Comment by udev4096
Stop using F-droid. It is insecure and shouldn't be the primary way of installing apps. Stick to Aurora Store or Play Store
Stop using F-droid. It is insecure and shouldn't be the primary way of installing apps. Stick to Aurora Store or Play Store
https://privsec.dev/posts/android/f-droid-security-issues/, the recent findings of bypass of certificate pinning [0], wireguard creator doesn't trust f-droid himself [1], continued harmful attacks to GrapheneOS devs [2] and a few more points regarding their build infra using a deprecated debian release.
[0] https://www.openwall.com/lists/oss-security/2024/04/08/8
[1] https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613...
[2] https://gitlab.com/ironfox-oss/IronFox/-/issues/7#note_22877...
The handling of the project appears quite troubling, the whole board resigned last year: https://gitlab.com/fdroid/admin/-/issues/447
I read your sources, and one, as a user, I'll let these people sort out their drama among themselves, two, the security issues of the apps that are downloaded I think are way higher potentially than the ones in F-Droid in itself. With these considerations, F-droid is fine as a way of installing apps. Just as fine as any other technically imperfect service, business, or product that we use daily. In fact, I consider it higher than average in quality.