Some background information needed


#1

I’ve got the task to write a little series on F-Droid for a well-known IP press. While I can cover most of the topics wanted, there are two where I have to pass – and thus asking you for the facts:

  • are there any ROMS/devices where F-Droid comes pre-installed?
    I vaguely remember there was at least one ROM, but I can’t remember which. Not that I know of any device, but if there’s one I’d like to know :wink:
  • what are the recommended tools (including specific hints) for developers?
    Meaning, if we want to encourage developers to make their apps for F-Droid, what facts would we give them (apart from the AntiFeatures, blobs and other show-stoppers I’m aware of)? What can we easily use (coming to mind: Gradle is preferred over Ant), what are technical show stoppers (was it Scala we only could build recently? Can we build Python apps? Both are just examples of what I’m looking for, “dos and don’ts”)

Looking forward to your replies!


#2

Lineage OS for microg is the only one I know of.
I don’t think this is the standard OS for any device, but you can flash it e.g. on a Fairphone 2 and it works great.


#3
  • Tag releases
  • update versionName/Code BEFORE release
  • gradle yes (or a detailed build description if using python or whatever)
  • DO try to build it locally on the dev machine first via fdroidserver

#4

@paulakreuzer Ah, yes, almost forgot about that one – thanks a lot! And now I also remember which one I had in mind: CopperOS. Not sure if that’s still active, though.

@Licaon_Kter Thanks! Was aware of most of those, though I didn’t think of the build description. Calling it “providing the build recipe” would fit it :rofl:

Now I just lack the build tools themselves. Not being an Android dev, all I know is that in the past it was Eclipse and now should be Android Studio – but with that, I’m at the end of my brains.


#5

Great news @Izzy, congrats! These are the ROMs that I know that include F-Droid by default:

As for developer dos and don’ts, here are some quick ones that i can think of:

  • do not use additional or custom gradle/maven repos without first checking whether fdroid allows them. F-Droid only allows gradle/maven repos that only include free software
  • don’t use binary blobs that you cannot build yourself. If you check a binary into git to make the dev process easier, keep in mind that for fdroid, everything will have to be built from source.
  • if you want fully 100% free-software compliant APKs, then only use the Android build tools that are included in Debian. This is still difficult to do, and the Debian Android Tools and Java teams are always looking for contributions.
  • submit your source code URL to https://gitlab.com/fdroid/rfp/issues for a quick scan on any potential issues

#6

Omg, how could I have forgotten that. :blush:


#7

Wonderful, Hans – thanks a lot! That completes the collection. I wasn’t aware of shiftphone at all. Fairphone I guessed, but wasn’t sure. Cool, 5 ROMs including F-Droid by default! Now we just need some vendors shipping devices with one of those ROMs pre-installed :raccoon: Wait: Fairphone hasn’t Open preinstalled, or does it?


#8

yeah, @uniqx just discovered that shiftphone includes F-Droid. They haven’t communicated with us, at least as far as I know, so I don’t know how exactly they did their integration.


#9

Now that G%&$e was sued for forcing Phone companies to pre-install their Android version with all their malware included I hope Fairphone will consider providing some FP2s to be shipped with Fairphone Sibon (new name of FP Open) pre-installed.


#10

I think Fairphone is considering shipping devices with Open/Sibon preinstalled. Their Updater app is available on all Fairphone devices, and it makes it quite easy to flash and reboot into Fairphone Open/Sibon. It is totally a click-through experience, no technical skills needed. So it is pretty close to shipping with the device.


#11

Sounds promising.

Just noticed “Shiftphone” is a device, not just a ROM. Their list of installed apps is funny: all the Google crap except for Playstore? Guess they rather forgot to mention that app :rofl: But yes, with that one we have at least one group of devices (3 if I read that correctly – each with multiple generations, making it 8) coming with F-Droid pre-installed.


#12

For the record, all Phhusson Treble floss images includes FDroidPrivilegedExtension https://github.com/phhusson/vendor_foss/blob/master/foss.mk

Is there any against obfuscation (proguard) ?


#13

Is there any page where I can get some details on “Phhusson Treble floss images”? What are they, where are they used? First time I’ve heard about them, so I’ve got no idea (apart from thinking I remember him authoring his own superuser).

As for proguard and obfuscation: what good should that be with the app being open source anyway?


#14

proguard and obfuscation are totally fine, since we require the full source


#15

Continuing the discussion from Question about inclusion of FOSS app with complicated dependencies:


#16

Thanks a lot! So basically, a custom ROM that’s available for a list of devices, all of them using the same image – did I get that right? And it comes in 3 flavors, one of them being FLOSS and including F-Droid (according to their FAQ)?


#17

aosp floss flavor is more than a “custom”, it’s a true Generic System Image (with Phhusson anticipated added known compatibilities per hardware/oem).
Starting with brand new devices based on Oreo, GSI/aosp is an obligation to all OEMs to get their android “certification” complete: Vendor Test Suite (VTS); also all future GSIs versions of android will be back-compatible with Oreo (& P,Q…)Treble devices without changes to all specifics (closed source) kernel vendor boot…

Everything explained in common English here http://www.hatchmfg.com/?s=Inside+Treble

It also means that every floss patch added before compilation will be available without root/su needed (SafetyNet…) : microG, DozeSettingEditor , etc/host , bin/aapt & curl, and pre-built apk like Exchange2, ScreenRecorder or upgradable F-Droid/client, Fennec…
If Treble appears to be truly functional, F-Droid should build his own (CVE/monthly ?) GSI (shouldn’t it ? @contributors )


#18

Urn, one point forgotten:

Is there a feature for “device migration” – like the “restore” with Google stuff – so when moving to a new device one can migrate F-Droid apps + settings?

I guess the answer is “App Swap”, but no data – though I might have missed something.


#19

Some other questions that came up in the wake:

  • we have no “age check” or matching filters. IMHO we neither have any app that would require one – or did I miss something?
  • data collection: I know F-Droid doesn’t collect user data. Only thing in this context are the webserver logs. How long are they kept?
  • security check: Is there any document giving some more details on how apps are vetted? I think e.g. of the bot (what checks does it perform?) – and what “human actions” are taken to ensure an app is “kosher”.
  • app coverage: Is there a list of “prominent apps” – and of what kind of apps are missing altogether? Eg. if a user wants to fully replace Playstore with F-Droid, where are the gaps and where’s the ice thin?

Thanks in advance for helping out with facts (and please, also consider the question in my previous post) :heart:


#20

You can now export the list apps installed via F-Droid from the “Manage Installed Apps” screen. It just gives you a CSV. That could then be used with fdroidcl.

  • I believe no logs are kept on the f-droid.org webservers
  • the only process docs I know of are in https://f-droid.org/docs, but there are also some CI checks in both fdroidclient (lint, pmd, errorprone) and fdroidserver (pylint, pyflakes, bandit, safety.io) .
  • prominent apps include Adaway, Riot, Firefox Klar, Davdroid, AntennaPod, Amaze, K-9 Mail, Tutanota, LibreOffice, NewPipe, Nextcloud, Silence, Transportr, Offi