F-Droid
Template:Use dmy dates {{#invoke:Infobox|infobox}} F-Droid is a community-maintained software repository for Android, similar to the Google Play store. The main repository, hosted by the project, contains only free libre software apps. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-Features" such as advertising, user tracking, or dependence on nonfree software are flagged in app descriptions.[1] The website also offers the source code of applications it hosts, as well as the software running the F-Droid server, allowing anyone to set up their own app repository.[2][3][4]
History
F-Droid was founded by Ciaran Gultnieks in 2010. The client was forked from Aptoide's source code.[6][7] The project is now run by the English nonprofit F-Droid Limited.[7]
Replicant, a fully free software Android operating system, uses F-Droid as its default and recommended app store.[8][9] The Guardian Project, a suite of free and secure Android applications, started running their own F-Droid repository in early 2012.[10] In 2012, Free Software Foundation Europe featured F-Droid in their Free Your Android! campaign to raise awareness of the privacy and security risks of proprietary software.[11][12] F-Droid was chosen as part of the GNU Project's GNU a Day initiative during their 30th anniversary to encourage more use of free software.[13]
In March 2016 F-Droid partnered with The Guardian Project and CopperheadOS with the goal of creating "a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves".[14][15]
Scope of project
The F-Droid repository contains a growing number of more than 2,600 apps, compared to over 1.43 million on the Google Play Store. The project incorporates several software sub-projects:
- Client software for searching, downloading, verifying, and updating Android apps from an F-Droid repository
- fdroidserver – tool for managing existing and creating new repositories
- Jekyll-based website generator for a repository
F-Droid builds apps from publicly available and freely licensed source code. The project is run entirely by volunteers and has no formal app review process.[16] New apps are contributed by user submissions or the developers themselves. The only requirement is that they be free of proprietary software.[17]
Client application
To install the F-Droid client, the user has to allow installation from "Unknown sources" in Android settings[18] and retrieve the APK (installable file) from the official site. Installation is not available through the Google Play store due to the non-compete clause of the Google Play Developer Distribution Agreement.[19]
The client was designed to be resilient against surveillance, censorship, and unreliable Internet connections. To promote anonymity, it supports HTTP proxies and repositories hosted on Tor hidden services. Client devices can function as impromptu "app stores", distributing downloaded apps to other devices over local Wi-Fi, Bluetooth, and Android Beam.[20][21] The F-Droid client app will automatically offer updates for installed F-Droid apps. When the F-Droid Privileged Extension is installed, updates can also be conducted by the app itself in the background.[22] The extension can be installed via rooting, or by flashing a zip file on the device.[23]
Key management
The Android operating system checks that updates are signed with the same key, preventing others from distributing updates that are signed by a different key.[24][25] Originally, the Google Play store required applications to be signed by the developer of the application, while F-Droid only allowed its own signing keys. So apps previously installed from another source have to be reinstalled to receive updates.[26]
As of 2017, Google Play encourages developers to let Google Play manage the signing keys,[27] offering a similar service to what F-Droid has offered since 2011, and F-Droid now lets developers use their own keys via the reproducible build process.[28]
Criticism
Out-of-date versions of TextSecure
In 2012, security researcher and developer Moxie Marlinspike criticised F-Droid for distributing out-of-date versions of TextSecure which contained a known bug that had been fixed in the official application. F-Droid removed the application from the repository at the request of Marlinspike.[29] Marlinspike later criticised the project's handling of the issue, stating that they "mischaracterized the scope of [the] bug" and were "incredibly immature" in their post announcing the removal, after he received email from users who had been misled by F-Droid's announcement.[30]
See also
- List of mobile software distribution platforms
- List of free and open-source Android applications
- The Guardian Project (software)
References
| references-column-width
| references-column-count references-column-count-{{#if:1|30em}} }}
| {{#if:
| references-column-width }} }}" style="{{#if: 30em
| {{#iferror: {{#ifexpr: 30em > 1 }}
| Template:Column-width
| Template:Column-count }}
| {{#if:
| Template:Column-width }} }} list-style-type: {{#switch:
| upper-alpha
| upper-roman
| lower-alpha
| lower-greek
| lower-roman = {{{group}}}
| #default = decimal}};">
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ 7.0 7.1 Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite news
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web