F-Droid

Last updated

F-Droid
Developer(s) Ciaran Gultnieks [1]   OOjs UI icon edit-ltr-progressive.svg
Initial release29 September 2010 [2]   OOjs UI icon edit-ltr-progressive.svg
Stable release
1.21.0 [3]   OOjs UI icon edit-ltr-progressive.svg (10 October 2024;3 months ago (10 October 2024))
Repository
Written in Python (server tools), Jekyll (software) (site), Java (client)
Operating system Android (client), Linux, macOS, Windows 10, FreeBSD (server)
Type Digital distribution of free software, Software repository
License GNU Affero General Public License, version 3.0 or later [4]   OOjs UI icon edit-ltr-progressive.svg
Website f-droid.org   OOjs UI icon edit-ltr-progressive.svg

F-Droid is a free and open source app store and software repository for Android, serving a similar function to the Google Play store. The main repository, hosted by the project, contains only free and open source apps. Applications can be browsed, downloaded and installed from the F-Droid website or client app without the need to register an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions. [5]

Contents

The website also offers the source code of applications it hosts, as well as the software running the F-Droid server, allowing anyone to set up their own app repository. [6] [7] [8]

History

Development of F-Droid data over time from 2010 through 2018 Commits by year month.png
Development of F-Droid data over time from 2010 through 2018

F-Droid was founded by Ciaran Gultnieks in 2010. The client was forked from Aptoide's source code. [10] [11] The project was initially run by the English nonprofit F-Droid Limited. [11] As of 2021, F-Droid Limited was no longer used for donations, [12] and was being shut down, according to spokesman Hans-Cristoph Steiner. [13]

In a 2014 interview for Free Software Foundation, Gultnieks said he was inspired to launch F-Droid because of "lock-down, lock-in and general nefarious behavior from software" on phones. [14]

From 2010 to 2015, F-Droid used the AGPL-licensed Gitorious repository system for development. [15] In 2015, it transitioned to proprietary licensed GitLab [16] when Gitorious was acquired by GitLab. According to Daniel Marti, Former F-Droid Developer, in 2013, removal of AdAway from the Google Play Store caused a spike in searches and downloads of F-Droid, and he estimated there were 30 to 40 thousand users. [17]

Replicant, a fully free software Android operating system, previously used F-Droid as its default and recommended app store. [18] [19] In 2016, the Replicant project determined F-Droid did not comply with GNU Free System Distribution Guidelines, on the grounds that some of the software it offers promotes or depends on non-free software. Replicant asked for assistance correcting it, but progress stalled. [20] In June 2022, Replicant announced they had removed F-Droid. [21]

Guardian Project, a suite of free and secure Android applications, started running their own F-Droid repository in early 2012. [22] In 2012, Free Software Foundation Europe featured F-Droid in their Free Your Android! campaign to raise awareness of the privacy and security risks of proprietary software. [23] [24]

In 2014 F-Droid was chosen as part of the GNU Project's GNU a Day initiative during their 30th anniversary to encourage more use of free software. [25]

In January 2016, Hans-Christoph Steiner, a developer for Calyx Institute, [26] Debian, F-Droid, and Guardian Project, said F-Droid was focusing on issues like security, building with Debian, reproducible builds, software requiring trust of as few people as possible, transparency, user privacy, non-internet distribution of apps, block avoidance, and media distribution. [27]

In March 2016, F-Droid partnered with the Guardian Project and CopperheadOS with the goal of creating "a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves". [28] Follow-on project GrapheneOS does not include F-Droid, and is developing their own app distribution method for "higher robustness and security". [29]

On 16 July 2019, the project published a "Public Statement on Neutrality of Free Software". This statement was issued to address the project's failure to prevent "oppression or harassment ... at its communication channels, including its forum", controversy surrounding alt-tech social media website Gab, and to explain how Fediverse client Tusky blocking access to it, while client Fedilab allowed its users to choose, was consistent with their principles. [30] [31] [32] [33] Action was considered against several applications, including Purism's Librem One, to exclude them for allowing access to sites such as Gab or spinster.xyz. [34] [35] [36]

