Building apps yourself

DeletedUser87

So, we probably all know the eternal discussion about F-Droid and various other app stores. Since we can obtain the source code for FOSS apps, building them yourself might be a viable option.
My question is: is anybody doing that as their primary source of obtaining FOSS apps instead of getting them from stores? How feasible is this in terms of time spent? Would love to hear your thoughts on this as I am considering doing that myself.

de0u

DeletedUser87 Some apps are much easier to build than others.

I have read that F-Droid requires apps to target old versions of toolchains and libraries. Regardless, building an F-Droid source tree can be an adventure. Building an app from a developer's site can also be a quest.

If one has exactly the same build environment as was used to build a source release it can be easy. But just determining what somebody's build environment was isn't always easy.

Dev2

DeletedUser87
Stores are just easier than searching for the APK and installing and updating manually. I guess apps like Obtainium make steps in the right direction

Probably9857

DeletedUser87

That way lies madness.

DeletedUser87

de0u yep, I noticed that myself. Had to adjust a few permissions for an app built with Flutter. Adventure is exactly the right word hahaha. Although I didn't have problems building Lawnchair or Arcticons from source (and I have more or less 0 coding experience). Maybe I will be the first guy to test this idea.
While I agree that F-Droid somewhat ensures that the apps they host don't do anything nefarious, it's still one more party you have to trust. The end result is a binary that you can't easily reverse engineer to check what code is actually in there. The biggest drawback I can think of really is the build environment. But once that is figured out, I think the only constraint is watching for a new release, giving it a git pull and building it.

Dev2 certainly, but I can't look inside the apk files provided by these stores. We all use stores because of convenience, not because it's the best option. Especially things like signing key leakage are pretty concerning (as unlikely as these events might be).