A common criticism directed at F-Droid is that F-Droid signs published APKs with its own keys. Using our own keys doesn’t mean insecure — we have a good track record (and keep the keys on a dedicated, air-gapped, offline machine) whilst others may not — but this does mean that...

We received an audit on the new “index-v2” work in official Android client app + API (3 days) and the new front end webserver setup (1 day). There were no findings for the webserver setup, so the analysis in this post deals with the F-Droid client app. The audit was...

A modern Android smartphone relies on a lot of services, from app stores and calendars to messaging and push notifications. Most of them have open alternatives, but until now, the only option for push notifications was Google’s proprietary service, Firebase Cloud Messaging (FCM). UnifiedPush is a new alternative that allows...

F-Droid aims to give app developers a nice way to present their apps to users. Each app can include descriptions, related metadata, and translations. We have just updated the list of HTML formatting tags that are allowed in app descriptions to make it clearer what works and what does not....

At long last, the first alpha of the big overhaul of the official F-Droid client app for Android is about to be released. This round of work was focused on modernizing some of the oldest code in the client: the downloading, index parsing, and database layer. This code is now...

Every desktop computer or mobile device comes with some form of “app store”. There is F-Droid for Android. Debian has “software repositories” at its core. Then there are the really big, proprietary ones: Apple App Store and Google Play. These have millions of apps, while Debian has tens of thousands,...

Inspecting software is essential for understanding what that piece of software is actually doing. And free software means that all users have the guaranteed opportunity to fully inspect the source code they rely on. The cyber-security industry is built on inspecting software to find malware and build up defenses. Malware...

We have been a bit quiet recently on some fronts, like this blog and on merge requests to review. We strive to keep our users informed, and we always appreciate contributions, even when we cannot immediately review them. F-Droid started in 2010, so we have some technical debt and cannot...