According to Ankush Das writing for ItsFoss.com in 2021, F-Droid is known for hosting open-source apps such as Element or Tusky (later reinstated)[ when? ] that have been removed from Google Play Store. [37]

Scope of project

The F-Droid website lists the apps hosted, over 3,800; [38] the Google Play Store lists about 3 million apps. [39] The project incorporates several software sub-projects:

F-Droid builds apps from publicly available and freely licensed source code. New apps, which must be free of proprietary software, are contributed by user submissions or the developers themselves. [40] F-Droid tries to check the source code and remove issues, but warns that the checking is not exhaustive. [41] Many app stores, such and Google Play and Apple's App Store, screen apps mostly using automated tools only; malware with defeat devices can pass these tests, by detecting when the software is being automatically tested and delaying malicious activity. [42] [43] [44]

The project describes itself as having a core of volunteers; [45] some contributors have been paid for their work. [46] [47] [48]

Client application

"Get it on F-Droid" badge Get it on F-Droid (material design).svg
"Get it on F-Droid" badge

F-Droid is not available on the Google Play Store. To install the F-Droid client, the user has to allow installation from "Unknown sources" in Android settings [49] and retrieve the F-Droid Android application package (.apk file) from the official site.

The client was designed to be resilient against surveillance, censorship, and unreliable Internet connections. To promote anonymity, it supports HTTP proxies and repositories hosted on Tor onion services. Client devices can function as impromptu "app stores", distributing downloaded apps to other devices over local Wi-Fi, Bluetooth, and Android Beam. [50] [51] The F-Droid client app automatically offers updates for installed F-Droid apps; when the F-Droid Privileged Extension is installed, updates can also be installed by the app itself in the background. [52] However, automatic updates are not turned on by default. [53] The extension requires the device to have root access, or to be able to flash a zip file. [54]

Key management

The Android operating system checks that updates are signed with the same key, preventing others from distributing updates that are signed by a different key. [55] [56] Originally, the Google Play store required applications to be signed by the developer of the application, while F-Droid only allowed its own signing keys. So apps previously installed from another source have to be reinstalled to receive updates. [57]

In September 2017 Google Play started offering developers a signing key service managed by Google Play, [58] offering a similar service to what F-Droid offered since 2011, and F-Droid now lets developers use their own keys via the reproducible build process. [59]

Security issues

In 2012, F-Droid announced they had removed an app because of a security flaw that could leak personal information. [60] In 2017, F-Droid stated "No malware has been found in f-droid.org in its 7 years of operation." [61] In 2022, F-Droid discovered over 20 distributed applications contained "known vulnerabilities". [62]

Reception

In August 2019, Rae Hodge of CNET recommended F-Droid as a way to avoid malware from Google apps, which according to Google was a low risk. Advantages of F-Droid were said to include better security odds of open source software, avoidance of tracking in apps and a "stringent security auditing process", no hidden costs, and greater customization. Disadvantages were said to be lack of a rating system, only about 2,600 apps in F-Droid, versus more than 2.5 million in the Play store, and more manual process for updating apps. Editors cautioned F-Droid can give users more control and better privacy and security, but also takes more diligence. [63]

In an April 2022 detailed article for HowtoGeek, Joe Fedewa wrote "The selection of apps is much smaller in F-Droid than the Play Store, around 3,000 compared to around 3 million, but that's to be expected. If you're looking to de-Google your life a bit, or you just want to try some apps that have better ethics, F-Droid is a great place to go." [64]

In a December 2022 detailed article in Popular Science, Justin Pot wrote "F-Droid isn't going to replace Google Play for most people, but it's a nice and simple alternative for finding free and safe apps before you dive into the swamp that is Google's app store." [65]

See also

Related Research Articles

<span class="mw-page-title-main">Replicant (operating system)</span> Free software version of Android

Replicant is a free and open-source Android-based operating system that intends to replace all proprietary Android components with free-software counterparts. It is available for several smartphones and tablets. Replicant's modifications are mostly in the C programming language, and its changes are mostly to the lower-level parts of the OS, such as the Linux kernel and drivers that use it.

