This works very well for tech enthusiasts and people who self-host nextcloud at home.
The issue is when you are a government or university, it becomes harder to get all your users (which are probably not all tech savvy) to install a third party app store deal with the Android warnings about installing from third-parties, etc etc.
And this is probably the user base Google are targeting with this move (assuming it’s malicious) . When the higher ups complain that their files are not syncing and need to install things with a special procedure they sometimes wonder why they are not using M365 or Google which seems hassle free.
Not to mention the “see this big alert saying this isn’t safe? Well for this one time it /is/ safe so do so” While curbing the mentality of “oh it was safe last time so it must be safe this time”
For fdroid the app is compiled on fdroid servers when dev tags a new release on GitHub. So the app matches the source, it’s not possible to put a tainted APK to download
Now, if the malicious code is slowly added to the source over the course of an year like it happened with the xz utils, this won’t change the result, but it’s easier to do so with a compiled binary. Release clean source and infected binary, it will take a longer time to get caught
For the closed source app stores, on iOS there’s the manual inspection (which is not infallible especially if they timebomb or geofence the bad feature) and for Google there’s the automated inspection (which fails often seeing the news) that should find problems
It’s not as simple as telling people to use F-Droid. People with non-rooted phones won’t get automatic updates via F-Droid which is a big hurdle. Unless I’m misremembering? I wouldn’t know because I run rooted CalyxOS now. Last time I used F-Droid on a plain Android phone is a while ago for me.
My phone is not getting CalyxOS updates anymore. Gotta wipe it all and move to lineageos now. Man I hate mobile operating systems. I need good linux phones right now. Android can go to hell.
In the Basic version only, last time I checked the “original” F-Droid couldn’t do it. And there’s also some minimum API level an app has to target to be eligible for automatic updates (found that out through updating microg and having to click “update” still)
People with non-rooted phones won’t get automatic updates via F-Droid which is a big hurdle.
Not true if the app to update targets a high enough API version (I think API 34 or 35) and if you use F-Droid Basic.
NOTE: The Basic version of F-Droid Client has a reduced feature set (e.g. no nearby share and no panic feature). It targets Android 13 and can do unattended updates without privileged extension or root.
They have problems with the build process and verification, also the software is sometimes out of date on fdroid. In addition I dont personally want someone else curating my software library.
More like F-Droid cares about things like reproducible builds and other best practices, and sloppy upstream projects sometimes have a problem coping. But as I understand it that’s typically the upstream developers’ problem, not F-Droid’s.
As side note, for the uninitiated, it is a process. Check Fdroid first for all your apps. Many are there but some are not. This should prompt you to look for alternatives.
It is a journey but remember denying corpo parasite engagement and profit is the direct action any one can take today!
Just switch to the F-Droid version.
Better: make sure all the apps you use come from F-Droid
I installed a few apps from F-Droid that the play store decided to just take over instead and updated them. I think antennapod and signal.
No way to stop it as far as I can tell.
This works very well for tech enthusiasts and people who self-host nextcloud at home.
The issue is when you are a government or university, it becomes harder to get all your users (which are probably not all tech savvy) to install a third party app store deal with the Android warnings about installing from third-parties, etc etc.
And this is probably the user base Google are targeting with this move (assuming it’s malicious) . When the higher ups complain that their files are not syncing and need to install things with a special procedure they sometimes wonder why they are not using M365 or Google which seems hassle free.
Not to mention the “see this big alert saying this isn’t safe? Well for this one time it /is/ safe so do so” While curbing the mentality of “oh it was safe last time so it must be safe this time”
Obtaniun > F-droid > Aurora
What is the point of obtainium ? Over fdroid?
You get apps a couple days earlier
But it comes with a huge downside: if dev goes rogue or gets hacked, you could install a malicious version of the app that doesn’t match the source
“If dev goes rougue”
Isnt that a risk for all app stores?
For fdroid the app is compiled on fdroid servers when dev tags a new release on GitHub. So the app matches the source, it’s not possible to put a tainted APK to download
Now, if the malicious code is slowly added to the source over the course of an year like it happened with the xz utils, this won’t change the result, but it’s easier to do so with a compiled binary. Release clean source and infected binary, it will take a longer time to get caught
For the closed source app stores, on iOS there’s the manual inspection (which is not infallible especially if they timebomb or geofence the bad feature) and for Google there’s the automated inspection (which fails often seeing the news) that should find problems
What if fdroid goes rogue or gets hacked?
I’m an fdroid user, but i often wonder if it is safer than google play store
Likelihood of google getting hacked/rogue is much lower than a small, community run volunteer project
It’s not as simple as telling people to use F-Droid. People with non-rooted phones won’t get automatic updates via F-Droid which is a big hurdle. Unless I’m misremembering? I wouldn’t know because I run rooted CalyxOS now. Last time I used F-Droid on a plain Android phone is a while ago for me.
My phone is not getting CalyxOS updates anymore. Gotta wipe it all and move to lineageos now. Man I hate mobile operating systems. I need good linux phones right now. Android can go to hell.
They added that a while ago for all users on Android 12 and up
In the Basic version only, last time I checked the “original” F-Droid couldn’t do it. And there’s also some minimum API level an app has to target to be eligible for automatic updates (found that out through updating microg and having to click “update” still)
I have the regular F-droid and it does automatic updates now.
Not true if the app to update targets a high enough API version (I think API 34 or 35) and if you use F-Droid Basic.
I have automatic upgrades on my non-rooted phone. I use droidify but i’m pretty sure the official F-droid client works the same way.
I get update notifications from f-droid but have to update inside the f-droid app.
I run CalyxOS and have automatic updates from F-Droid.
But it won’t work on your dad’s stock Samsung Galaxy, right?
Yes, so do I. I phrased that a bit weird when I read it again 😅
Obtainium is better, get the apps directly from the source
I actually like that the F-Droid maintainers check over the apps and warn about anti-features/stop offering new versions if they enshittify.
Their apps also cause tons of problems compared to the ones directly from the source
How so? OOTL here
They do not. F-Droid also compiles from the source, they are the same apps.
They have problems with the build process and verification, also the software is sometimes out of date on fdroid. In addition I dont personally want someone else curating my software library.
More like F-Droid cares about things like reproducible builds and other best practices, and sloppy upstream projects sometimes have a problem coping. But as I understand it that’s typically the upstream developers’ problem, not F-Droid’s.
This is 100% untrue and you are making shit up.
Expand on this please. I am unfamiliar.
Its an open source software manager, you put in a source (like github) and it manages it (even doing auto updates).
I’m sorry, you lost me
Basically it automatically installs and updates software directly from the developers with no middle man
YAS KING!
As side note, for the uninitiated, it is a process. Check Fdroid first for all your apps. Many are there but some are not. This should prompt you to look for alternatives.
It is a journey but remember denying corpo parasite engagement and profit is the direct action any one can take today!
Also check out Droid-ify instead. Same repos but much better UX than the native F-Droid client.