GrapheneOS I think what's needed is a consortium of the big players in privacy and security - GrapheneOS, signal, simplex, proton, tuta, Mozilla, etc - to come to agreements on what is important for the industry and to release a white paper and certification on best practices. And for the consortium to get behind projects critical for supply chain security and privacy (such as accrescent app store) to finally complete the whole pipeline for the community. It would also help to balance against the Play Integrity API and other issues.

      n2gwtl Tuta posts a lot of nonsense in their social media, blog, etc. Mozilla does not take security seriously at all and laid off a huge portion of their security people. Neither of those are a good fit for working with us.

        Watermelon So can people please stop saying that they want F-Droid for better security?

        Some people like to think of security and privacy and freedom as three distinct categories, and on the surface it may seem to make a lot of sense. But in practice, they are intertwined. Many on this forum has said one cannot have privacy without security, as if the app one use is not secure and can be hacked, one simply does not have any privacy either, no matter how privacy respecting the app was designed to be. I have argued the opposite holds too, that one cannot have security without privacy, as if your privacy is compromised, your personal security is also compromised.

        This really applies to the freedom aspect as well. The probably most politically relevant example right now is in case end-to-end encryption would be outlawed, or client side scanning would be mandated by law. If you don't have freedom, you would lose end-to-end encryption or be forced to have government scan all your private files and messages. Then you no longer have any privacy at all, either, and thus no personal security. But freedom will allow you to modify your system, and re-enable end-to-end encryption and remove client side scanning.

        And telemetry and how Apple and stock Google devices have zero privacy is often discussed, and is a major sales point for GrapheneOS. Yet, Linux also have telemetry by default, but it can be easily disabled, by simply uninstalling the telemetry components. Freedom guarantees that. It does seem freedom is necessary for privacy, and privacy is necessary for personal security. It is all intertwined.

        I use F-Droid, because I cannot afford having that freedom taken away from me in my threat model. I am an activist for the rights of the oppressed minority I belong to, and loss of freedom and thus privacy and thus personal security would mean I get silenced.

        I wished there was an app repository that took all of security, privacy and freedom seriously though.

            ryrona I wished there was an app repository that took all of security, privacy and freedom seriously though.

            I've heard that Accrescent is planning to label and add the ability to filter open source apps. So that might be the closest alternative.

                Watermelon I've heard that Accrescent is planning to label and add the ability to filter open source apps. So that might be the closest alternative.

                They won't start building the apps themselves though, but will just trust the uploader the same as if it was a proprietary app. So not really.

                    ryrona They won't start building the apps themselves though, but will just trust the uploader

                    I think it's only an issue for this usecase:

                    Watermelon One of the beneficial goals of F-Droid was also to gather open source apps that may not be entirely freedom-respecting, and either strip them of the freedom-disrespecting parts and/or mark them appropriately.

                    For high quality open source apps I believe it shouldn't be needed.

                          Watermelon For high quality open source apps I believe it shouldn't be needed.

                          Unless the app developer is issued with a gag order, as discussed in multiple threads here lately. Also, some reputable open source projects adds things the users' don't want. Organic Maps added an affiliate link (advertisement for a third-party service) to their app, despite being a reputable open source app. F-Droid detected and stopped this and forced them to remove it. And Firefox is a reputable open source web browser that at this point allegedly has very privacy invasive telemetry in their official builds, at least for desktop computers. This is being patched out by basically all Linux app repositories that include Firefox.