<span class="mw-page-title-main">Google Authenticator</span> Two-step verification app

Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.

<span class="mw-page-title-main">Aptoide</span> Online marketplace for Android and iOS apps

Aptoide is an online marketplace for mobile applications which runs on the Android and iOS operating systems. In Aptoide, unlike the Android-default Play Store and iOS-default App Store, there is not a unique and centralized store; instead, each user manages their own store. The software package is published by Aptoide S.A., a for-profit company incorporated in 2011, and headquartered in Lisbon, Portugal.

<span class="mw-page-title-main">Guardian Project (software)</span> Open source security software project

The Guardian Project is a global collective of software developers, designers, advocates, activists, and trainers who develop open-source mobile security software and operating system enhancements. They also create customized mobile devices to help individuals communicate more freely and protect themselves from intrusion and monitoring. The effort specifically focuses on users who live or work in high-risk situations and who often face constant surveillance and intrusion attempts into their mobile devices and communication streams.

<span class="mw-page-title-main">K-9 Mail</span> E-mail application for Android

K-9 Mail is a free and open source email client for Android. It is designed as an alternative to the stock email clients included with the platform; it supports both POP3 and IMAP protocols and supports IMAP IDLE for real-time notifications. The project is named after the Doctor Who character K9.

<span class="mw-page-title-main">Sky Map</span> Android software app

Sky Map is an Android planetarium software application.

<span class="mw-page-title-main">AntennaPod</span> Podcast app for Android

AntennaPod is a free and open-source podcast aggregator app for the Android operating system.

<span class="mw-page-title-main">Maps.me</span> Commercial satellite navigation software using OpenStreetMap data

Maps.me is a mobile app for Android, iOS and BlackBerry that provides offline maps using OpenStreetMap data. It was formerly known as MapsWithMe. In November 2014, it was acquired by Mail.Ru Group and became part of its My.com brand. In September 2015, the app was open sourced and a free and open-source software version was additionally made available on F-droid until the application was sold to the payment processor Daegu Limited, part of Parity.com, which changed the application user interface and content, leading original MapsWithMe founders Alexander Borsuk and Viktor Govako to release an open source ad- and tracker-free fork called 'Organic Maps' in response.

Briar is an open-source software communication technology, intended to provide secure and resilient peer-to-peer communications with no centralized servers and minimal reliance on external infrastructure. Messages can be transmitted through Bluetooth, Wi-Fi, over the internet via Tor or removable storage, such as USB sticks. All communication is end-to-end encrypted. Relevant content is stored in encrypted form on participating devices. Long-term plans for the project include support for distributed applications such as crisis mapping and collaborative document editing.

Mozilla Location Service (MLS) was an open geolocation service that allowed devices to find their position by processing received signals of publicly observable radio transmitters: cellular network antennae, Wi-Fi access points, and Bluetooth beacons. The service was provided by Mozilla from 2013 to 2024. The service used Mozilla's open source software project called Ichnaea.

<span class="mw-page-title-main">Element (software)</span> Decentralized encrypted chat and collaboration software powered by the Matrix protocol

Element is a free and open-source software instant messaging client implementing the Matrix protocol.

<span class="mw-page-title-main">MicroG</span> Free and open-source alternative to Google Android libraries

MicroG is a free and open-source implementation of proprietary Google libraries that serves as a replacement for Google Play Services on the Android operating system. It is maintained by the German developer Marvin Wißfeld. He describes microG as "the framework to create a fully-compatible Android distribution without any proprietary Google components".

iodéOS Android-based operating system

iodéOS is an Android-based mobile operating system developed by French company iodé. The operating system is a fork of LineageOS and does not include Google Play Services, instead using MicroG as a free and open-source replacement.

