The second full security audit of F-Droid is complete. We are satisfied with the results, which confirmed again that the core security model and standard operations are solid. The audit pointed out issues in the core build process where we currently rely on manual review by trusted contributors to protect us. This audit also did show that we still have work to do to achieve our goal of keeping the Android client secure even when connected to a malicious server, for example, if an untrusted repository is manually added that was created by its operator to exploit. The full audit report is available: report_otf_fdroid.pdf (cached copy) .
The whole discussion of the audit is here:
We tried to put the audit results into context, since they are mostly kind of abstract, and some sound scary. I’m happy to answer any questions or concerns anyone has, and to explain any of the reasoning.