With latest GrapheneOS update i got a warning at F-Droid start, that the minimum supported Android API is too low, which can make problems and is nearly deprecated.
raise minimum supported API level to 28 from 23, producing a warning for apps targeting API < 28 (the Play Store disallows uploading new apps or app updates targeting API < 28 so this isn’t an aggressive warning)
So i hope that F-Droid will update the used API or at least provide a version for newer devices or better: make the change and provide a version for old devices
No. The topic here is the low minimum API F-Droid support.
This is not how security works.
F-Droid shouldn’t take look away or it will stay behind in terms of security and maybe even get banned on secure systems and/ or by Google.
Why take the risk if a easy fix is enough?
From my ignorant perspective, I think that increasing the minimum API and providing a Legacy alternative is a good idea.
But I don’t know how complicated it would be to implement this in every aspect.
There is a difference between “minimum” and “target” api. Its not really clear whats being discussed here. Its also the first I’m hearing about a minimum being too low (usually its the target api).
For most projects the minimum is dictated by the support libraries, which incidentally dropped support for anything under api14. IIRC that change happened with api26, so the only way to continue supporting devices older than that is to stick with target api25.
Just bumping the target api is hardly an “easy fix”. It implies releasing and maintaining a second app just for legacy devices (or dropping support entirely, which would be a shame). Maybe that’s what the future holds (but lets not act like its not a ton of work).
If there are security concerns they need to be explicitly identified based on the libraries used. IMHO that you now receive a blanket warning from your OS hardly qualifies. My opinion is that these warnings have less to do with security, and more to do with throwing away perfectly good devices (so as to purchase another one).
Please explain how it “works”. What are the security risks of having minimal API of 14? Note that F-Droid client does not include any native libraries.
The topic is still about the minimum api, not the target api
I think you’re still confusing min API and target API.
raise minimum supported API level to 28 from 23, producing a warning for apps targeting API < 28 (the Play Store disallows uploading new apps or app updates targeting API < 28 so this isn’t an aggressive warning) Releases | GrapheneOS
That GrapheneOS link helps me understand. The quoted text is a changelog entry (to be understood in the context of that project). They say minimum but they are actually referring to target api. The change is that they are now displaying the “ancient android” warning for all apps that fail to target api28+ (where previously that warning was only displayed for apps that failed to target api23+).
Since the F-Droid client still targets api25, GrapheneOS users are now confronted with some alarming looking warning message during installation.
That is not really the reason. The reason is that apps with a higher targetsdk get less of the legacy android platform behaviour and more of the new security restrictions. So they are forced to do things the right way instead of old hacky ways continuing to work.
Rarely the targetSDK bump was used by devs to access new good features, it mostly ended up as a way for Google to force them to implement restrictions (permissions, SAF, SMS, background services, storage again)