I've been reading a lot of comments regarding F-Droid store and a lot of people recommending against it for security reasons. Can some elaborate on that? What are the risks with Fdroid store?

Most say that using github with Obtainium for updates, but that seems harder to setup and also looks like it could "break" easy.

I like the idea of the Eftroid store and automatic updates and everything that just seems to work. With that being said, if F-droid is fairly unsecure then Obtainium might be worth the work.

After all, I'm going to the work of switching to Graphene anyway.

Opinions?

      greenwood I like the idea of the [F-Droid] store and automatic updates and everything that just seems to work.

      The Google Play store is likewise convenient with respect to updates, and has many more apps!

      If one is attracted to F-Droid over Play, presumably one dislikes some features of Play and prefers some features of F-Droid, which is fine. But there are ways that F-Droid's security is significantly less strong than that of Google Play. Security is complicated, so any discussion of the how and why will be long and complicated.

      The simple way to be secure would be to use only apps from the GrapheneOS "App Store" app (which also handles updates well).

      If one is looking for a simple and secure and anonymous solution with lots of apps, the answer is clear: there isn't one.

        greenwood I'm only going to comment on the use of obtainium. I've been using it since 2023. I think maybe once it broke due to a repository migration. Other than that, it's amazing. Only takes a few minutes to setup and add all your apps and then it takes care of the rest. For an even easier user experience (for "trickier" apps), you can add apps through obtainium's site.

        That coupled with automatic obtainium backups makes it an essential part of my setup.