F-Droid still has some big tasks in order to be useable for the general public, when comparing it with e.g. Google Play Store.
For example, if you search it for "browser", Firefox will not show up because
A) It's called Fennec
B) The F-Droid search seems to be exact infix search, and Fennec's title is "Fennec F-Droid -- Browse the web", in which "Browser" does not appear, only "browse". So it doesn't find it.
In general, the search has no clue what a "browser" is, and cannot use it for ranking, so in practice you need to scroll a lot in F-Droid until you find what you seek.
I think policies[1] are blocking F-Droid more than anything from being a viable alternative. A bank will likely never release their app as open source, nor will any of the big authentication vendors. This means that you cannot completely replace the Google Play Store with F-Droid if you have to use any of these, you can only use it as an additional store, at which point many won't be bothered.
I'm not entirely sure why this is a problem. Nothing's stopping you from using f-droid as an app source as well as some other store - it doesn't need to cover every use case. It's already a viable alternative for apps which can't go on the Play Store due to Google's policies, like AdAway, NewPipe and Termux.
The fact there's no freedom respecting bank applications is a problem on its own, though. I will continue avoiding them until there is...
Adware is marked as an Anti-Feature in the details of an app in F-Droid[1]. Since non-free software is not allowed on F-Droid, and most Ad platforms aren't free software, you're unlikely to find any, though. There's currently only 30 apps with this Anti-Feature[2].
"insecure" is a strong word that shouldn't be used willy-nilly like that. F-Droid recompiles all of its applications to ensure that everything in them is free software, and that the source code provided by the upstream is actually what is in the released binary. To this end, they produce reproducible builds, allowing anyone to rebuild the sources locally and verify that they match.
Which is also how most Linux distros work. So if you use Linux to install software via it's package manager, you already participate in this model. It moves trust to the package repo rather than the app developer.
This is probably inaccurate - for instance I use Librera Reader for PDF and it does use ads - annoying video ads that shows up randomly when I close a document. It is not in the list of the 30 apps. And no anti feature is being declared on the app description. That's only one example that I am aware of.
I use librera reader and I have no ads, are you sure you're using the F-Droid version of the app? If you're not, I suggest installing it through F-Droid, as the play store version may have proprietary code in it. Many apps have different builds for Play Store and F-Droid, with slightly different featuresets.
If you are already using the F-Droid version, it should be reported. The list of anti-features is kept accurate by user reports like yours.
> A bank will likely never release their app as open source, nor will any of the big authentication vendors.
I suppose you're right and I think it's worrying that precisely these kinds of organizations still seem to rely on security through obscurity (to some extent, not solely).
Not just obscurity, but also requiring you to have a mobile phone, with software made by two spcific companies, (for us europeans) both foreign, and in some cases, not even allow you to have the phone rooted.
No tracking? Providing an alternative? Not strengthening the Google-Apple duopoly on the mobile phone market? I was looking at it as a platform to publish an app on, which the open source requirement stopped dead in its tracks. I didn't have a viable open source business model for it at this time because it was a straight "customer pays money, gets software" deal with no tracking or other nonsense.
As-is, F-Droid will not be an _alternative_, it can, at most, be an extension to the Play Store.
I know I will sound extreme (although I think it shouldn't be the case in among developers) and no offense, but this sounds like a happy outcome to me. I believe proprietary software to be unethical. I'm not interested in being proposed non free software. The software industry should figure it out and start respecting its users.
However software funding is a real concern and I do believe there's room for some set of builtin solutions allowing free software funding beyond a donate link.
There are many ways to fund free software. I'm not saying it's easy but there are many open source businesses now and as a developer I decided to join one of them.
Support, consulting and paid (but still open source) paid features are some options. I don't think anybody would remove a license check in an app sent to f-droid if it's free software.
Now, I genuinely thank you for having considered an alternative to Google for distributing your software.
I know it's hard to build stuff and bootstrap it. I'm with you on this.
In f-droid, you can still add third party repositories and I heard it's getting easier for users. Not sure it is easy enough.
Now I'm totally aware only free software doesn't cut it for most people yet, and fdroid will not suffice. Most people will do with the play store, but some will use fdroid as a store of "trusty" apps and resort to the play store if really needed. I know people doing this.
In this case the software in question was a game. I have not seen any visble business models for truly open source games under the acceptable licenses for F-Droid. There are source-available games, but that would not be enough in this case.
I think the main issue may be how much up-front investment games need that would never be recouped with an open source license, but I'd love to be shown an example to the contrary.
Game is its own thing indeed and I'll admit that first, I don't play much, and second, never even started thinking about business models for open source games.
Maybe you could license the data for a fee and have the code as open source?
Of course this is low effort and you know way better than me.
