[deleted]
GraphyGraphy Fdroid is very good. If you want an application store without google and without account there is only that available. I think google is more dangerous for our society than fdroid.
GraphyGraphy Fdroid is very good. If you want an application store without google and without account there is only that available. I think google is more dangerous for our society than fdroid.
GraphyGraphy And the applications on the playstore are signed by google...
[deleted] You can just use feeder on github, a notification to each update and it's more secure.
At least use droid-ify
Have a look at:
https://www.youtube.com/watch?v=IzpVI4zaso0
There's a good explanation.
[deleted] Nope, Google lets app devs sign their own releases.
F-droid signs all app releases using an air gapped machine, but it is still a single point of failure.
AtriumCompound It is google that signs the apk.
From google:
AtriumCompound Fdroid does not give information about users to the government.
Hi,
thank you very much for the informative and controversial answers!
I would like to continue with another question.
I do not really understand why it is such a problem, that the F-Droid-Team digns all apps in the F-Droid repo themselves. Is it better to trust every single developer of all installed Apps (to not "lose" their keys) instead of only one source?
Or is it more a "community-problem", because many users would be affectet, if there would be a problem with the F-Droid repo?
Thank you!
I personally use Droid-ify
GraphyGraphy The main issue is that if F-Droid's signing keys are compromised, then every single app installed through the store can be compromised since any update would appear to come from the original legitimate source. [deleted] Pointed out that since August 2021 Google now stores developer keys in their own cloud. So, theoretically, a flaw in Google's security could lead to those developer keys being compromised too. Imo, this seems far less likely.
Standardwaste Links to a post that does a good job explaining these issues and more, definitely worth a read if you're curious to know more.
I have moved away from f-droid and actually use a little known app called 'obtanium' it is basically a front end where you can add direct links for apps, be it from fdroid, github, mullvad, gitlab. It will track them as they update via those links and advise when there is updates, taking out fdroid as the middleman and running directly from github for those apps that work through releases (or similar with gitlab)
Check it out here - https://github.com/ImranR98/Obtainium
I was using aurora store on my LOS device, however now that it is sandboxed (and quite cool, i might add, on GrapheneOS on my P7Pro) I still use google play as I have a few crucial apps that I use that i have paid for long ago that I can't give up... Maybe when my pinephone pro is fully up to speed i could, but for now it is what it is.
I also use Obtainium. Seems to be doing the job fine. Strange thing is all my stores seem to "think" that they have installed all my apps.
Thank you all! Obtainium sounds also very interesting! And for sure, droid-ify or Neo-Store, too.
AtriumCompound Thank you very much, so the problem would be, that many of the installed Apps could become problematic at the same time. And as I understand, from case to case, this could be more problematic with one app than another. Apps without network permission are less problematic I think?
Could that lead to a workaround in which one uses F-Droid for example for Apps without network permission only?
Another thing: F-Droid is criticized because updates do not alwayd come in time. But my experience is, that this is althoug right for Aurora Store at least with anonymous login. While on one phone, the Play Store updates an App, sometimes the update is shown on another phone in the Aurora Store several days later. Than sometimes it helps to restart Aurora a few times what also means to login with different anonymous accounts until there is one, that already gets the update.
Because of that, I assume, updates via Play Store are not rolled out to all users at the same time. Is this right? If so, Play Store would not really be better in this aspect!?
Thank you all very much!
Eirikr70 well, it seems that Droid-ify shows "Installed", if you remove them and reinstall with Optainium than Droid-ify will shows
" Suggested"
italian_job Right !
If you go into aurora store into the updates section and click and hold the particular app, you should be able to add that app to the 'blacklist' this will stop telling you that they have installed the app and that it needs to update. You can do the same in fdroid, I believe it's a little checkbox and I imagine similar in other fdroid apps. I did this and left obtanium as the only updater for those particular apps managed through obtanium, saves getting the notifications multiple times from all the other apps