I am using Obtainium at the moment but I wonder if I should switch to a FDroid client, use original fdroid app or stay with Obtainium?
1 Like
If you want apps from F-Droid.org please use F-Droid or F-Droid basic.
Obtainium doesn’t perform any verification and does not have proper mirror support.
3 Likes
I’d stick with F-Droid Basic as it supports unattended updates, something I think the main F-Droid client still lacks.
The main client has supported that for like two years now.
1 Like
Which one are you using?
They’re both identical source, just Basic has features like Nearby Swap disabled.
1 Like
Did F-Droid team fix the security issues they had with signing apps?
What security issues with signing?
They sign about 80% of the apps (each with a unique key), the other 20% are reproducible verified and the original authors version is used instead.
4 Likes
Are you using basic or normal version?
6 or more months ago unattended updates stopped working for me on F-Droid (standard) on two different Pixel phones running GOS. Haven’t had any issue since switching to Basic.
what you mean? from their readme:
AppVerifier - App verification tool (recommended, integrates with Obtainium)
which seems to be a better way of verification than F-Droid does.
1 Like
cannot reproduce, there is no technical difference there either
that database is tiny and isn’t accepting new apps
what I mean is that F-Droid metadata provides expected signing key and file hash, something that Obtainium doesn’t check since it just scrapes the F-Droid API instead of establishing a TOFU chain for the index
2 Likes
Perhaps it is the way I have F-Droid configured, but I have the same issue with updates. I found that toggling off/on the repositories allows the updates to be found.
F-Droid -> button "Settings" -> Repositories ->
F-Droid: <off>
Guardian Project Official Releases: <off>
-> pause for ten seconds ->
F-Droid: <on>
Guardian Project Official Releases: <on>
-> <back> ->
-> notification "Updating repositories" -> button "Updates"
1 Like