<span class="mw-page-title-main">Termux</span> Terminal emulator for Android

Termux is a free and open-source terminal emulator for Android which allows for running a Linux environment on an Android device. Termux installs a minimal base system automatically; additional packages are available using its package manager, based on Debian's.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

<span class="mw-page-title-main">DivestOS</span> Discontinued, open source, Android operating system

DivestOS was an open source, Android operating system. It was a soft fork of LineageOS that aimed to increase security and privacy with support for end-of-life devices. It removed many proprietary blobs and pre-installed open source apps.

RustDesk is a remote access and remote control software, primarily written in Rust, that enables remote maintenance of computers and other devices. The RustDesk client runs on operating systems such as Microsoft Windows, Apple MacOS, Apple iOS, Android and common Linux distributions. RustDesk has the aspiration to be an open-source alternative to remote desktop software such as TeamViewer or AnyDesk. As a result, RustDesk can function without relying on additional tools such as VPNs or port forwarding, even behind firewalls or NATs.

References

  1. "About" . Retrieved 29 September 2020.
  2. "F-Droid Is Here". 29 September 2010. Retrieved 29 September 2020.
  3. "CHANGELOG.md · master · F-Droid / Client · GitLab". 10 October 2024. Retrieved 5 November 2024.
  4. "About" . Retrieved 29 September 2020.
  5. "Client 0.54 released". F-droid.org. 5 November 2013. Archived from the original on 26 April 2015.
  6. Hildenbrand, Jerry (27 November 2012). "F-Droid is the FOSS application store for your Android phone". Android Central. Archived from the original on 16 June 2018. Retrieved 29 August 2013.
  7. Nardi, Tom (27 August 2012). "F-Droid: The Android Market That Respects Your Rights". The Powerbase. Archived from the original on 3 December 2013. Retrieved 29 August 2013.
  8. "F-Droid Server Manual". Archived from the original on 6 November 2013. Retrieved 30 August 2013.
  9. "Commits by year and month of F-Droid data reported by gitstats". 2017. Archived from the original on 9 July 2017. Retrieved 19 July 2017.
  10. "F-Droid initial source code". F-Droid. 19 October 2010. Archived from the original on 10 December 2014. Retrieved 10 December 2014.
  11. 1 2 "F Droid About". Archived from the original on 23 January 2014. Retrieved 28 January 2014.
  12. F-Droid. "Donations | F-Droid". F-Droid. Archived from the original on 10 May 2022. Retrieved 10 May 2022.
  13. "Apply for the GitLab Open Source Program (#223) · Issues · F-Droid / admin · GitLab". GitLab. 8 May 2021. Archived from the original on 10 May 2022. Retrieved 10 May 2022.
  14. "Interview with Ciaran Gultnieks of F-Droid — Free Software Foundation — Working together for free software". www.fsf.org. Archived from the original on 4 June 2022. Retrieved 21 April 2022.
  15. "F-Droid - Gitorious". 25 December 2010. Archived from the original on 25 December 2010. Retrieved 21 April 2022.
  16. "ee/LICENSE · master · GitLab.org / GitLab · GitLab". GitLab. Archived from the original on 2 July 2022. Retrieved 11 May 2022.
  17. Martí, Daniel (February 2014). "F-Droid". archive.fosdem.org. Retrieved 21 April 2022.
  18. "FDroid: a free software alternative to Google Market". Replicant Project. 26 November 2010. Archived from the original on 17 January 2015. Retrieved 17 January 2015.
  19. "FDroid". Replicant Wiki. Archived from the original on 9 March 2018. Retrieved 8 March 2018.
