Monthly Development Reports

Here’s the the Bazaar2 Monthly Report for February 2017:

Now that a lot of the work we have done over the past year is solidifying, we have started to do a lot more to promote it. To that end, there will be lots of activity at conferences around the world, as of February:

  • @pserwylo represented F-Droid at FOSDEM in Brussels
  • @hans at Android Security Symposium in Vienna
  • @hans at RightsCon: “Internet Freedom App Store: we require alternatives to the two gatekeepers”
  • @grote at in Havana
  • @pserwylo at in Ho Chi Minh City

There were also some interesting developments from people entirely unrelated to the F-Droid core developers and Bazaar2 development effort.

Objective 1 Simple multi-pronged distribution

We made progress on lots of little details over the past month, and some bigger, long running efforts. First and foremost, we know have an entire build infrastructure based on KVM that can run within a KVM guest (aka “nested KVM”). This setup is now running once a day on This will be the basis of our weekly rebuilds of the entire collection of apps to provide the feedback for working towards reproducible builds for as many apps a possible. Running the whole process from the very beginning each week gives us continuous integration testing for our whole build infrastructure.

  • we started working with libscout to detect library versions in apps. This will allow us to work with CVEs and other data sources for marking known vulnerabilities in libraries. This data is then included in app index metadata, which F-Droid can then use on the device to highlight vulnerable apps to prompt the user to update or uninstall.

  • we worked with a Cuban user group to fix the issues that arose from building an F-Droid app repository from 12,000 APK files.

  • we got our bug fixes integrated into the Debian packages needed to run the build intrastructure

Objective 2 Curation Tools for Organizations

We held a kick-off meeting in order to lay out the design issues and to set the stage for deciding the technical approach of the whole project. We decided to go with a web app over an Android app for a number of reasons, including that it was the most flexible approach. Carrie sketched the basic workflow to get the ball rolling. There is lots more information on the backstory of this work in Torsten’s blog post:

Objective 3 Modern App Store with Built-in Circumvention

The F-Droid Privileged Extension is now shipping with CopperheadOS and Replicant, so those devices no longer need to turn on “Unknown Sources” in order to use F-Droid. This also provides fully automatic background updates. Next steps are to get the Privileged Extension integrated into more devices and ROMs, and to make it easy for all the custom Android ROM developers to properly integrate F-Droid into their projects.

UX Overhaul

We have been working on wrapping up the designs for the improvements in the UX and UI that we are making after the first round of user tests. We will be doing another round of user tests in late March, this time with alpha releases of the real app, to confirm the design, and find and last glaring issues. In addition to the feedback from user tests, we have also received lots of great, unsolicited feedback from the F-Droid community via our issue tracker. While it was extra effort for us to have the design discussions on a public forum, it has paid off due to the quality of the discussions that we had there, including detailed reviews based on the Material Design Guidelines and ideas for handling some of the tricky design problems. This thread is a great of example:

The major design improvements include:

User Testing

I’ve outlined the areas that we’d like to gain feedback on in the next round of tests. The primary UX flows we want feedback on include: users’ ability to update apps, the offline experience, and the experience of searching within a category. We also are looking for feedback on users’ comprehension of the new menu icons, how much they trust F-Droid, and how likely they are to donate to developers.

Objective 4 Partner Deployments

We finalized the design of update libraries in conjunction with the Tibetan partner organization, and signed a contract for it to be implemented by Mark Murphy aka @commonsguy. These two libraries work together to provide alternate paths to app updates:

Objective 5 Usability Research on In-country Developers

The developer survey was completed and translated into Spanish, Chinese, Farsi, and Russian. It is now available at Seamus started the testing and promotion of the survey with the aim to kicking it off at Internet Freedom Festival in Valencia.


For everyone being late to the party, the previous reports are still available in the old forum.

1 Like

Very cool to hear from actual users in Cuba and around the world!

March 2017

Finally, after many months of doing behind the scenes plumbing, we now have a steady stream of very visible progress. The big news is that we launched our first client app alpha of the totally new user experience, after an intense development sprint. You can get it now in F-Droid by finding F-Droid in installed apps, and then selecting version 0.103-alpha from the list.

  • Implemented totally new designs for the Categories/Main/Updates screens
  • Better support for offline usage of F-Droid
  • Drastically improved workflow for bulk downloads + updates
  • New support for screenshots, feature graphics, and localized descriptions
  • https://post–

We had a good meeting with Fairphone at their lovely Amsterdam office, and nailed down a plan to get F-Droid integrated in Fairphone Open OS, which can be installed on any Fairphone2. They are also working on shipping Fairphone OS devices directly. From Fairphone, we learned about which already includes F-Droid as its app store. Uhuru provides an open source “Mobile Device Manager” service which will integrate nicely with the F-Droid Repomaker service being developed from the “2 Curation Tools” effort.

There was also a lot of presentation activity in March. Torsten and Seamus attended the Internet Freedom Festival. Hans presented F-Droid at the Android Security Symposium ( and RightsCon, and attended Tor Dev Meeting and Iran Cyber Dialogue, where F-Droid was a topic of discussion. Seamus was also at Iran Cyber Dialogue and RightsCon.

At the Android Security Symposium (, there were lots of related discussions at the various private meals for the speakers, which included key security people from Google, AT&T, universities and private security research companies. There was agreement that the most effective single security measure is limiting access to what apps can be installed on the device. We agree, and are working to support this kind of setup, since it will be very useful for lots of high risk users. This is the same model used by Copperhead, Uhuru Mobile, Fairphone Open, and many DIY projects. To make this possible, the essential part is giving organizations control over the apps that they make available, and making this as easy as possible to manage.

Also, Nico Alt has joined us working on F-Droid as part of the Bazaar2 funding. He’s a long time F-Droid contributor, working on the client, leading up the new forum, and the new website design.