I've done a fair bit of open source work, but the best I could come up with for games is "source available" where you can get the code to recompile for yourself or mod it. (My wife and I put up the source code of our first game as a DLC on Steam as an experiment.)
Re only code: Game engines often tie code and data together and the code without the data won't even compile in many cases, or you won't be able to produce a new dataset because documenting the required settings is a monumental task.
Finally, there is no real benefit to open sourcing a game if you want to make money. There is no complementary product or service you can sell with it. Reviewing and incorporating community fixes requires work and potentially legal review as not everyone in the modding community is also necessarily well versed in IP law. All these things need funding which is not a given if the game is open source in any meaningful way. If a game is truly open source, a less than ethical company with a bunch of cheap labor can go and undercut you, so there is an incentive to make creating an alternative build as hard as possible, defeating the entire idea of open source.
I would like to be able to release on an alternative storefront so people who want to degoogle their phones, but F-Droid's policies (most known alternative) make that impossible. (To be clear, it's a perfectly legit choice, I just wish there was a meaningful alternative to Google.)
(Not commenting most of your comment, I assumed a clear data and code separation because that's typically what doom does, but that's very old and I'm utterly incompetent in this domain)
> Finally, there is no real benefit to open sourcing a game if you want to make money.
the same thing can be said for pretty much all software (although it's not always actually true, sometimes open source is a selling point and/or have specific strengths beyond ethics)
> a less than ethical company with a bunch of cheap labor can go and undercut you
Isn't the data which is the most costly part in developing a game? Of course I realize you stated that separating the data is not practical.
> I would like to be able to release on an alternative storefront so people who want to degoogle their phones
Still 100% with you on this. Also degoogled with some proprietary software is still a step in the right direction
I wish that transparency and security were a selling point in gaming, but to me it doesn't seem like it. People will install all kinds of stuff and give them administrator permissions without a second thought. Anti-cheat eating itself into the kernel seems to be perfectly normal for most people. It's an entertainment product and people don't want to be inconvenienced for the most part.
Regarding the development costs, I'm not exactly an expert and I have never worked in a game studio (apart from the company my wife and I are running), but let's take StarCraft 2 for example. If you were to have the engine, but not the art, you could likely easily develop a very capable multiplayer RTS game. Heroes of the Storm was developed out of a StarCraft 2 mod[1]. As another example, Stormgate[2], made by ex Blizzard devs, is getting a whole lot of press coverage for their netcode. It stands to reason that a good engine and netcode are very real competitive advantages in the RTS space. Other game types, such as a walking sim or an adventure game will have a lot less "secret sauce" in the code and more in the art, voice acting, etc. (The Invincible[3] is great in this area) so the code/data split would likely heavily depend on the type of game. (Games can also become very messy between art, visual scripting, engine settings and code, which is what makes releasing the code separately tricky.)
My wife and I are (slowly, next to the day job) working on a Python programming/learning game and hopefully we'll manage to make a clean split between the engine and the art because it would be important for modding. However, I wouldn't feel comfortable releasing it under an open source license because it would cut off a potential source of revenue to license it to educators wanting to make their own challenges and courses. Maybe later we'll figure out that the base game makes enough money and it doesn't matter anymore, but it's really hard to predict success. As a game dev I would really like to make it possible, for example, for game archivists to do their work legally, for people to legally backup and rebuild their games for newer operating systems, or for their kids to be able to inherit their games[4], but carving out specific exceptions, especially for unknown future use cases 10-20 years down the line is exceptionally hard and I'm also not a lawyer, so for desktop the Steam Subscriber Agreement is governing our PC releases for now.
I'm not sure what you are arguing for or against. I think janosdebugs made it quite clear what they are trying to do.
You do realize that many apps on F-Droid are developed by businesses? OSMAnd, Fennec, Jitsi Meet, Element, Telegram being big examples. We also had the Simple family of apps for a while.
Here's a sampling of stuff I've semi-recently encountered on Github that all spy on you by default. For some, it's undocumented, for others it's a minor subsection in the docs. (Some of them are source-available not free, I didn't keep track as I collected the URLs.)
That's why the difference between Codium and VSCode matters. Actually, IIRC the code from the ms repo does not do telemetry, they add it to the binary they distribute.
I mean, f-droid allows adding custom repositories that don't follow the main one's rules. There's a decent amount of apps that do this for one reason or another. Other apps, like for example OSMAnd, have a special f-droid build with google services removed, leading to the lack of some features like android auto support.
The client doesn't support any form of purchases and I don't think it ever will. I think you'd be best served using any of the other stores that support this or hosting it on your own website.
I don't see why fdroid would never provide a payment feature. At least for ethical reasons. Fdroid focuses on free software (and is also concerned with privacy and other features). Free software does not need to be gratis. As long as the payment code is open source. At worst it would be a NonFreeNet anti feature. Could be mitigated by supporting several payment platform.
