I’ve added commercial add-ons to Noice, and I wonder if it could continue its distribution through F-Droid.
In short, there are the following changes:
The Android client is open-source (GPL-3.0) and uses two network services: the back-end API and the CDN.
I plan to open-source the back-end API before releasing the commercialised version of the Android Client.
The back-end API handles subscriptions and payments using Stripe for the F-Droid (free/libre) Android app variant. The Google Play app variant handles subscriptions and payments using Play In-App billing (due to policy restrictions).
The CDN hosts a static sound library and is closed-source.
Is it still eligible for listing on F-Droid? If yes, what anti-features do I need and how do I add them to the metadata? If not, how do I keep its F-Droid build pinned to its last free release? Thanks!
The back-end API handles subscriptions and payments using Stripe for the F-Droid (free/libre) Android app variant
Does the app include a library from Stripe for that? If so, is this library FOSS?
The CDN hosts a static sound library and is closed-source
What do you mean by the sound library? Is it a set of sound files that are downloaded by the app and played, or a library with executable code that is downloaded and executed?
Does the app include a library from Stripe for that? If so, is this library FOSS?
No, the Android app doesn’t directly interact with Stripe. The back-end API manages Stripe interactions on behalf of the Android app.
What do you mean by the sound library? Is it a set of sound files that are downloaded by the app and played, or a library with executable code that is downloaded and executed?
It’s a collection of audio files and their descriptive metadata. It doesn’t contain anything executable.
So, all app instances will contact network services on start (subscription check and sounds download). If those services track users, the app should get the tracking anti-feature.
The app in general seems to be perfectly compatible with our inclusion criteria.
As I said earlier, all of Noice’s code (including the back-end API) is now open-source on GitHub.
And depending on which CDN is used, maybe the Tracking AF also applies.
To add more details to this, the CDN is essentially an Nginx server that checks for authorisation when a user requests an audio file. If the user has valid credentials, it serves the file from an object-store.
Last time, I asked how to handle the transition of Noice from a FOSS to a commercial but open-sourced app. And following the discussion, I was suggested to add NonFreeNet and Tracking anti-features. NonFreeNet made complete sense since the backend service is an open-source software running on a private server. But I am still confused about the Tracking anti-feature.
In the F-Droid docs, it says:
Examples of where this Anti-Feature might be applied:
Sending crash reports without your knowledge or permission
Checking for updates without your knowledge or permission
Noice does neither of these things. Additionally, to my knowledge, it doesn’t collect data that the user doesn’t explicitly provide or consent to. Can someone please provide me with some additional clarification on what exactly constitutes “tracking you and/or reporting your activity”? Please let me know if you need more details from me!
@Licaon_Kter That seems a little excessive, in my opinion. But that’s not my point! Many apps are only tagged with the NonFreeNet anti-feature even though they use proprietary upstream services. I arbitrarily selected five apps from this list where I thought I would find this discrepancy, and I lucked out on all five.
Why was it added to start with? What library or activity triggered it? Using its own server usually only warrants NonFreeNet, not Tracking, unless there’s something else. There was no AF added when you introcuced it. Both were just added half a year ago – which again points here for context (circle closed).
Has that changed? If not, both AF are still warranted. As for the other examples you’ve mentioned, that’s comparing apples with peaches: who installs Newpipe intends to watch videos from YT. Who installs PocketHub does that because they want to use it with Github, and so on. While installing and using your app, one does NOT intend to load files from some non-free services one is not even aware of.