#Apple is not the only one dreaming up new features. There are many of us. @fdroidorg on making the most trustworthy app distribution platform, following as many best practices as possible. Many Apple has not implemented, like app reviews of source code rather than binaries, or #ReproducibleBuilds. We require human review or apps. Over 60% of our apps are reproducibly built. Apple encrypts app files, making reproducible builds impossible. It continues to only review binaries apps not source code
@eighthave @fdroidorg
I love your work.
This guide is currently getting traction.
https://www.anarsec.guide/posts/grapheneos/
Under "How to Install Software" it explicitly advises against installing software with fdroid in its current form.
A blog post from fdroid that responds to it would be great I think.
@desirable_dialogue @fdroidorg It is a valid criticism that sometimes updates are too slow, and one we're working on as a top priority. We recently optimized our release cycle to reduce it by 6 hours. Much bigger changes are coming soon:
https://gitlab.com/fdroid/wiki/-/wikis/Internal/Buildbot#production-launch-countdown
#GooglePlay also regularly delays updates. #GrapheneOS trusts Play more than free software communities, published external audits, reproducible builds, and a 15 year track record. On that, I think we can agree to disagree.
@eighthave @fdroidorg
An advantage of using #fdroid is that it reduces Google's ability to create fingerprints.
Some suggest people should create an googleplay account to download software. That allows #google to know what software I use, and when I download/update them.
From a privacy concerned perspective, this seems like a very counter intuitive approach.
I understand that GrapheneOS has a security first approach, but the guide I linked directed at anarchists and privacy-guides are both very concerned about privacy. So I don't understand their recommendation.
Do I misunderstand how googleplay works?