming up new features. There are many of us. @fdroidorg on making the most trustworthy app distribution platform, following as many best practices as possible. Many Apple has not implemented, like app reviews of source code rather than binaries, or . We require human review or apps. Over 60% of our apps are reproducibly built. Apple encrypts app files, making reproducible builds impossible. It continues to only review binaries apps not source code

@eighthave @fdroidorg
I love your work.

This guide is currently getting traction.
anarsec.guide/posts/grapheneos

Under "How to Install Software" it explicitly advises against installing software with fdroid in its current form.

A blog post from fdroid that responds to it would be great I think.

@desirable_dialogue @eighthave @fdroidorg GrapheneOS focuses on security first and foremost. Meanwhile F-Droid approaches things from a Free Software (free as in freedom) mindset.

For F-Droid devs, installing an old and insecure game on an old and insecure smartphone is a valid use case. You should be free to do so. For Graphene devs, it's terrifying and should not be allowed by default.

1/?

@desirable_dialogue @eighthave @fdroidorg
F-Droid doesn't allow proprietary dependencies and lists non-free servers as a misfeature. Graphene devs consider this silly or even bizarre.

In general, the criticism of F-Droid is valid from the viewpoint of maximum security. However not everyone's threat model is the same, and not all of the criticism is important for everyone. I can ignore the part about displayed permissions being misleading, for example.

2/2

@desirable_dialogue @fdroidorg It is a valid criticism that sometimes updates are too slow, and one we're working on as a top priority. We recently optimized our release cycle to reduce it by 6 hours. Much bigger changes are coming soon:
gitlab.com/fdroid/wiki/-/wikis

also regularly delays updates. trusts Play more than free software communities, published external audits, reproducible builds, and a 15 year track record. On that, I think we can agree to disagree.

@eighthave @fdroidorg

An advantage of using #fdroid is that it reduces Google's ability to create fingerprints.

Some suggest people should create an googleplay account to download software. That allows #google to know what software I use, and when I download/update them.

From a privacy concerned perspective, this seems like a very counter intuitive approach.
I understand that GrapheneOS has a security first approach, but the guide I linked directed at anarchists and privacy-guides are both very concerned about privacy. So I don't understand their recommendation.

Do I misunderstand how googleplay works?

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml