You must log in or register to comment.
Something worth noting is that F-Droid is both an app to download other apps but they also maintains a repository of apps. You can use alternative store apps (like Droid-ify) with the F-Droid repository OR you could use the F-Droid app with a different repository (like IzzyOnDroid). You can mix and match to meet your needs.
I use the Droid-ify app with the F-Droid, IzzyOnDroid, microG, NewPipe, and Collabora repositories.
Once you start down this rabbit hole, give Obtanium a look.
Neostore is also a good alternative to the normal f-droid client
Yep. Their permission and tracker built in viewer is a super qol feature
Yes, I much prefer Neostore.
Can you elaborate on what these different repos are and do? And, referring to a child comment, what is divest?
On Android, we’re used the “Play Store” being both the app that facilitates downloads as well as the collection of apps available. With F-Droid, you can add additional collections of apps to make available for download.
You might add an additional repository to gain access to apps not in the main F-Droid repository. You might add a developer’s repository to gain access to updates to their apps before those updates hit the main F-Droid repository.
Divest is the developer repository for app maintained by Divest OS, a fork of Lineage OS.
I have and use F-Droid but hadn’t caught on to repos and their function. Just seen it mentioned. Thanks for elaborating!
Some software developers prefer to host their own repos and have more control over the release process and/or don’t want to fill all the criteria for being included on f-droid, so they create their own repos. Some of these apps can still be found on vanilla fdroid, but often aren’t updated so frequently.
Izzyondroid, on the other hand, is a different project, aimed at hosting different apps that are usually from smaller devs and can’t be included on fdroid yet, for different reasons.
The greatest thing about fdroid is that it allows anyone to create their own repos and you aren’t forced to depend on anyone.
I would avoid adding other repositories because you are risking malware and anti features.
F-droid is slow to get updates but it also verifies each app
There is safety there, but you’re just as safe using the the developer’s own repository for their apps, like NewPipe, Collabora, or the Guardian Project.
Oh THAT’S what repos are for? I assumed they were all independently structured and incompatible with each other for different reasons lmao.
Don’t forget Divest, a must have repo. Also Molly for a foss signal client
Many years ago I tried to go completely de-googled, and that involved using only F-droid. One of the many problems I faced was the tedious update process. I needed to tap each and every app individually every time there were updates. I wonder if droid-ify could have fixed that. Unfortunately I didn’t come across that app at the time, so I didn’t try it out.
Oh for sure! Droid-ify offers a few different installation methods. The Legacy and Session install options are what you are used to. With those methods, you are prompted to download and install with each update.
With the Root install method, updates can be downloaded and installed in the background using root privileges. Lastly, and I think most intriguing, is using Shizuku. Shizuku is a utility that will give you close to root access using ADB. See link for details. So, with the Shizuku install methods, Droid-ify can keep all your F-Droid apps up to date with little intervention from the user.
Footnote: Because Shizuku leverages ADB, it needs to be started manually after each reboot.
That’s awesome! Looks like there’s been progress while I was not looking.
What do you think, is it now a viable option do daily drive a completely de-googled phone?
It’s a lot more feasible than it used to be. I also use Aurora Store to fill in the gaps.
I just have the basic f droid app, the layout is awful and confusing. Is there one you suggest?
I think he did suggest droid-ify with fdroid repo: https://github.com/Droid-ify/client
Looks good, I will try it out. You have it in F-droid :)
I’m a big fan of Droid-ify.
Been using Fdroid to the point where my first boot into a new phone is:
Open chrome > download fdroid > open settings > uninstall/disable every single application I can > open fdroid > install all the relevant apps I require for making my phone useful
I’m just waiting for a small life upgrade in order to be able to support some app developers; it will be money better spent than using the standard google apps.
You might want to consider your next phone to be a pixel+grapheneOS.
any lineage os supported device is enough, i think
LineageOS isnt degoogled by default
It’s a lot better than stock, even though there are still some Google things left over. If you don’t install your own GApps, then the Google stuff in Lineage is minimal.
It’s insane that I can’t make any steps towards ungoogling myself w/o paying 2.5 times the price of a phone. I can’t buy an allready degoogled pixel here, I can’t buy fairphone here, I can only use a package forwarding service from the US, declare it to customs - and watch them add a monstrous fee to it.
I wish I could have the courage to buy a pixel and try to replace the OS myself - but I fear I will just brick it…
Installing GrapheneOS is actually ludicrously easy if you’re expecting some kind of root exploit nonsense like you used to have to do with custom ROMs! Full instructions here, happy to answer any questions if you need!
You 99% won’t brick it, I guarantee you. Graphene’s install is really easy. You press a few buttons on a website and never touch a terminal, aside from if you’re on GNOME. As for price, I got a used Pixel 4a 5g for 100 and newer ones won’t be as expensive as the things you might’ve gone for. Try a used Pixel 6a? (Graphene doesn’t extend software support)
I just did it two days ago, had the same fears, everything went smooth like butter
Bricking is a possibility but for phones that can be unlocked, it should be a matter of following the instructions on Lineageos - unlock the bootloader, flash the recovery partition, flash lineageos + Google apps.
The biggest pain in the ass for me was trying to get the adb & fastboot tools to talk to the device in the first place. For example OnePlus requires drivers for its devices but Windows doesn’t install them automatically so you have to go find them. Except the adb driver works but the fastboot one didn’t. Then after a bunch of searching it turns out OnePlus forgot to sign the fastboot driver so Windows refused to install it and I had to boot Windows in a convoluted way to disable signature verification to get the driver installed.
After all that, the rest was relatively straightforward but it still took several hours of effort. IMO Lineageos is a pretty ugly dist but if you install Google Apps it’s not missing anything and it extends the phone’s life beyond what the manufacturer could be bothered to support.
I just run lineage os
I’ve used so called entry level phones my entire life; I can’t motivate myself to spend the amount a Fair Phone costs, although the concept is appealing and regardless the geek in me going nuts with the idea of tinkering with my phone as I do with my computer. I also prefer rugged phones, which is something most brands don’t cater to.
My current phone is an Oukitel and has already passed the three year mark, still more than enough for my needs, in great part thanks to my option to run FOSS whenever possible.
I just run Lineage os. Sure its not as secure but it supports many phones and is clean and light.
Combine it with F-droid and your golden
I doubt I can get that to run on my phone. Being a minor brand, it is as if it doesn’t exist.
What device is it? There probably is an unofficial build.
Also 3 years is not that old. My phone is from 2019 and runs Android 13 just fine (Motorola-cocean)
Oukitel WP8 Pro
It has an MT6762D CPU, with 4GB RAM.
And now I’m doubting for how long I’ve had it, has the last update for the Android 10 it runs is from 2020 and I can remember updating it, for sure.
Droid-ify is the best way to use f-droid imo
What are the perks of using this vs. the standard F-Droid app?
More built-in repositories and a nicer UI.
Nice. I just decided to try it, and this seems really nice so far. The built-in repositories feature is really nice, especially for people who are just getting acquainted with F-Droid
Does it have an update all button? That’s what prevented me to keep using it some months ago.
It does now yes.
Why would you ever want to do that? Sometimes the older version is better for about a third of the apps on my device.
Running outdated versions of software, whether on your phone or the desktop, will generally expose you to more vulnerabilities and is not best practice from a security perspective.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
Huh, most of the time. I mean, people like you don’t have to use it at all, but I prefer to just press “Update all” once if I have >2 updates in a row.
People that don’t have a solid grasp on computing tend to think any and all updates are inherently good.
I know this thread is already a little old, but here is the list of my favorite apps from F-Droid/Izzy. I use a lot of these almost daily and just thought I would share these in case someone might find a new app they find useful
- Eternity (Infinity for Lemmy)
- Buckwheat (Budgeting)
- Aegis (Authentication)
- Lawnchair (Pixel-like launcher)
- Quillnotes (Markdown notes app)
- Forkyz (Crosswords)
- Geometric Weather
- Imagepipe (Removes exif data and reduces pics)
- AntennaPod (Podcast app)
- Olauncher (Beautiful and minimal text based launcher)
What kinda good stuff is on F Droid they the average User might want?
This list obviously isn’t everything, but there’s a lot available. I kept it pretty broad although there’s a ton of niche and specialized software available too.
OpenTracks - Keep track of how many steps you take throughout the day without a smart watch.
K9Mail - A privacy oriented mail client alternative to the Gmail app.
Diaguard - A diabetes diary app to track your blood sugar.
Drinkable - List a few ingredients and what liquor you have at home and it gives you a list of drinks you can make.
Newpipe - A YouTube client without ads.
Libretube - Another YouTube client without ads.
Blood Pressure Monitor - Same thing as the diabetes, but great if you have high blood pressure you need to track.
ChordReader 2 - Get guitar chords to learn how to play songs.
Fennic - A web browser based on Firefox that’s privacy oriented.
Red Moon - Makes looking at your phone easier on your eyes at night.
Newpipe - A YouTube client without ads.
Literally can’t say enough good stuff about Newpipe.
Everything YouTube SHOULD be, this is. LISTEN TO A VIDEO IN THE BACKGROUND!!!11. Playback speed infinitely adjustable- good for lectures, interviews, etc. No ads. No bullshit.
Most of the apps of tibor kaputa. I really like the simple gallery. The simple dialer and simple contacts are also really good. Just clean default apps that do what they should.(adfree)
Endless Sky and Mindustry are some good, fun, deep games.
The UX for Mindustry sucks compared to something like Factorio, because it’s really tough to do those controls on touch screen, but it’s good enough. I’ve enjoyed it for the little I tried.
NewPipe lets you listen to youtube videos without the screen on (and also download them or just the audio).
Probably the main thing I use
redreader, newpipe, session messenger(needs repo thing from website), aurora store, simple gallery pro
Osmand (offline GPS maps)
Same version as the android store but free.
Newpipe in particular is super important. It’s a better YouTube app with more features and no ads.
Sorry for not supporting Google, I know they need more money… /s
I prefer LibreTube because it doesn’t look outdated and it uses Piped, so you never actually connect to the YouTube servers and you can synchronize your subscriptions and playlists
Agreed. LibreTube is really good.
Just got it. Amazing! Thanks!
It’s a fantastic app. Remember to set your default YouTube links to open with it also, you can do that with android in app settings.
I use LibreSudoku. It’s a very nice Sudoku app.
Öffi, a non sucking public transportation app.
Thanks to US infrastructure I don’t need yet another map just for public transport! Thanks US government for looking out for us little people! (I really don’t think this is needed, but /s just in case.)
A lot of the utility is it having apps with similar capabilities but without the same kind of privacy invasions, and with better description of what anti-features an app has. So as far as ‘the average user’, I’d just say alternative apps (or even the same ones, if you’re already using FOSS apps) to the same ones they’d use on Play Store, and a few of the games.
Everything
Fdroid basic allows automatic updates!
The guadian project repos are also preset, albeit not enabled by default.
So does Neostore and Droid-ify. Those are worth looking into.
Are they planning on modernizing the app for Material You? It feels out of place in my phone in 2023.
You can use neostore or droid-ify for material fdroid
Are they updated to use the new difference-based repository format?
EDIT: I was curious so I searched, they don’t.
Not sure about neostore, but droid-ify takes like a half a second to fetch repo updates, and fdroid takes me like 10 seconds.
The official F-droid client has material design. Material design 1, the only material design that has anything to do with the concept.
I have a lot of complaints about this too, but namely lack of seamless updates is baffling to me.
Luckily I found Droid-ify and solves both those problems. Also has the common repos frequently added, like IzzyOnDroid, easily pre-available to enabled in the settings.
This definitely replaced the archaeic fdroid client for me, they desperately need an overhaul as it’s a terrible first impression.
You can get Droidify and it provides a more pleasant visual experience.
I personally like it. However there are alternative apps
God I hope not
I sure hope not. No no no. Material you is ugly, and in 99% of apps not an option, but a forced changed. No need for that. It looks good enough for an app store.
Try Neostore too…
^^^ This!
Love F-Droid but be aware of the risks and always try to use a developer repo when possible…
deleted by creator
Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?
deleted by creator
The diminished security resulting from the increased likelihood of a (single point of failure) supply chain attack.
Yes its possible for malicious devs to trojan apps, but due to apk signing it is much more difficult for a third party entity to induce a supply chain attack, which is my real concern when it comes to phone security.
If you have a lower threat model, this post isn’t for you…
deleted by creator
If you think Fdroid security is on par with Google security… then I got a bridge to sell you
I actually would go for the main repo as all the software in the main repo is reviewed by the main Dev team
Did you even read the article? F-Droid signs all the apps in the main repo…
The author of this article completely misses the point of F-droid. They clearly are used to a world of proprietary software that takes “security” over freedom
So yes I did read the article and no it doesn’t change anything. If your going to make an argument you shouldn’t just link to someone else’s work. Part of the problem with the internet is no one thinks for tuemselves
Sure, I’ll spell it out for you since apparently the point went right over your head. Fdroid devs are a single point of failure by signing every application themselves. This introduces a potential for supply chain attack, not to mention Fdroid running on EOL servers.
When you use an individual dev repo, you can avoid any trojanized apps from Fdroid because the developers maintain their own infrastructure and sign their own apks.
That’s called… D I S T R I B U T E D T R U S T
The reason F-Droid builds from source is to ensure that they can enforce their inclusion criteria. If you go outside F-Droid you lose that guarantee. For example, self-published apks in github or google play may contain anti-features or proprietary code that are forbidden by the F-Droid standards.
From another point of view, what you call a single point of failure is a third party that represents the interests of the user community, independent from individual developers. This is the same model used in GNU/Linux distributions, and Drew DeVault explains here the role that software distributions play in the free software community.
Of course, this represents a trade-off, in that you are placing trust in the software distribution instead of or in addition to the upstream developer. The question is, how can you solve the problem without foregoing F-Droid’s inclusion standards? The answer is reproducible builds, where F-Droid builds from source and compares to the developer’s apk, and publishes the developer’s apk with their signature if the build reproduces successfully.
Until Reproducible builds are the norm in the Android free software world, I accept the trade-off because I value having software freedom in my computing, and I know I can’t trust upstream developers to care about that as much as F-Droid or I do.
Sure, atleast you admit there’s a trade off (security) for (FOSS) and maybe some additional privacy.
People should be made aware of the risks and choose according to their threat models, which is why I’ve highlighted some of these issues to begin with.
Everything the F-droid team does is out in the open. Your welcome to audit it once in a while and suggest changes to make it better. I’m sure they wouldn’t mind the help.
F-droid is the best tool we got. Its not a silver bullet but it is better than anything else I’ve seen
Don’t forget to add the New pipe repo!
I recommend the NewPipe-Sponserblock instead of default Newpipe
Can also recommend the SimpleX chat, Bitwarden, Cryptomator and Briar repos. There’s also IzzyOnDroid, though I think they have less strict guidelines.
NewPipe Sponsorblock repo from Izzy:
https://apt.izzysoft.de/fdroid/index/apk/org.polymorphicshade.newpipe
Why is the Newpipe repo necessary when NewPipe is also in the F-Droid repo?
Faster release, sometimes it takes a while for the F-Droid to build the new version and Google has a tendency to break it.
thanks
I have never found anything useful in it. And god I have tried. I end up uninstalling it every time.
Mull browser, termux, nextcloud, Jerboa, Infinity reddit, organic maps, and espeak just to name a few
Ok, yeah, I use termux on my android tablet, and it’s awesome. But other than that, I don’t find any other app interesting. Who knows, maybe with time.
And the stuff you do want to use is often best installed from the Dev’s repo because fdroid takes forever to update theirs.
And last time I checked they still hadn’t implemented the now years old APIs that would let them to silently update apps, so unless the phone is rooted you need to click for every update…
Try f-droid basic, it lets you update automatically
I’ve always had a niggling worry that downloading apps from 3rd party app stores came with a higher risk of getting apps with viruses and spyware.
any truth to this?
Not really.
Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.
The repository is also highly focused on privacy and security and will warn if applications have security flaws or depend on non free services.
As an example, I use NewPipe instead of the standard YT app and it has a warning it depends on non-free services.
One other example I can give is Librera. It’s a very feature rich ebook/pdf/etc reader. At some point, a security flaw was discovered and the app was instantly flagged has having such problems and users were advised to not install it.
How is Librera to download now?
Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.
Reviewed by who though? Malicious apps even get through apple and Google’s screening. I can’t see how fdroid can match the capabilities of those guys.
deleted by creator
The benefit of open source apps is anyone can view the code to see if there is malware or other installed.
This is a bit of a fallacious point in this context - it suggests:
- apps will be investigated by its users (not guaranteed, nor even likely for unpopular apps)
- an app will even have users capable of detecting malware (I don’t know squat about phone malware patterns, so I wouldn’t be effective at it even if I did scan through thousands of lines of code)
What I can tell you is that Google was extremely detailed in their monitoring of my apps - even looking up e.g. rate limits of the steam api to check if I properly deal with those. And I pick that example since I don’t want to talk about the ways I mishandled user data out of negligence or ignorance.
Back then I perceived it as harassment. Today I will certainly not install any apps that didn’t pass their testing.
And we’re not even talking about deliberate malware but simple incompetence. I would consider the average hobby app project to be borderline malware and a proper QA needs qualified personnel. I don’t see how F-Droid can ever reach those standards.
Play’s reputation for being full of malware stands directly at odds with your assessment.
Hobbyists are rarely incompetent. They actually take pride in their work, and aren’t just trying to quickly slap something together for a quick buck.
Not sure what gave you the impression that most phone apps have gone through professional QA, but I very seriously doubt that they have.
As for mishandling user data, it’s a lot easier to avoid doing that when user data never leaves the user’s device in the first place. Proprietary apps collect user data for profit; free and open source apps often don’t.
Thats what they want you to think
But its because they want your money
Yes but F-droid is an exception. Be careful of adding third party repos though
What is your justification for this claim?
I use F-Droid as my main app store, and while I trust most of the apps on there and haven’t found any asking for permissions they don’t need, I wouldn’t claim any Android app store is more secure than the Play Store. This post goes into technical detail comparing the two: https://privsec.dev/posts/android/f-droid-security-issues/ - Note: emphasis in the conclusion mentioning that these criticisms may or may not really matter, depending on your threat model. (as an aside - if anyone here doesn’t know what a threat model is, determine yours before participating in any privacy community or you’ll just end up with useless paranoia)
That said, I would guess that Play Store may have a higher risk of malicious apps only due to the fact that there are far, far, far, far more potential victims, and being the default app store, victims less likely to be technically experienced enough to notice false apps. So, almost all attackers will probably aim for the most targets and only bother targeting the Play Store, despite the extra challenges.
[tagging @elbowgrease@lemm.ee ]
You should make up your own mind. Don’t be a puppet to some guy online who wrote an article
I did make up my mind, and both I and the article both explicitly emphasise people to apply the facts it presents to their own circumstances. What you just wrote is very condescending and insulting.
Well my intention was not to offend you. However, I still firmly believe that using a proprietary app store run by google is not as good as a app store that takes libre software as a priority.
Sorry if you interpreted as a insult. I just don’t like when people blindly follow others. I am not sure if that’s some you are doing but its something I see a lot of. I’m not perfect either and I probably should work on my wording to make it less harsh.
It’s alright, and just to be clear, I do use and support F-Droid because I personally think it is better and suits my privacy goals. I didn’t mean to sound as if I wasn’t supporting it, just that it’s a bit more nuanced when talking about the security side: like almost everything in security, it’s more complex than one took being universally better than another.
Even small companies have to deal with, “supply chain”, attacks, criminals putting code into open source repositories to steal data and get access to servers. App stores are major targets too.
There have been weather apps that need your location to show you weather and oops we also send your location history to our data center in China and sell that data.
There have been, “document scanner”, apps that help you take pictures of things like credit card statements and did we not mention we send those images to Russian servers?
Do use a major brand phone like Samsung, keep your OS up to date, and don’t expose private info to these apps or give them special privileges, especially, “accessibility”, or, “screen reader”, and you should be okay.
Neo store is a nice layout for f-Droid if you want a more modern look
I can’t use F-Droid without the Play Store but I tend to check there first to see if there is something available there before installing something from the Play Store.
You should check out aurora store on f-droid if you haven’t already, its basically an alternative front end for the play store, which means you can remove your google account from your phone (if you want to)
I use iOS now though had f-droid installed on my old android phones :)
If you sell your IPhone now it may not be too late for you! :-)