Objective 1 Simple multi-pronged distribution

The new “binary transparency log” feature is now available. The idea is to publish an append-only log of all the binaries that an update system has published. Then anyone can check that the binary that they received on their device matches the official list based on hash. This feature has two parts:

  1. Any F-Droid repository can make its own binary transparency log directly when fdroid update runs. This first example of this can be seen here:
  2. Anyone can point the new fdroid btlogcommand at any F-Droid repository to make their own local log. This is designed to be run often so it will stay updated. Here is the first public version of a version we had running privately since 2014 that was pointed at

Other interesting tidbits:

  • Reproducible builds bug in the Android SDK bug reported by us was officially confirmed Google is interested in reproducible builds these days, and seems to be fixing them.
  • The F-Droid server tools now support fully localized app metadata, including screenshots, feature graphics, and descriptions.
  • A full Android SDK is now included in Debian Stretch, so you can apt install android-sdk
  • We have preliminary free software Android emulator images that we aim to ship, since Google now only ships proprietary Google Play images. This makes it easy for people to develop using only the F-Droid stack:
  • F-Droid server tools can now automatically upload releases to Android Observatory and VirusTotal. These services generate lots of useful indexes for discovering and tracking malware.

Objective 2 Curation Tools for Organizations

The first functional prototype of Repomaker (, the current name for the web tool building built to make it easy for anyone to build and manage F-Droid repositories. Here is a video of the prototype in action: There is also a video of the design prototype:

We are also looking at the Flyve Mobile Device Management software since it provides some complementary and some overlapping functionality. It looks like the full source is available. It is also a web app, but written with PHP rather than Repomaker’s Python. The source is here: and a free demo is available here:

Objective 3 Modern App Store with Built-in Circumvention

In March, the new user experience was mostly completed and is now available as an alpha release: 0.103-alpha. In addition, there were some additions to the UI which were implemented in response to the two user tests that we ran, one in Texas and the other in Vienna. F-Droid client now has much better support for the following, long awaited features:

  • App screenshots, localized descriptions and graphics: The F-Droid server tools integrate with two popular free software tools for managing these assets: Fastlane Supply ( and Triple-T Gradle Play Publisher (

  • Bulk Download: The previous stable release of F-Droid had rudimentary support for downloading multiple apps at once. However the feedback to the user was incomplete and it was prone to forgetting that a user had downloaded some apps (e.g. if they close F-Droid and come back later).

  • Now there is first class support for viewing the status of each download in one location, the “Updates” tab. This also includes all of the apps which
    can be updated, and will make it easier in the future to show other important information about each app (e.g. if security vulnerabilities are found, or if an app has to be removed from the repo).

  • Offline queue for download: One thing F-Droid can do that other stores cannot, is to let the user browse through apps while offline. Now, users are notified that they are using F-Droid without internet access. As they view apps, they are prompted to “Download later” which puts apps in a queue, to be shown in the “Updates” tab. This queue is automatically downloaded when they next come online. This feature is completed, but not yet merged into master.

  • The totally overhauled website is nearing launch. We have the full website built now using the Jekyll static site generator. We just need to nail down a secure and automated deploy process. This whole setup makes it much easier to run the F-Droid infrastructure since there will be almost no server-side code running. And it can be flexibly reused in custom app stores based on F-Droid.

  • We polished up the “F-Droid Privileged Extension”, which allows F-Droid to work without Unknown Sources, and do fully automated background updates. We worked with CopperheadOS to make sure that this system works well in the latest Android release, 7.1.1.

  • We submitted a complete patch to FairphoneOS to build and include the F-Droid Privileged Extension into their Fairphone Open builds as the core of the F-Droid integration:

  • We worked with security researchers who work on the CVE system and prototyped a way to support Android/Java libraries in the CVE system so that the automated scanners that we have implemented can use the CVE system as a source of data about known vulnerabilities. This data can then be used downloaded by the F-Droid client app to report known issues with any apps that are installed.


Nice to hear those reports! Maybe they could be different discussions for each month, in a separate forum?

Otherwise it’s great to see this kind of transparency in a project - keep it up!

I thought about doing blog posts on the new website when it is launched. Then there will be the possibility to comment.

1 Like

Not sure how using Discourse as a comments’ platform works, but did you consider using the forum directly for news announcements and blog posts? That way all the information is at one place.

Thanks @hans for these reports, really informative! In the future, it would be nice to tag the people in the reports if they have forum accounts, so we can better meet and perhaps follow them. An enhanced contributors page could also help once the new website is up.

Take a look at Coding Horror’s blog, he’s using Discourse for comments.[quote=“tetris4, post:7, topic:166”]
did you consider using the forum directly for news announcements and blog posts?

That’s not an option because we can’t control the forum’s design as easily as we can do with the website. Additionally, the forum requires JavaScript for the most thinks to work and that’s not really user friendly (especially to Tor users).

1 Like

April was a big month for us in terms of finishing up some big parts
that are directly visible to users, and easy to demonstrate. The
biggest is the final 0.103 release of the F-Droid app which includes the
complete overhaul of the user experience, which feels simple, friendly
and modern. This is one short step from a big 1.0 release, once we nail
down the last features and get some more testing completed.

We also launched the first alpha of the new F-Droid Repomaker, a simple
web tool for creating and managing collections of apps and media, and
delivering them to users via F-Droid repositories (aka “repos”). Try
the alpha demo!

On top of those two launches, there are many other small accomplishments
from this biggest and final development sprint for Bazaar2.

##Objective 1 Simple multi-pronged distribution

###Make All Text Translatable

All texts within F-Droid and graphics associated with apps are now
translatable, including all the strings within the app itself, all app
names, summaries, descriptions, video links, recent changes, and
screenshots. With release of F-Droid client 0.103, it will use any
available language. For the F-Droid client app itself, many languages
are completely translated, and many more have reached the functional
level, thanks to the ongoing support from F-Droid community volunteers
and the Localization Lab:

  • 19 over 99%, including Belarusian, Brazilian, Persian, Russian,
    Spanish, Chinese, Turkish
  • 32 over 90%, including Arabic, French, Italian, Romanian, Shona, Ukrainian
  • 45 over 70%, including Burmese, Hungarian, Korean, Simplified Chinese,
    Thai, Vietnamese
  • see all and contribute here:

We have not received any Tibetan translations yet. We will be hiring
translators to finish the Simplified Chinese and Tibetan translations.

For the per-app materials, we are now adding all the translated
materials for all the Guardian Project apps to the Guardian Project
F-Droid Repository, which users can enable with the flip of a switch in
F-Droid. We are also helping app developers to get their descriptive
materials integrated for automatic inclusion in

###Reproducible Builds

For reproducible builds, we started out by doing mass rebuilds of all
apps in, as shown by This
let us fix the most common issues without getting stuck on a few hard
issues. Now that we have reproducibly built over 300 different apps,
we’re turning to focus on reproducibly building the most
security-sensitive apps. These tend to be the most difficult since they
frequently include “native” C code, which is much harder than Java to
build reproducibly.

