I read that this software is open source. From my limited understanding that means no encoding or cipherment of the source code. Does that apply to the Manifest packed with the APK file? Because the one I downloaded has an obfuscated Manifest file. I think this must mean it is tampered with. Please advise.
I read that this software is open source. From my limited understanding that means no encoding or cipherment of the source code.
Correct.
Does that apply to the Manifest packed with the APK file?
No, resources (like XML files, images, sounds, etc.) are not code.
Because the one I downloaded has an obfuscated Manifest file.
Android build tools compile XML resources (including the manifest) into a binary representation. So that’s expected. Get the source code of the app instead.
Thank you for your assistance. I have very limited understanding here, best to just leave it alone perhaps. But sincere thank you for answering my question
No need to leave it alone. You can always learn new things. The source code of the app can be found in this repository. There are no secrets, you can read everything. (If you don’t know much about programming, it is complicated to understand, though.) Also, F-Droid is even better than just being open source, it is also free software. You can not only read what the software does, you can also modify it according to your wishes and share this with others, as long as you observe the GPL license.
You should download the F-Droid APK file from https://f-droid.org/FDroid.apk. The ‘s’ in ‘https’ tells you that the connection is secure and you should carefully check that you are indeed downloading from f-droid.org and not from, say, f-drоid.org. (The second web address contains the cyrillic letter ‘о’ instead of the latin letter ‘o’.) Also, you may verify that you got the right APK by checking the PGP-signature. To do this you would have to use the programm GNU Privacy Guard and learn how to use it.
Alternatively, you can take the source code from above and build the APK yourself. (That’s not so easy to do for the first time.) If you wonder, whether the APK you build yourself is exactly the same as the one published by F-Droid, you can read the article on reproducible builds.
3 Likes
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.