  20. "Replicant 6.0 early work, upstream work and F-Droid issue | Replicant". blog.replicant.us. 8 August 2016. Archived from the original on 6 July 2022. Retrieved 21 April 2022.
  21. GNUtoo (3 June 2022). "New Replicant 6.0 0004 release and Replicant 11 status. | Replicant". Archived from the original on 14 May 2017. Retrieved 3 August 2022.
  22. "Our New F-Droid App Repository". The Guardian Project. 15 March 2012. Archived from the original on 23 March 2017. Retrieved 29 August 2013.
  23. Walker-Morgan, Dj (28 February 2012). "FSFE launches "Free Your Android!" campaign". H-online. Archived from the original on 23 July 2014. Retrieved 27 July 2014.
  24. "Liberate Your Device!". Free Software Foundation Europe. Archived from the original on 15 August 2014. Retrieved 27 July 2014.
  25. "GNU-a-Day". GNU Project. Archived from the original on 28 July 2014. Retrieved 23 July 2014.
  26. "Team - Calyx Institute". calyxinstitute.org. Archived from the original on 9 April 2022. Retrieved 21 April 2022.
  27. Steiner, Hans-Christoph (January 2016). "F-Droid: building the private, unblockable app store". archive.fosdem.org. Retrieved 21 April 2022.
  28. "Copperhead, Guardian Project and F-Droid Partner to Build Open, Verifiably Secure Mobile Ecosystem". The Guardian Project. 28 March 2016. Archived from the original on 20 April 2016. Retrieved 19 April 2016.
  29. "Frequently Asked Questions | GrapheneOS". grapheneos.org. Archived from the original on 5 February 2023. Retrieved 21 April 2022.
  30. "Public Statement on Neutrality of Free Software". F-Droid. Archived from the original on 7 August 2020. Retrieved 3 August 2020.
  31. Robertson, Adi (12 July 2019). "How the biggest decentralized social network is dealing with its Nazi problem". The Verge. Archived from the original on 16 July 2019. Retrieved 10 February 2021.
  32. "TWIF 64: We are back!". F-Droid. Archived from the original on 14 February 2021. Retrieved 8 February 2021.
  33. "Fedilab (fr.gouv.etalab.mastodon) and FreeTusky (com.thechiefmeat.freetusky) explicitly promote violence (#1736) · Issues · F-Droid / Data". GitLab. 8 August 2019. Archived from the original on 6 August 2020. Retrieved 8 February 2021.
  34. "remove spinster app (!6013) · Merge Requests · F-Droid / Data". GitLab. 3 December 2019. Archived from the original on 28 January 2021. Retrieved 21 January 2021.
  35. "depackage Clover (org.floens.chan), Overchan, Overchan (fork), Ouroboros (#1722) · Issues · F-Droid / Data". GitLab. 4 August 2019. Archived from the original on 11 January 2021. Retrieved 8 February 2021.
  36. "Consider Depackaging Librem One Apps (#1734) · Issues · F-Droid / Data". GitLab. 7 August 2019. Archived from the original on 25 January 2021. Retrieved 8 February 2021.
  37. "Decentralized Networks Under Attack? Google Removes Open-Source Mastodon Client "Tusky" from the Play Store". It's FOSS News. 18 March 2021. Archived from the original on 23 May 2022. Retrieved 22 April 2022.
  38. "F-Droid Main Repository". F-Droid. Archived from the original on 8 February 2021. Retrieved 7 February 2021.
  39. "Number of available applications in the Google Play Store from December 2009 to December 2020". Statista. 4 February 2021. Archived from the original on 6 December 2020. Retrieved 7 February 2021.
  40. "Inclusion Policy". F-Droid. 4 April 2014. Archived from the original on 25 March 2015. Retrieved 29 March 2015.
  41. "About | F-Droid - Free and Open Source Android App Repository". F-Droid. Archived from the original on 25 May 2024. Retrieved 25 May 2024.
  42. Barrett, Brian. "How 18 Malware Apps Snuck Into Apple's App Store". Wired. Archived from the original on 25 May 2024. Retrieved 25 May 2024.