###Handling Media

While the core tools for adding media files to F-Droid repositories were
created months ago, we turned to focus on one specific use case in order
to polish up the media file support: the F-Droid Privileged Extension
“Over-The-Air (OTA) update”. This is a ZIP file that users “flash” to
their device to install it with elevated privileges. This file is now
built, signed, and released using the full F-Droid stack, providing a
trusted download method for users of any Android ROM to flash to their

That means the whole server-side deliver process is ready to handle any
file you can copy into a folder. The 1.0 release of the F-Droid client
app will fully handle installing common file types so that media
players, etc. will automatically find and play them. As part of the
Curation Tools section, RepoMaker already has some basic support for
handling media, which we are now working on completing and polishing.

###Developer Support

In collaboration with Guardian Project’s Developer Square effort, we
held a workshop on the internet called GLOW2017: . The videos are archived and available for
anyone to learn from.

###Google Play Integration

When the Bazaar2 project was defined, there were not well known tools
for managing all of the localized files in Google Play. Now there are
two: Fastlane Supply and Triple-T Gradle Play Publisher. Both are free
open source software, so instead of reinventing the wheel, we instead
integrated with those existing tools. fdroidserver now automatically
detects the app store support materials in the app’s source repo if it
is already setup for Fastlane or Triple-T. So there is now one place to
put all of the app store materials (descriptions, graphics, etc) to
publish them to F-Droid and Google Play. Those descriptions can be
easily added to Weblate, Transifex, etc so that the translations can be
automatically synced when they are complete.

##Objective 2 Curation Tools for Organizations

RepoMaker has reached a functional level with the core features
implemented. It is currently being developed around the two basic setup
modes: as a hosted web app. Apps can be manually added or automatically
fetched from other F-Droid app repos. RepoMaker can publish the repos
in all the same ways that fdroidserver can, e.g rsync GitHub, Amazon S3,
etc. There is a alpha demo of the multi-user mode for anyone to try:

You can see demos of a number of key features in Torsten’s RepoMaker

We also began to build the foundations of the localization support.
This current implementation strategy will also allow for standalone
installations like a desktop app following the web app model like Riot,
Signal, etc.

##Objective 3 Modern App Store with Built-in Circumvention

The new user experience is functionally complete and a full release,
v0.103, is now available via the normal release channels. We also
nailed down the full integrated experience using F-Droid Privileged
Extension, which allows for installs without enabling Unknown Sources
and automatic updates in background. It is now well tested and working
solidly on all Android versions. For the past month, we found and fixed
a number of issues specific to Android 7.x.

###User Tests

We ran two parallel user tests in Lubbock, Texas and Vienna, Austria of
the new user experience for the F-Droid client app. Overall, we are
happy to say that they confirmed the general approach of the new design,
and users overwhelmingly found it simple to use. There were two areas
where users had difficulty: nearby app swapping and adding new app
repositories. This was not a surprise since, first and foremost, those
are totally new concepts for most mobile users, who are used to getting
everything from one source: Google Play.

The full report is available at:


The new website is ready for launch, once we complete the secure,
automated deployment procedure. The new website is generated using
Jekyll and consists entirely of flat files with no code running on the
server side. On client-side, Javascript is only required for the search
function. This makes the website work well with Tor Browser, and makes
it easy for anyone to deploy their own app store using simple cloud file
hosting services like Alibaba Cloud, GitHub Pages, Gitlab Pages, Amazon
S3, etc. as well as simple appliance devices like LibraryBox,
FreedomBox, etc. We also began the process of making the website fully
translatable. The staging server is publicly available here:

###Automated Circumvention

The fdroidserver tools for automated “collateral freedom” distribution
are in place. The current options for automatic publishing to mirrors
are: GitHub, Gitlab, Amazon S3, and SSH/rsync for webservers and Tor
Hidden Services. The F-Droid client app is already receiving the
metadata about those mirrors, but it does not yet automatically act on
it. Users can manually subscribe to individual mirrors now. The
Guardian Project app repo is currently setup for all of these types of

As for mirrors of, we launched a third mirror for the main
repo which is in the USA. This will better cover the Americas over the
two European mirrors.

###Malware Tools

We added support for two sources of metadata about apps. Fdroidserver
can now automatically upload all new release to and These both
provide rich sources of metadata about apps and malware, viewable via
web pages or accessible via an API. They both are based on the SHA256
hash sum as a unique ID, so it is easy to link an APK on a device to the
data on those services. This data will be used to alert the user to
known malware in the new “Updates” tab of F-Droid client.

##Objective 4 Partner Deployments

We have two prototype libraries for ensuring that apps have a reliable,
trusted update channel no matter where they were downloaded from. There
are lots of custom versions of this, from Firefox to Signal. The
libraries that we are creating are standardized, free software
libraries. They also integrate with the whole F-Droid eco-system, using
the same tools to manage the server-side as are used for F-Droid
“repos”. This provides the flexibility for app developers to mix and
match the features they need, like direct app updates via a dedicated
app repo, updates via, confirmed reproducible builds
of releases, “collatoral freedom” mirrors, etc.

Our first test implementations for these new libraries will be Zom for
the direct updates, and Ripple and Location Privacy for the F-Droid
update channel.

##Objective 5 Usability Research on In-country Developers

The results of the survey have been compiled, and the public report is
nearing completion.
We ran user tests of the fdroidserver tools in a handful of locations.
We were unable to run the tests in Eastern Europe as we had hoped.


May was another busy month for us. Now that we have released the new F-Droid Android client with an entirely new user experience, we shifted development focus to localization of the whole F-Droid suite of tools while fixing bugs as they arose. We also completed all of the usability research and user testing, and published the results.

There was a big focus on localization of all of the pieces of the F-Droid ecosystem. With that, we had an exciting realization: once our translators complete their work, then F-Droid will be the first app store fully available in Tibetan. Google Play and the big Chinese app stores do not support Tibetan on their websites, Android apps, etc. Even iTunes does not support Tibetan, even though iOS provides good support for Tibetan. This also opens the door to many other poorly represented languages, since translation is now the only thing needed to create a complete app store in any language Android supports. We already have active contributors for languages absent from the major app stores, like Arabic, Armenian, Belarusian, Burmese, Hebrew, and Shona.

