F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Matrix space | forum | IRC
That's it. Would you recommended any other repository?
I keep it simple so I can confidently download the apps.
I can't keep track of which repos are safe, and we've seen posts on here from people getting sketchy apps from a repo they added.
I'm sure there are other safe repos, and I'm willing to add one if people recommend an app that requires it, but I'll probably remove it afterwards.
This is a good approach. I would not even use Izzy's repo shown by OP (at least not on a daily driver device - great for testing newer apps I'm sure) because I don't see it as advantageous to get updates so quickly or access to apps that are not yet (or will never be) fully open source.
Basically I see most of the value of F-Droid in their build server and official repo. So I only add repos with a very short list of apps, like microg and KDE.
I can always install the odd apk manually, or use Aurora store (preferably in the work profile)
Yeah. F-droid's defaults for me have always worked well, and if I want a specific app to be up to date, I'll download it right from the devs (Shattered Pixel)
But the IzzyOnDroid repo is getting the apps right from the devs too, no?
Idk. I'm not against izzy, just don't want to have to check which repo an app is in browsing fdroid
Wow thanks for this post. Today I learned about Fdroid Repos. (Feeling sheepishly stupid but slight more informed now.)
I installed droid-ify, an alternative front-end for F-Droid, it comes with a whole bunch of repo's by default.
Droid-ify has a lot more by default (but unticked). You can have a look and see what you could use. I use cromite and mulch as navigators, and you can find them there (cromite repo and divestOS repo)
I wouldn't personally even use IzzyonDroid. The only other F-droid repo I use is cromite
Why not? Not reliable? Not safe? I'm re-learning (stuff got obsolete since last time I was interested)
Izzyondroid isn't as strict when it comes to the software they package
Good to know. Added it because I read it had some extra apps. I'm trying new stuff
And that is a fair answer. My long term concern is that developers will start taking the easy route more and more instead of adhering to F-Droid's fairly high standard.
Yep some of the big guys aldready do that they add available on fdroid and i get excited and click then it brings me to izzy and i get dissapointed.
What?
Like they advertise their app as being on fdroid but when you click the link its izzy
Not OP but my answer to this is that I only add sources that I know I need to make sure I understand where everything comes from and to keep that attack surface lower.
I like to add as many repos as I can.
The more apps in F-Droid,
the less reason to go to GooglePlay :)
Here is a list with all repo's I've got imported:
I usually keep the Archive variants disabled,
but they're nice to keep around,
for if you ever need an old version of an app.
Also,
most of these I've found through Droid-Ify,
it's my favorite app to manage my F-Droid apps:
https://f-droid.org/packages/com.looker.droidify/
Bromite is unmaintained. Use Mulch instead. You can find it in DivestOS repos. Also there is another browser called Mull (firefox-based).
DivestOS Official: https://divestos.org/apks/official/fdroid/repo
DivestOS Official Archive: https://divestos.org/apks/official/fdroid/archive
https://www.collaboraoffice.com/downloads/fdroid/repo
Collabra office
https://archive.newpipe.net/fdroid/repo
Newpipe
I prefer Tubular to Newpipe. This version of newpipe has Sponsorblock.
I'm conflicted about sponsorblock, I usually hate youtuber sponsor (since those are usually scam) but I don't know if there is a more ethical way to earn money from ads, since donations aren't usually enough
At least they aren't targered with my personal data.
Exactly
Maybe because I'm old enough to remember TV before streaming, I'm not so bothered by a 30 seconds add inside a video. And knowing who sponsors a content creator also gives a bit of context about their possible bias.
It's a valid argument. I don't have the energy to let cognitive time for this.
Futo repo for Futo Voice Input App. Totally free open-source offline speech to text engine. Works better than I expected (for English).
I use this all the time
There are general purpose repos and specific app repos. Those for specific apps might allow you to download apps not found elsewhere or they might just get you the update a little faster.
I have the repos for Collabora and Newpipe enabled on mine for those reasons.
You might also look at Obtanium if you're looking to keep specific apps updated.
Is there a real delay on updates? I mean, I'm in an almost 4 year phone with android 10, can't say I run behind the latest stuff
It depends on the app publisher. The official F-Droid repo has Newpipe version 25.2, which was added August 10, 2023. The Newpipe upstream repo has version 26.1, added December 27, 2023.
I only add some app-specific repos to get more frequent updates on those. Newpipe and Fedilab in particular.
I know that I could use other tools to install directly from their release images but sticking with F-Droid for now for simplicity.
Newpipe and bitwarden?
I have active the DivestOS repo, since I use Mull as my main browser. It has also some other nice privacy focused apps.
I use mull too, so I'll consider it Does fdroid delay the updates too much?
I don't know how much the delay for Mull is specifically, but in general it falls in the range between one and two weeks.
And since Mull is already behind Firefox in terms of security updates, I think it's better not to fall too much behind
Good point Added then
I don't think I understand the other apps... It's social media, right? Not really into that
I know there are a lot, and it's overwhelming.
Anonero monero wallet: http://anonero5wmhraxqsvzq2ncgptq6gq45qoto6fnkfwughfl4gbt44swad.onion/fdroid/repo
Briar: https://briarproject.org/fdroid/repo
Cake Labs monero wallet: https://fdroid.cakelabs.com/?fingerprint=ea44efaee0b641ee7a032d397d5d976f9c4e5e1ed26e11c75702d064e55f8755
Collabora Office: https://www.collaboraoffice.com/downloads/fdroid/repo
Eternity for Lemmy: https://bazsalanszky.codeberg.page/fdroid/repo
IzzyOnDroid: https://apt.izzysoft.de/fdroid/repo
Molly: https://molly.im/fdroid/foss/fdroid/repo
Monerujo monero wallet: https://f-droid.monerujo.io/fdroid/repo
MySu Monero Wallet: http://rk63tc3isr7so7ubl6q7kdxzzws7a7t6s467lbtw2ru3cwy6zu6w4jad.onion/fdroid/repo?fingerprint=0C72C540E5841030FAE32329A1BC8747DCAC5236E4D1AAEDB67735CA7B7DD3D6
NewPipe: https://archive.newpipe.net/fdroid/repo
Session: https://fdroid.getsession.org/fdroid/repo
SimpleX Chat: https://app.simplex.chat/fdroid/repo?fingerprint=9F358FF284D1F71656A2BFAF0E005DEAE6AA14143720E089F11FF2DDCFEB01BA
For a crypto wallet it seems extremely dangerous to use a custom repo. What if one day it pushes an hacked version with the same signature and it takes all the money?
For this use case I'd consider only from fdroid, the only way it can be sure it matches the published source code
Those repos are maintained by the developers of the Monero wallet. So, if they were going to do that, they would also be able to push the malware version to the fdroid repo as well, because the signatures would match the developers.
The fdroid repository has only apps built by fdroid itself using the published source code, while a private repo could have a binary that doesn't match the source.
It might be a financial incentive for someone to hack the dev, steal their signing keys, silently add a timebomb that at a specific time would send the whole content of the wallet to a specific monero address, replace the apk after a new release is added. Nobody would notice until too late
Difficult hack but not impossible
That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.
Edit: But if a hacker hacked the developer, wouldn't they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.
Thanks, I still haven't got into crypo so Monero is not for me but I will study a few of those.
I am redesigning a big part of my digital life these days