  43. Whittaker, Zack (24 October 2019). "Millions downloaded dozens of Android apps from Google Play that were infected with adware". TechCrunch. Archived from the original on 25 May 2024. Retrieved 25 May 2024.
  44. Newman, Lily Hay. "Never Ever (Ever) Download Android Apps Outside of Google Play". Wired. Archived from the original on 25 May 2024. Retrieved 25 May 2024.
  45. "Contribute". F-Droid. Archived from the original on 18 March 2015. Retrieved 29 March 2015.
  46. "F-Droid · Expenses - Open Collective". opencollective.com. Archived from the original on 23 September 2020. Retrieved 9 February 2021.
  47. "Payout request (#194) · Issues · F-Droid / admin". GitLab. 5 January 2021. Archived from the original on 1 March 2021. Retrieved 9 February 2021.
  48. "Mozilla Speed Dating grant payout and further work (#189) · Issues · F-Droid / admin". GitLab. 5 October 2020. Archived from the original on 31 October 2021. Retrieved 9 February 2021.
  49. "Android Open Distribution". 31 October 2012. Archived from the original on 24 March 2018. Retrieved 31 October 2012.
  50. "Client 0.76 Released". F-Droid. 14 October 2014. Archived from the original on 2 February 2017. Retrieved 28 March 2015.
  51. Brandom, Russell (10 June 2014). "Your survival guide for an internet blackout". The Verge . Archived from the original on 8 August 2014. Retrieved 2 August 2014.
  52. "F-Droid Privileged Extension". F-Droid. Archived from the original on 19 June 2018. Retrieved 19 June 2018.
  53. Orphanides, K. G. (14 January 2021). "How to move all your WhatsApp groups and get started on Signal". Wired UK. ISSN   1357-0978. Archived from the original on 14 January 2021. Retrieved 10 February 2021.
  54. "org.fdroid.fdroid.privileged.ota_2070". F-Droid. Archived from the original on 19 June 2018. Retrieved 19 June 2018.
  55. Marlinspike, Moxie (12 February 2013). "moxie0 commented Feb 12, 2013". Archived from the original on 10 January 2018 via GitHub.
  56. "Signing Your Applications". Android Developers. Google. Archived from the original on 15 April 2016. Retrieved 16 April 2016.
  57. "Release Channels and Signing Keys". F-Droid. 12 August 2014. Archived from the original on 2 April 2015. Retrieved 29 March 2015.
  58. Glick, Kobi (6 September 2017). "Enroll for app signing in the Google Play Console & secure your app using Google's robust security infrastructure". Android Developers Blog. Google. Archived from the original on 10 July 2018. Retrieved 16 April 2016.
  59. "Reproducible Builds". F-Droid. Archived from the original on 11 July 2018. Retrieved 10 July 2018.
  60. F-Droid (23 August 2012). "Security Notice – TextSecure". F-Droid.org. Archived from the original on 13 December 2017. Retrieved 21 April 2022.
  61. F-Droid (13 December 2017). "F-Droid and the Janus Vulnerability". F-Droid.org. Archived from the original on 21 April 2022. Retrieved 21 April 2022.
  62. "Flag many apps with KnownVuln (!11496) · Merge requests · F-Droid / Data · GitLab". GitLab. August 2022. Archived from the original on 6 December 2022. Retrieved 6 December 2022.
  63. Hodge, Ron (6 August 2019). "Fight Android malware by quitting Google Play and using F-Droid for Android apps". CNET. Archived from the original on 3 June 2023. Retrieved 3 June 2023.
  64. Fedewa, Joe (18 April 2022). "What Is F-Droid and How Is It Different From the Play Store?". How-To Geek. Archived from the original on 13 April 2023. Retrieved 13 April 2023.
  65. "How to set up F-Droid, the open-source alternative to the Google Play Store". Popular Science. 24 December 2022. Archived from the original on 13 April 2023. Retrieved 13 April 2023.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.