To gauge interest in F-Droid, we sent a Copperhead/F-Droid device to be passed around a few internet freedom groups in Belarus and Ukraine to get feedback on whether they consider this a usable solution for them. We did a similar test about a year ago, and found that F-Droid was not useful there for high security users because it required Unknown Sources. Psiphon was enough to get around Google Play blocking, and complete internet outages are uncommon. Now with F-Droid built into Copperhead, we have a compelling offering that is not available with Google Play devices: a secure mobile phone that can only install from a small, trusted whitelist of available apps. This can then also be fully localized.

All of this localization work will be polished up and deployed starting in June. To see the development history and follow progress, check the “localization” label in the F-Droid gitlab trackers:

In other news:

###Meetly Meeting Logs

We have a weekly meeting on IRC mostly focused the developer facing sides of F-Droid. That happens every Thursday at 11.30 UTC on #fdroid-dev on FreeNode. The May 2017 logs can be found here:

##Objective 1 Simple multi-pronged distribution

In May, we finally completed the longest running merge request in F-Droid:

This allows us to rebuild the entire buildserver from scratch as well as the latest version of every single app in This all happens on a weekly basis, providing both an amazing continuous integration test on the F-Droid infrastructure as well as a platform doing reproducible builds on a mass scale. This is all running on Debian’s servers for reproducible builds:

##Objective 2 Curation Tools for Organizations

A great amount of progress was made on the UX and UI of the Repomaker tool. By the end of the month, we had designs ready and implemented for the core functionality. The app was prepared for usability studies where we would test how trainers would use it to create collections of apps from other repos to share with a group of trainees. In the month of May, we also created a test plan to use internally for our tests and to share with our partners running field tests. This plan can be viewed here:

Below is a bullet point list of the major areas of design that were completed this month.

UX Design of Repomaker:

  • workflow for creating a repo
  • workflow for editing metadata
  • workflow for adding apps from another repo
  • workflow for creating and managing multiple repos
  • workflow for accessing the user account and logging out

UI Design of Repomaker:

  • empty state for the home view of all repos
  • app details view
  • edit mode for app details
  • browse through other repos view
  • repo index view
  • repo info view
  • repo share view
  • repo homepage (public link) on desktop and mobile
  • login/signup page
  • drag and drop areas
  • styling and font selections for the entire app

Videos showing the design progress:
May 11, 2017
May 4, 2017

We also published Repomaker’s source strings to Weblate for the first time, and already received Spanish and Turkish translations.

##Objective 3 Modern App Store with Built-in Circumvention


The biggest item was coming up with a workflow for allowing translations of the various pages on the new website. This includes (in order of priority) the content on the home page, the server documentation, and the news posts.

Due to some technical details about the websites implementation (using Jekyll + polyglot + po4a) the home page is internationalized using a different technique to that of the documentation + news posts. The result of this is that each of these three sections will have their own Weblate project for translators to contribute towards.

There are currently two pending merge requests, one for internationalizing the home page, and the other for the documentation + news posts. These are not earmarked for the launch milestone. However once the launch is done, then this can be tested, merged, and released.

The new website was finalized, the secure, automated deployment procedure is still being setup

We finalized the architecture to support full localization, based on the jekyll polyglot plugin and the setup that Apache HTTPD’s official documentation uses.

###UX Overhaul

In addition to the website translations, there was also a handful of miscellaneous bug fixes for the client in response to the 0.103.1 release. This resulted in a 0.103.2 release which should be more stable, and there are also some more stability fixes which I have completed that will be merged in June to make a 0.103.3 which addresses more stability concerns.

We also completed the final user test of the Android client user experience overhaul as it is currently implemented. The results are available in this report:

###Streamlining Circumvention

The new “collateral freedom” mirroring on Gitlab, GitHub, and Amazon S3 was polished up so it is easy to use. This also now in used in Repomaker.:


Bazaar2 Monthly Report - June 2017

June marks the end of the final big development sprint for the Bazaar2 project, and many parts of this whole project have been completed, with others just needing some final bits and pieces completed. For the remaining couple months of the project, a few of us will be working to close out all those remaining bits and pieces to deliver the last sections of this whole funding effort.

One big piece of news was that Boris Kraut aka krt retired from active work on F-Droid He was one of the major contributors to F-Droid over the past few years, leading up the fdroiddata section where apps are added to He will certainly be missed. He retired with grace, and indeed provided a shining example of how to retire from a free software project, since he drummed up a lot of new interest, as well as new contributors, with his announcement.

One key part of the Bazaar2 project was to make F-Droid a fully localizable app store ecosystem. We localized the Android app, the website, the developer tools, and the documentation. So now basically every string a user sees can be translated. Some of this work was just applying well known software, but we forged new ground on a number of aspects. The details are under “Objective 1: Make all text translatable” and “Objective 3: Website“.

Organizations running their own F-Droid “repos”

One key piece of this project was to polish up the F-Droid server tools so that it was easy for anyone to run their own F-Droid repository. This turns F-Droid into a decentralized distribution ecosystem, where anyone can choose which distribution sources they use, and anyone can become a distribution source themselves. Whether other organizations set up their own F-Droid distribution “repos” is an important measure of this project. The first example is Copperhead, which uses F-Droid as its only app store, and runs a number of custom app repos for clients. F-Droid allows Copperhead to deliver a tightly controlled mobile system that anyone can run without relying on the big gatekeeper organizations like Google or Apple. Security First, has setup their own repo for their apps, including Umbrella ( There is a relatively new app repo known as IzzySoft ( that is fulfilling an important role in the whole ecosytem. only includes apps that are 100% free software, built from source code. That excludes a lot of valuable software that includes proprietary libraries like Google GCM. IzzySoft includes lots of apps like these, serving as a stepping stone on the way to inclusion in

For the last example, we learned about a whole new model in Cuba. Torsten went to Cuba in June, following up on contacts from the postponed Cubaconf event, and one contact who found us in the #fdroid IRC chat room. We spent a day with a couple of Cubans who are running mobile shop. They have set up an F-Droid repo with 2000 apps, and anyone can come and use it by connecting to their WiFi access point. Read all about it in Torsten’s blog post:

We have also been working with Fairphone to get F-Droid integrated into their Fairphone Open Android system. They are working towards selling Fairphone Open devices directly on their website, so once that launched, then that will be the first hardware manufacturer shipping F-Droid that we know about.

