Alongside the Aurora Store.
- DDOS attacks are only a problem with unofficial clients. This is why PG only recommends F-Droid Basic and not Neo Store or Droid-ify anymore.
- APK releases downloaded from Github aren’t usually verified and independently reviewed. You have to verify the app yourself.
- As SkewedZeppelin pointed out, getting random APKs from Github repos sets us back a decade in security. It’s not much different from downloading .exe files off websites and installing them.
There are advantages of using Obtainium, primarily faster updates, but some developers host their own F-Droid repos with up-to-date packages. Additionally, IzzyOnDroid delivers reasonably fast updates while reviewing each app for security.
A lot of the stuff in PrivSec’s article might be outdated now.