How does apps in other repos than F-Droid's main one differ?


#1

Are apps in someone’s repo different in some way from apps in the main F-Droid repository? Sorry. I don’t even know how to ask my question. I figured out how to add a repo but what sets those apps apart? Thank you.


#2

The apps in the main F-Droid repo are curated by F-Droid and you can be assured that they are “bonafide free software”. Also apps that have some downsides are marked with anti-features.
There are other repos that only allow free software and even some that mark some apps with anti-features too, but F-Droid doesn’t control them, so you’ll have to trust the repo maintainers.
Then there are also repos that contain proprietary software. You could create your own repo and put pretty much any app you’d want in there - even malware I guess.

So in other words. A “basic” user who only wants to use free software will only need the standard F-Droid repo or maybe be interested in Izzy’s repo too. For advanced privacy apps the Guardian Project repo is definitely interesting too and if your phone comes without GAPPS but you downloaded some apps from somewhere else that claim they need GAPPS then you should look into microg and their repo.


#3

Thank you.
An Izzy repo. I searched and found. F-Droid doesn’t control could be malware there. New user has no way of knowing.
Repos can be dangerous.
I think beginners should learn more.
Phone must go through process to okay permission to download apps not tested by play store. Repo apps not scanned. Or allowed in main F-Droid.


#4

The izzysoft repo is maintained by @izzy, who is an active and trusted F-Droid core contributor.


#5

Thank you.
I do not mean to be difficult but why are Izzy repo apps not allowed in the main F-Droid. So. Only certain repos are trusted. Other repos (which may or may not contain malware) are not verified trusted but are allowed to use F-Droid. My head spins.
Am I too inexperienced to use the F-Droid? For sure, Play store is a business and bad apps slip past safeguards but who verifies repo apps?
Please, I am not trying to be difficult. How else to learn?


#6

I believe the main issue is that adding apps to the repository is a complex process. A lot of apps in Izzy’s or other repositories get added to the F-Droid repo later.

I meant this in a very theoretical sense. I’m sure none of the repositories on the list of known repos contain malware.

As long as you don’t add random repos that you find elsewhere on the web you’ll be fine. Or if you do find a repo that interests you ask other people here if they think it’s trustworthy.

I don’t think so. :slight_smile:


#7

Consider my repo between “nonfree” and “testing”, in Debian terms. With very few exceptions (I’m aware of two: XDA Labs and Blackberry Manager), all apps in my repo are open source – and that’s a condition for an app to be there. But many of them have non-free (like trackers) or binary components, both not acceptable by the main repo. Often, developers get rid of those components after a while, and the app finally moves to the main repo (happend such for over 100 apps meanwhile).

Read more here – and make sure to check with the app details on the website – which lists in detail what libraries the app uses, and more.

I try to be as transparent as possible. But finally, you need to trust the apps’ developers – with my repo much more than with the official: I just grab the APKs developers provide, the main repo compiles from sources.


#8

Thank you for the explanation.


#9

Wow, you’re here. I hope you didn’t take offense to my questions. Thank you for your explanation!


#10

Hans told you so :smile:

Why should I? You asked a good question. So I gladly took the chance to explain. Glad my explanation was useful! And don’t hesitate asking more. I’m not following all discussions here (in fact, I found this one because Hans “pinged” me (@mention sends out notifications) – so if there’s something I should answer, that helps (as you just saw :rofl:)


#11

Oh, they are – though maybe not in all repos. If you followed my above link you already know: apps in my repo are scanned by VirusTotal and by my library scanner. For the man repo, we’ve got a bot who scans (before an app is accepted: VirusTotal, APKScan, Exodus – not sure what is run on updates, but something is).

Could not agree more :smile: For a start, you might be interested in my article series on F-Droid. Begins with: F-Droid: The privacy-friendly alternative to Google Play Store (follow-ups are linked from there). Also available in German (same link, detects language). That series was printed in the German tech magazin “c’t” (and is to be continued).