And two last additional items we touched in June:

Full localization waiting on final deployment

We can now show all the key parts of F-Droid localized, this will all be shipped in the next release of the various components. Here’s examples in Chinese:

Android client app



Weekly Meeting Logs

We have a weekly meeting on IRC mostly focused the developer facing sides of F-Droid. That happens every Thursday at 11.30 UTC on #fdroid-dev on FreeNode. The June 2017 logs can be found here:

Following Work Related to this Funding

All related work on F-Droid is tagged using the “bazaar” label:

All related blog posts are tagged with the “bazaar” tag:

Objective 1 Simple multi-pronged distribution

Make all text translatable

In June, we had a major push to get all the strings throughout the project, from app strings to documentation, in a format that works well for automated translation. Those are all up on Weblate now, open for contributions. At least 95% of the strings used in the F-Droid software is now translatable and upon Weblate for easy contributing. We have been getting a steady stream of translation contributions in a variety of languages. We also hired some translators to finish the community translations and review them for Farsi, Simplified Chinese, and Spanish. We did not receive any contributions in Tibetan, but have hired two people to translate and review all strings in the F-Droid app, Repomaker, 10 app descriptions, and much of the website material. The source, translations, and activity for all the F-Droid projects can be seen on the Weblate project page:

An essential part of the work we do is integrating with other free software projects, and helping those projects improve. In order to provide a complete, smooth translation workflow, we working through a issues in four separate projects that each form an essential piece of the puzzle.

For tracking the localization work in F-Droid, see the localization tag in the gitlab tracker:

Reproducible builds

We have be reproducing Android app builds for some months now on, it has reproducibly built 372 APKs from 319 different apps. The whole F-Droid ecosystem can now support matching APKs with an arbitrary number of signers. This is the last key blocker to allowing to also add the developer’s signature for any app that is built. Previously, the F-Droid tools only supported a single signer, and that signer was This is also an important feature for cases where people are working with collections of APKs like Repomaker users or the Cuban app store example.

We have collected a large number of APKs that include the original developer’s signature, and are working to retroactively add the developer’s signed APK to whenever the build can be reproduced. Here are the signatures we are currently working with:

Objective 2 Curation Tools for Organizations

In the beginning of June, our design lead did an user experience test where potential users of Repomaker tried out the software. From this test, we got lots of feedback to improve he workflow of Repomaker. Most of these improvements have already been implemented.

  • improved workflow for managing storage services
  • improved workflow for adding apps from remote repos
  • app details of remote apps
  • internationalization of JavaScript code
  • drag and drop to upload files
  • lots of other improvements after ux test
  • currently under review: endless scroll through apps

Objective 3 Modern App Store with Built-in Circumvention


We have launched the new static site on, replacing the Wordpress site that has served us well for the past 6 or so years. This is the foundation for the fully localized website. We set a high standard for ourselves with this new localized website, in terms of the use cases we wanted to cover. On our staging server now is a version of the website that covers basically everything that we wanted to do:

  • fully localized without requiring Javascript or setting the language in the browser/system
  • automatic language selection based on browser preference
  • any supported language can be selected directly via a menu
  • static site of only files to greatly simplify the hosting and security maintenance
  • polish workflow with static site generation (Jekyll)
  • a static site is also more resistant to DoS attacks, especially when using a major CDN

The goal was to support both the most private setups as well as the most automatic. The site is designed to work well with both the bog standard Tor Browser or TAILS setup, as well as the standard Javascript-enabled browser with the language preference included in every web request. A high risk user can keep the default language, then only select their preferred language only when they require a translation for a given page, whether or not Javascript is enabled. Setting the language preference in the browser or the system can divulge a lot of information about a user, especially if it is a minority language. So we ensured that it was not a requirement for getting localized pages. We are happy to consult with other projects who have similar goals.

UX Overhaul

We polished up two parts of the new Android user experience:

Streamlining Circumvention

We sketched out how to implement the final missing piece of the work to automatically use “collateral freedom” mirrors. The F-Droid client will get the list of official mirrors from any repo that supports mirrors. It will then automatically retry failed downloads using the next available mirror. F-Droid repos can now automatically be hosted on Amazon S3, GitHub, Gitlab, and any webserver accessible via SSH. That webserver can then provide a Tor Onion Service. The Guardian Project F-Droid Repo is setup like this, here are the current mirrors (also visible at the top of the repo XML

Add media handling to app store experience

With the release of 1.0-alpha0, the F-Droid client can finally support “installing” media files. For common file types like music, video, etc. the files are downloaded into the standard Android folders for storing those media types (e.g. Music, Movies, etc). Then any Android app that handles those files will find and use them automatically. We had to forge new ground for OTA (Over-The-Air) update ZIP files, since there is no other app store that ships those kinds of files. In this case, F-Droid puts them into a standard, protected folder that is only accessible by the Android “recovery” system that installs such updates (e.g. TWRP).


Bazaar2 Monthly Report - July 2017

July was mostly focused on wrapping up things from the final development sprint, including field testing and translation. We have decided that, with the completion of Bazaar2 project, the F-Droid suite of software is ready to be called 1.0. We are finalizing a cross-project 1.0 release, so we made 1.0 alpha releases of the Android client, are preparing to launch the fully localized 1.0 website, and released the beta version 0.8 of the server/repo tools. In preparation for this big release, we also did a lot of polishing and QA work on the localization across the whole F-Droid project.

In other bits of news:

Weekly Meeting Logs

We have a weekly meeting on IRC mostly focused the developer facing sides of F-Droid. That happens every Thursday at 11.30 UTC on #fdroid-dev on FreeNode. The July 2017 logs can be found here:

Objective 1 Simple multi-pronged distribution

We added new tools on the server side to make it easier to build apps that have complicated setups. This is in response to issues that we worked through with Ooni Probe, VLC, and Barcode Scanner. One notable new feature is the new sudo= field, which is a place to specify setup commands that need to be run as root. Since the official F-Droid build process happens in a virtual machine guest instance (VM), each app’s build process can run commands as root without harming security. After each build, the VM is reset to the original state.

