Recommend F-Droid Basic instead of Neo Store

anon28734771 · October 6, 2023, 12:02pm

Third party clients has all kinds of issues such as not having proper mirror support, etc. Using them is effectively DDoSing f-droid.org.

TL;DR: Neo Store (or any other 3rd party client) recommendation does more harm than good.

jonah · October 6, 2023, 4:49pm

I’m inclined to agree, so I’ll open this PR, but can you provide a source on third-party clients DDoSing F-Droid?

github.com/privacyguides/privacyguides.org

Recommend F-Droid Basic over Neo Store

privacyguides:main ← privacyguides:jonaharagon/fdroid-basic

opened 04:49PM - 06 Oct 23 UTC

jonaharagon

+10 -12

Changes proposed in this PR: - Recommend the first-party F-Droid Basic client… now that it supports unattended upgrades.  - [x] I have disclosed any relevant conflicts of interest in my post. - [x] I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project. - [x] I am the sole author of this work. - [x] I agree to the [Community Code of Conduct](https://www.privacyguides.org/en/code_of_conduct/).

anon28734771 · October 6, 2023, 5:06pm

They aren’t DDoSing F-Droid, but the lack of proper mirror support creates this effect.

My source is this reply from @SkewedZeppelin: F-Droid (FOSS Android App Store) - #10 by SkewedZeppelin

He is knowledgable and a developer of DivestOS, so I trust what he says.

anon28734771 · October 7, 2023, 7:39am

I don’t feel like creating a GitHub account, so I will just reply to @matchboxbananasynergy’s comment here.

Agree with the change, though the unfortunate thing is that the F-Droid apps don’t have a way to show you an app’s targetSdk, which is what I personally liked about Neo Store, since F-Droid doesn’t remove or hide apps with old targetSdk levels, and as far as I’m aware also doesn’t prevent them from getting on to the store/updating their apps. Being able to see what the targetSdk level is at a glance is quite significant.

When you try to install an app with old SDK, it gives you a very obvious warning.

Unattended updates came with Android 12 so the app’s target SDK is below 31.

anon5233878 · October 13, 2023, 5:31pm

According to this, the official F-Droid client will support unattended updates in version 1.19. Should we wait until version 1.19 is released and recommend the official client instead of the F-Droid Basic one?

This is unless the reduced attack surface of the Basic client (due to a reduced feature set) is an important factor for the recommendation.

jonah · October 13, 2023, 7:37pm

That and F-Droid Basic targeting a newer SDK version were both also important factors, yes. F-Droid Basic is equally “official” as well.

anon28734771 · October 13, 2023, 7:44pm

They will support unnatended updates, but will they target the latest SDK? If yes, will they keep up with Android’s security model or stay behind like they have all this time?

There are a lot of ifs, and F-Droid Basic has reduced attack surface too.

anon5233878 · October 13, 2023, 7:47pm

I get your points, I guess only time will tell. F-droid Basic does seem to be the best option at the moment.

jonah · November 13, 2023, 12:31am

jonah · November 13, 2023, 12:31am

Locked as completed