Which is a scary thing to use if you care about security or even privacy because you need some level of security to uphold your privacy.
2 Likes
Itâs not really a question of UI, Iâm just saying that Google Play is indeed stricter than F-Droid in some respects. In other respects, the reverse is true as youâve mentioned.
stricter in what sense though? Define it without an example. Itâs stricter because F-Droid has worse searching. Iâll give you that. There are 2.4 M packages on Google Play. There are 4,400 Apps in F-Droid and another 2,800 in the Archive. Iâm just not following. F-Droid has old ones, and probably more old ones by percent. But the only problem there is searching.
Of the ones in F-Droid how many of those 4,400 have undisclosed trackers by percent? (0%, or close to it) How many of them in Google Play have undisclosed trackers by percent?
I just donât understand how weâre using stricter in the context of privacy.
1 Like
A significant percentage of these 4,400 apps are abandonware.
Read the privacy policy and/or check the source code of the apps that youâre using.
Higher target API level = more security and privacy, sometimes even more or better functionality.
While the OP makes some interesting points, I do think its funny how people can barge in here like the Koolaid man calling our takes uninformed while it may just be that we are informed, but of a difference in opinion 
5 Likes
Paid apps maybe (Iâd prefer Aurora with compartmentalized gmail)
non-FOSS apps? maybe. Iâd still prefer Aurora.
Banking Apps? Definately!
1 Like
Im a bit confused: is it OK privacy-wise to use FDroid or not?
6 posts were merged into an existing topic: Aurora store not secure?
Itâs okay.
2 Likes
I completely agree with the OP. Sandboxed Google Play is not Silver Bullet. Itâs not a magical or sacred thing. Still you are using Google and you must have a G account.
I have a pixel which I donât use any GAFAM apps or accounts. So, each way has their pros and cons.
Regarding abandonware, we are not talking about average joe searching on Fdroid. Average Joe will not also use Sandboxed GPlay. As long as you know the app you install I donât see any problem here.
2 Likes
Whatâs the problem with that? You barely need to provide any information to have one.
Also, to be on fdroid the app must actually be buildable from source, so âfake open source appsâ wonât make it to the repo
1 Like
Depending on the country, you may need to provide both your birthdate and a valid phone number to create a new Google account. This is quite a bit of information 
.
1 Like
Provide fake birthday information.
That is only required when your IP reputation is low. I have created dozens of Google accounts without a phone number using all major VPN providers or just public Wi-Fi.
1 Like
I think this depends on the country/language as well. For example, if you try to create a new account using the Googleâs website in Korean, it seems to always ask for a phone number. Youâre right though that it doesnât necessarily do that when using the English site.
Accept that some people donât want to agree with googleâs privacy policy and simply choose something else even if that comes with a tradeoff.
6 Likes
Youâve got to be kidding me. If you are using VPN all the time, you wonât be able to get any Google account. Since we are privacy conscious users, itâs really normal that I donât want to share my IP address and apps I use, etc.
5 Likes
Not to mention that by using Google Play, Google can now track and correlate the apps you install with the rest of your web activity and use that to further profile you. Itâs a tradeoff between privacy and security.
2 Likes
A significant percentage of these 4,400 apps are abandonware.
Again, if this site was called AntiAbandonware Guide, I would say you have a point. But itâs not called that. Aside from that, Iâm not even sure if your assertion is correct. F-Droid scans libraries and they report vulnerabilities theyâve found in dependencies. When those are discovered the app is delisted. Like Simple FileManager (look up issue 656) But other than that, why does anyone care if an app isnât updated if itâs not known to be insecure?
Read the privacy policy and/or check the source code of the apps that youâre using.
99% of the Apps on Google Play donât have the source available, and the I donât want to trust their privacy policy. Youâre asking me to trust something inferior to technologically-generated advisories of F-droid.
Higher target API level = more security and privacy, sometimes even more or better functionality.
But there is nothing stopping you from using an app that targets a higher api level. You can upload an app built on any api level to F-droid. Iâm not sure what you mean when you say itâs stricter? F-droid and Google Play both allow hosting older less-secure API levels. Thatâs also just part of Android, developers have to change their app to adapt to the new API level and there is a lag.
But all of this is silly. Youâre speaking of theoretical points and using peacock language âstricterâ. Iâve given you three concrete examples of the most popular apps with examples of F-Droid making their distribution more private, transparent, and anonymous. And I just gave you another example (SimpleFileManager) of F-Droid identifying vulnerable dependencies that GitHub would not have discovered automatically.
But weâre telling people direct download from GitHub is better in the context of a discussion on privacy.
4 Likes
In this thread, I learned that fDroid has more than just building and singing.
Reading on the privacy guides, fdroid was only adding delay for new release and resigning with their own keys.
Here I learned tjat fdroid does much more, like detecting whitelisting external dependencies sources, blocking application with known vulnerability, detecting and preventing external blob / injection of prebuilt application library.
It would be nice to have a little more advantages and disadvantages of fdroid in the page, so that people make their own choice.
Or perhaps this information could be written in fdroid website ? I think I did read it at first, and did not know about that.
If there are some expert of fdroid here, I have a question/comment. Is there a way to easily know the status of a new release ? Like straight in the frontpage of the application.
When people see a release is x days late, they might get frustrated. But if they see a small status
- new version detected, build scheduled
- build completed, signing scheduled
- build error detected
- build error detected - bad external blob detected
- bukld⌠- vulnerability detected
- ⌠- external library prevent build.
2 Likes
Thatâs incorrect, but I will give you the benefit of the doubt and will ask you to prove your claim.
You donât have to share your IP, just use a VPN or Tor. If you want to go with the Tor route, then you would first have to create an account using a VPN or a public Wi-Fi, and only them you could use it with Tor.
As for apps, if your app list is something that you consider sensitive, then thatâs fair enough. But you should know that any app you install on your device can see your app list.
2 Likes