Objective 2 Curation Tools for Organizations

After completing the first round of user tests on Repomaker, we discovered the need for users to have a complete understanding of F-Droid and how it works. Each of the tutorials we’ve outlined for the Bazaar project will be available on the F-Droid website, and will work together to provide users with a complete understanding of what they can do with F-Droid. Tutorials include: how to add a repo, how to send and receive apps offline and how to create your own repo. The layout of the tutorials is designed to be easily viewed on desktop computers, tablets and mobile phones. This is important for our target audience. They are also designed to be easily updated by the F-Droid team when UI updates are made.

In addition to the progress on tutorials, a second round of user tests were conducted with trainers in Zimbabwe. 5 participants completed the study, hosted by our partners at Digital Society.

Objective 3 Modern App Store with Built-in Circumvention

Integrating crash and bug reporting

With the overhaul of the app details screen in the Android client, it is now a lot easier for users to find the developer’s issue tracker when they want to send bug reports. Each app has its own metadata field for the issue tracker URL. There is also a field to specify the developer’s website, in case there is general information for a set of apps from a given developer.

As for F-Droid catching any app’s crash dumps, that is only possible from a “system priv-app”. The F-Droid Privileged Extension runs as a system priv-app, and is a natural place to incorporate the ability to catch crash dumps. We completed a prototype of this:

Since Privileged Extension is already included in shipping devices, and is a small package of security sensitive code, we want to be very conservative about including new features in it. The actual integration work is minimal, so it makes sense to keep crash dump interceptor as a separate prototype until it gets well tested.

Media handling

Media handling has been completed with the integration of the final piece in the Android client. This functionality is already available in the 1.0 alpha0 release.

Streamlining circumvention

We implemented the automated selection of “collateral freedom” mirrors in the Android client app. When the current mirror stops working, F-Droid will try the next mirror that it knows about until it finds a working one. Each time F-Droid connects to a repo, it will get the updated list of available mirrors. This will be included in the 1.0 release.

Local and peer-to-peer malware tools

Installed apps with known vulnerabilities will now be flagged in the “Updates” screen of the F-Droid Android client. This known vulnerability information comes from the metadata downloaded from F-Droid repos. This feature will highlight vulnerable apps, no matter where they were installed from.


Bazaar2 Monthly Report - August 2017

August was mostly about fixing bugs, polishing up, and waiting for feedback from users. The translators finished translating and reviewing, the last piece of the website was made localizable, the design and layout of the tutorials was finished, and Repomaker was packaged as a standalone desktop app.

@Hans and Carrie were at Sneakercon at Columbia University Journalism’s Brown Institute, a conference all about working with very limited internet access, including working offline, using sneakernets, and nearby, local networking. Carrie talked about the process for designing software to work with the limited internet, battery, and storage space common in most of the world. Hans talked about F-Droid’s nearby app swapping, offline support, and decentralization. Overall the audience was quite a bit less technical than most events that we attend, so it was interesting to be talking about this in a different setting. For more info:

As part of Sneakercon, we had a prototyping brainstorm session with Saycel to explore how to build a custom app store based on F-Droid. Saycel is a community-run telecom in Nicaragua built with free software like OsmocomBB. Mobile and fixed Internet access is available there, but it is very expensive and only available through two multi-national companies with little interest in rural areas. Saycel is able to provide services on their local network, so it can easily and cheaply run its own F-Droid app store. It turns out that one of the core F-Droid devs, @NicoAlt, has recently arrived for a long term stay in Nicaragua and is looking into furthering this idea.

While in New York, Hans also talked with Google about open-sourcing their Play Services/GMS libraries. These libraries have become very difficult to avoid. The use of these libraries is the only thing keeping a number of key apps from being built from source and included in, including Wire, Firefox, Zom, Signal, Mattermost, and more. There is an internal Google issue tracking the progress on this, and work is proceeding. Google’s approach looks to be moving these libraries to the Firebase name, and open-sourcing those new versions. It sounds like Play Services GMS libs will be folded into Firebase. There is some public evidence here:

Some other small achievements:

Weekly Meeting Logs

We have a weekly meeting on IRC mostly focused the developer facing sides of F-Droid. That happens every Thursday at 11.30 UTC on #fdroid-dev on FreeNode. This month’s logs can be found here:

Objective 1 Simple multi-pronged distribution

Make all text translatable

The last piece of the localization of the website was completed, and the hired translators completed their work. We just need to get all the pieces integrated and launched. You can see the various working pieces here:

Objective 2 Curation Tools for Organizations

Now that Repomaker is working well, we have shifted to working on making it easy to run and deploy it. This includes turning it into a desktop app for OSX and GNU/Linux. It is now buildable as a regular Debian/Ubuntu package. We also created a “vendorized package” that installs everything needed to run Repomaker. It is available here, please try it out on a Ubuntu or Debian machine:

  • The text and screenshots for the new F-Droid tutorials is now complete. You can see the prototype in action in this video:

  • We ran our final field UX test in Zimbabwe. We are working through the feedback and are currently working on the final report.

Objective 3 Modern App Store with Built-in Circumvention

Media handling

We fixed a number of bugs related to media support in the 1.0 alphas.

Streamlining circumvention

We have the last piece of the transparent mirror support working in a prototyped form. And F-Droid app/media repo can include a list of official mirrors. The fdroidserver tools already make it easy to automatically publish to mirrors on Amazon S3, GitHub, Gitlab, and any webserver. With this new feature, F-Droid will try to download apps from the next mirror in the list whenever a download fails. This automates the “collatoral freedom” technique of distributing files via various CDNs that are two popular to be blocked.

You can follow the final integration work here:

Local and peer-to-peer malware tools

We are still testing and finalizing what was implemented in June and July. We want to be extra sure that there are not false positives so that users do not learn to ignore this feature. Follow integration progress here:

Objective 4 Partner Deployments

We demonstrated the F-Droid offline mode of operation to people with experience working in Cuba and other places where very limited internet access is common. This confirmed that our approach will indeed improve the user experience when users can only access an F-Droid app store at limited times, and in limited locations. There is a quick video of how it works here:

Follow the integration of this feature here:

Objective 5 Usability Research on In-country Developers

Nothing new to report, this work is complete.


