Everybody has different preferences, opinions, threat models, etc. I don’t see a point in arguing about this anymore.
A higher target SDK does minimize the risk; that’s true. But again, I trust the F-Droid team, and I could give root access to their clients, just like I fully trust GrapheneOS and use their OS. At this point, it is irrelevant to me if their client has a lower target SDK.
When I was writing that post I predicted that someone might mistake alphabet boys (NSA, FBI, etc) with Alphabet company but I still wrote that. I wasn’t talking about Google.
Better than no scanning. It doesn’t hurt. There is also that event where F-Droid caught a vulnerability in Simple Gallery, I think. If they didn’t catch that, vulnerability would still be present today.
You need proprietary Google Play Services on your phone for notifications to work, apps need to have proprietary Google code in them for this to work, and this is a proprietary service.
You’re purely depending on Google and their proprietary services for basic things such as receiving notifications, which is pure madness. They also probably see from what apps you’re receiving notifications and when you receive them.
Good luck receiving notifications with this without FCM: Release Element Android v1.6.5 · vector-im/element-android · GitHub
There are quite some apps that only provide alternatives to FCM, Google Apps, etc in their F-Droid build.