You're right, but I don't think there's any incentive to do it. They pride themselves on having no tracking or otherwise user information (not even app popularity statistics), and adding any form of payment would require managing user accounts or coming up with impractical multi-device proof-of-purchase sharing solutions.
It's also worth mentioning that since everything on the store would still remain free software, making it legal to share purchased copies, people seeking to use it as a business model (like the parent post) would generally be ill-served.
Yeah personally that's what I love most about F-Droid. There's not a very wide selection of applications there, but if you can find an app that does what you want you're almost guaranteed that it'll be open source and free of ads, tracking, and other annoyances.
I used Graphene OS on a Pixel 4 for a few years and loved it. I feel like I'm a total minority user who doesn't attach themselves to specific apps so not having Firefox available wasn't really a huge thing for me. There were several apps I did have to have, but they were all available through the F-Droid store.
Graphene was easy for me but like you pointed out, many will not use it because it doesn't have exactly what they use/need. To some degree this inflexibility reminds me of people not switching to the Windows Phone platform for the same reason - which is sad considering we only have two choices now because people wouldn't take the chance and Microsoft abandoned the OS before really giving it a good opportunity to thrive.
Kind of a sad state of affairs when people are totally comfortable handing over all their personal information to the likes of Apple, Samsung and Google.
Full disclosure: Yes, I'm a totally disgruntled former Windows phone user. Yes, there were a lot of factors that led to its demise, but I felt at the time we finally had an alternative to what we were being spoon fed in Apple and Google.
Windows Phone 8.0 was great, partially because of the OS, and partially because MS paid for ports of the top-N apps to it.
GrapheneOS didn’t work as a daily driver for me because I couldn’t reliably use it for uber, lyft, parking or ev charging. The camera support was missing some features.
Most of that is fixable by adding back the google services, but then you lose most of the privacy advantages of having a de-googled phone.
- Google Play is sandboxed [1], you have (important) privacy advantages
- with a second account for banking apps (or in your example) uber, lyft, one can nicely separate "google-play-apps" from free apps, account switching is fast
I live in an EU country and I, in fact, cannot use online banking without a Google-enabled Android or an iPhone. There is exactly one bank that offers a desktop authenticator, but we had a really bad experience with them when we tried them for a year.
The hardware dongle sounds like it might be TOTP. There are plenty of clients for that for laptops and phones, assuming you can enroll your own secret.
and it's not going to improve. second factor auth in Europe now legally means "second factor auth via means the gov can positively link your Identity".
for anything EU or eu commission, you must either have an app in stock OS smartphone, or receive a sms on a network they can validate sim is attached to a tax id, or nothing else is allowed. totp et al is legally verboten.
I might be lucky enough to have online banking work with sms and a pre-shared secret. My bank (also in the EU) didn't tell me I could do it automatically, they only mentioned it when I told them I lost my phone (it was true) and that I didn't know when I could buy a new one. Maybe it'll work with yours ?
No, ever since PSD2 came into effect, banks here refuse to do SMS-based verification and have switched to apps. They also don't support hardware authenticators for consumers. I asked.
Netherlands today is more like the USA. anything it can fight the EU it will. it's the reason it's the new silicon valley with all tax dodging companies moving there.
It's been brought up for some time, and kind of looks like one of those open-source situations where any progress that falls short of perfection is deemed not worth implementing. Just my interpretation though.
> because it is not from Mozilla and includes patches to remove propietary bits
More specifically, because Mozilla won’t allow you to do that and still call it Firefox. (Except if you’re Debian, apparently Debian now gets an unwritten free pass after they demonstrated their willingness to protest that with Iceweasel. And either F-Droid is not big enough for that, Mozilla is not the same as it was back then, or both.)
fdroid have a non political policy. arch is the same. they won't even patch things nobody like (just document on the wiki and keep building upstream with the least amount of changes from the code repo. even if the upstream maintainers themselves dont build like that)
so, if firefox build builds as fenec by default, fennec it is.
Droidify is so vastly superior it’s not even close. Fdroid still has the privileged extension whereas droidify and Neodroid can use Shizuku and other options.
I do think that droidify is an unfortunate naming choice though.
F-Droid Basic, a cut down version of the official F-Droid client, supports the Android 12+ unattended app updates [1]. This allows for a store to update apps without user confirmation (if it was the store which installed (or updated?) the app originally) [2].
For example, if you search it for "browser", Firefox will not show up because
A) It's called Fennec
B) The F-Droid search seems to be exact infix search, and Fennec's title is "Fennec F-Droid -- Browse the web", in which "Browser" does not appear, only "browse". So it doesn't find it.
In general, the search has no clue what a "browser" is, and cannot use it for ranking, so in practice you need to scroll a lot in F-Droid until you find what you seek.