Bazaar2 Monthly Report - September 2017

This is the final report for the Bazaar2 project. We have wrapped it
up with many launches:

  • the core F-Droid suite of tools is now 1.0, and available via
    Debian, Ubuntu, OSX Homebrew, Docker, and

  • the new tool Repomaker is now ready for wider use beyond prototyping

  • Debian 9 “Stretch” and Ubuntu 17.04 “Zesty” is the first release
    that includes the Android SDK complete enough to build apps

The Guardian Project work on F-Droid continues via two new funding
sources. The first is a project with Internews known as “Viento” to
improve the mobile experience on basic devices, and limited
internet. The second is a not yet public project with an organization
to build a new tool for training materials built on top of F-Droid.
We are also at various stages of project negotiation with some
companies who want to build on top of F-Droid.

For our final field test of this project, we set up a Copperhead
device with F-Droid and set to people at the Barys Zvozskau Belarusian
Human Rights House. We also demonstrated the Repomaker and command
line tools for managing custom repositories of apps and media. The
goal of this test was to see whether non-technical users with security
concerns would be willing to use a device maintained by a trusted
administrator who only allowed a small, curated set of apps to be
available on the devices. This prepared device was then passed around
to people in Belarus, Ukraine, and Russia for them to evaluate the
idea. The idea was interesting to them, but most thought they were
well served by Google Play now that it is no longer being blocked.
But most also agreed that if Google was blocked again, like it was in
Crimea after it was annexed, then there would be a lot of interest in

We heard about a new app based on F-Droid being build by
Jembi Health Systems in South Africa. They
have not made much public yet, but you can follow their development
efforts here:

Strengthening the Foundations

One key reason why Guardian Project only works with free software is
because it empowers communities of users to maintain the software that
they find most valuable. On top of that, there are many opportunities
to work with existing free software communities on shared goals.
Combining efforts means the impact of the limited develop resources
can be greatly magnified. Everyone gets more bang for their buck.
One essential aspect of the Bazaar2 funded development effort was to
ensure that, on top of all of the new features added, the F-Droid
community should be able to more easily maintain the codebase. In
wrapping up, there is now a large, established automated test

MD5 Transition Complete

Another example of foundational work was just completed: F-Droid now
fully handles the deprecation of the MD5 algorithm for signing Android
APK files. APK signatures are an essential part of the security of
Android, and the MD5 algorithm has been known to be weak for years
now. Oracle has disabled MD5 for Java JAR signatures, MD5 has been
banned in TLS certificate for a while now, but Google Play has not
blocked or even deprecated it yet.

No Longer Beholden to Oracle

The build infrastructure is based on Oracle VirtualBox, a
virtual machine provider. While it is still free software, Oracle is
a capricious maintainer and changes things as they see fit, even if it
breaks things for many users. They recently dropped long term support
release, causing VirtualBox to be removed from Debian. F-Droid uses
Debian for all its servers. As part of the Bazaar2 project, we built
parallel tools built on community-controlled Linux KVM. This ensures
the future livelihood of the F-Droid project, whatever Oracle might
do. This was a large, undertaking that we did not expect to do 2
years ago. While this work was not originally part of the Bazaar2
Statement of Work, it was essential to keeping the whole project
going, and therefore essential to the goals of the Bazaar2 project.

Weekly Meeting Logs

We have a weekly meeting on IRC mostly focused the developer facing
sides of F-Droid. That happens every Thursday at 11.30 UTC on
#fdroid-dev on FreeNode. The September 2017 logs can be found here:

Following Work Related to this Funding

All related work on F-Droid is tagged using the “bazaar” label:

All related blog posts are tagged with the “bazaar” tag:

Objective 1 Simple multi-pronged distribution

Reproducible Builds

Reproducible builds as a standard publishing method turned out to be a
lot harder than we thought, mostly because of peripheral issues like
handling the virtualization stack (Virtualbox and KVM). One major
sticking point was the need to run virtual machines inside of virtual
machines, since our build infrastructure requires a virtual machine,
and Debian’s reproducible build servers run in KVM. But luckily,
interested in reproducible builds was also a lot higher than we
thought, so our efforts have brought F-Droid a lot of attention and

Right now, it is possible to push apps to via the
reproducible build process, but it is difficult and error prone. We
have laid solid foundations for to be entirely based on
reproducible builds. What we have left to do is lots of polishing and

Make all text translatable

The last piece of the whole F-Droid suite is now fully localizable.
All strings in_fdroidserver_ can now be translated up on Weblate with
the rest of the F-Droid projects, and contributions are streaming in.
The fdroidserver 0.8 already included some localization support, the
next release will include the full support, and all of the

For tracking the localization work in F-Droid, see the localization
tag in the gitlab tracker:

Objective 2 Curation Tools for Organizations

The Repomaker tutorials are complete, they just need to be deployed
and setup on Weblate for translations:

Objective 3 Modern App Store with Built-in Circumvention

We have been getting quite a bit of feedback about the new automatic
vulnerability prompt. F-Droid 1.0 will prompt the user about any apps
that contain known vulnerabilities via the new Updates tab, which
serves are the notification and action center of the whole user
experience. Mostly, people have been reporting that it is finding
apps that they forgot they had installed. Often, people were a bit
confused by the prompt and asked things like: “the app was working
fine, why is F-Droid prompting me to remove it?” In some of those
cases, the user was using unmaintained browsers like Tint, which
definitely is a high risk activity on the internet. The biggest issue
with the current implementation is that we have no good way for the
user to find out more information about why it was marked, and what
the specific issues are. As we expand this feature to also include
apps marked by humans as vulnerable, we will need to provide an easy
channel for the user to find the whole story, with things like links
to CVE numbers, blog posts, etc.

UX Overhaul

Now that the new UX is widely deployed, we are getting lots of
feedback, both positive and negative. Lots of people want to know why
we made certain decisions in the process. We tried to push that
process to the public as much as possible, so it is mostly documented
in the F-Droid issue tracker:

It was also nice to get some media coverage of our UX work:


Streamlining Circumvention

One last piece was fixed, deployed, and tested: making nearby swap
co-exist with Tor/proxy support.


In closing, I want to call out Localization Lab’s work as part of this
project. Their ongoing coordination of translators made it possible
to have the large amount of translations that have received. On top of
that, they made it easy to hire translators for focused work on the
high priority languages. Those translators then set to work without
needed any training or setup on the materials, since they were already
familiar with them.

For a nice graphical overview of the progress we have made, where are
charts of the languages and completeness for each of the F-Droid tools
that were made fully translatable. The F-Droid client app has been
translatable for a couple of years, so it has many more languages.
The documentation and blog posts are long form text, so they require a
lot more work to translate.

Objective 4 Partner Deployments

We are in discussions with a potential client to build upon the
“Update Channels” library developed under this Objective. This work
would allow us to expand the possibilities for custom app stores and
media collections, and make the whole process a lot easier to do.

Objective 5 Usability Research on In-country Developers

Nothing new to report, this work is complete.


I wanted to post a couple follow up discussions related to things in this thread, starting with some more info related to MD5 Transition Complete:

Google did make the developer tools use SHA-1 even if you specified MD5.
And SHA-256 support was only added around Android 4.3, so if SHA-256 is used in the APK signature, that APK will not work on older releases.

What I mean is that APKs that have been signed by MD5 have not been
kicked out of Google Play, whether because they are just old builds, the
developer continued to use old tools, or they were signed using a
different tool. Also, the author of Google’s apksigner told me that
apksigner stopped marking MD5 signatures as valid purely because the
Java framework did, and they planned on writing custom code so that
apksigner would still consider MD5 signatures as valid. I do not know
the details of whether this is just about MD5 in the signature over the
manifest, or also for the hashes in the manifest itself.

For documentation about why Oracle made the change in Java, see:


One of the things that funders want to see is quantitatively measured impact. That’s often not so easy when the goal of a project is to avoid tracking people :smile: Here is some ways to trying to get around that:

some quantitative metrics that we aim to meet over the project time span:

new organizations running their own app/media repositories (Target: 3)

  1. Security First
  2. Copperhead
  3. Briar Project
  4. Izzysoft
  5. MicroG

apps building using the fdroid reproducible process (Target: 10)

From Jan. 2017 Report:

We now have automatically building the
latest apps and testing whether they are reproducible. We are up to 59
apps that can be built reproducibly using the F-Droid tools. To see
which apps, search for “verified” on
Now that we have a mass rebuild process running automatically, the next
step is to focus on some more important apps in order to fix the issues
preventing them from being rebuilt reproducibly.

code contributions from new developers (Target: 3)

From the August 2017 report:

  • Two new contributors made substantial contributions:
    @miracula and@bubu

From the May 2017 report:

in-country developers interviewed for user research (Target: 10)


Interviews: interviews with 14 developers, technologists, and digital
defenders from 11 different countries where the internet is heavily
monitored and filtered as well as 5 interviews with IHRFGs who work in
similar regions.

Surveys: an online developer survey in Chinese, Spanish, Farsi, Russian,
French, and English that received 118 responses from developers in 28
countries around the world.

90% of trainees in hands-on training are able to swap apps and/or media

We ended up not having this exact metric, since the user tests with
trainers focused more on Repomaker than app swap. The Repomaker
usability test in June 2017 did clearly demonstrate that people thought
the decentralized “repo” idea was useful and understandable. That report
is available on our blog or a bit more nicely formatted on Google Docs:

The first Zimbabwe, Vienna and Lubbock user tests had basic tests of the
swap feature, where the majority found it understandable after learning
about it. Those were not with trainers. Zimbabwe was with trainees,
and the other two were random people from the public.

95% of all text content able to be translated”

From the Sept 2017 report:

The last piece of the whole F-Droid suite is now fully localizable.
All strings in_fdroidserver_ can now be translated up on Weblate with
the rest of the F-Droid projects, and contributions are streaming in.

And an overview of all the translation work:

FDroid downloads (Target: 100,000)

Right at the start of the Bazaar2 project, some key F-Droid community
members pushed for disabling download counts altogether, since it was
viewed as tracking, and was also an unreliable measure of how popular
apps were. We worked on improving both the privacy and the usefulness
of the download counts, but were not able to get things to the point to
convince all F-Droid community members to reenable the public download
counts. Therefore, we do not have any download numbers from the Bazaar2
grant period, only from before. We do have some other metrics.

We have crash reports, which are sent to F-Droid team members via email.
Those of course include more sensitive data than download counts, so we
have done only limited analytics on them to get some safe numbers, and
no raw data will be published. Between January 2016 and September 2017:

  • we received 20,151 crash reports via email
  • 12,364 unique email addresses sent reports

These crash reports are only for the F-Droid client app itself, not for
the apps people installed via F-Droid. My gut feeling is that we well
exceeded the target of 100,000 downloads. Here is some related
comparisons from data on Google Play:

  • Orweb received about 600 installs per crash report
  • PixelKnot received about 150 installs per crash report
  • Chatsecure received about 72 installs per crash report
  • ObscuraCam received about 35 installs per crash report
  • our new Haven app received about 3.5 installs per crash report

Using those numbers, the F-Droid client app received between 70,000 and
12,000,000 downloads. Using a rate of 50 installs per crash report
means there were 1,000,000 downloads of F-Droid. None of this includes
any apps that were then downloaded using F-Droid since we do not have
crash report data on those.

Or another measure is based on the 12,364 users. They would need to
have downloaded about 8 apps each to meet the 100,000 download target.
That assumes every single user submitted a crash report. More likely,
most F-Droid users did not submit crash reports.

total downloads of apps built using the reproducible process

(Target: 1,000)

See above regarding no download counts. From, we have reproduced over 300 APKs. It
seems a very safe assumption that those 300 APKs have averaged 3-4
downloads each, for a total of 1000.

apps with all related content fully translated into Spanish, Farsi,

and Tibetan (Target: 10)

On, there are 13 apps are fully translated into Farsi,
Simplified Chinese, Spanish, and Tibetan. There are many other
languages supported, and other apps that do not include all 4 of these
languages. These languages are all fully supported in the F-Droid
Android client. Nine languages including Spanish, Tibetan, Chinese,
Turkish are live on, but Farsi is not.
Right-to-Left support on the website was not finished by the end of the
Bazaar2 project, so Farsi is only on the staging site. We received
volunteer contributions finalizing Right-to-Left support since the end
of Bazaar2, and hope to launch Farsi and Arabic support by the end of
January 2018.

There are many other apps that are largely translated, but not complete.
And there are some other languages that are well represented, including
Ukrainian, Vietnamese, Japanese, Korean, French, and German.

Here are the pages of the 13 fully translated apps on


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.