457
I imagine I'm gonna get downvoted for this, but I have no idea what F-Droid is.
FDroid is an alternative app store where its main focus is Free (libre) software. Free in the sense of freedom. They have also strong focus on tracking. Under app, you have "anti-feature" that tell you that part of its code is not opensource or that there is sensible data. :)
You should visit their website. ;)
Here is some info from their website :)
F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
FDroid respects your privacy. We don’t track you, or your device. We don’t track what you install. You don’t need an account to use the client, and it sends no additional identifying data when communicating with our web servers, other than its version number.
We don’t even allow you to install other applications from the repository that track you, unless you first enable ‘Tracking’ in the AntiFeatures section of preferences.
Any personal data you decide to give us (e.g. your email address when registering for an account to post on the forum) goes no further than us, and will not be used for anything other than allowing you to maintain your account.
Google fdroid or use chatgpt
The USA with its corporations setting a new, unbeatable WR in any% glitchless turning into a dictatorship with zero human rights or freedoms.
Disclaimer: I have been a maintainer for LineageOS and a long time user.
Whoever advocates for LineageOS don't get it. Using LineageOS will not fix any issue like this.
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald's and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
So no, using LineageOS will soon be possible only with secondary devices and not your primary that you will need for your actual stuff to work.
Exactly, trying to find software alternative for what ultimately going to be locked down hardware is never going to be a sustainable solution.
Alternative OS means nothing if there's no widely supported open hardware with unlocked bootloader to run such OS long term, and Google is got all mainstream phone manufactures cornered legally and commercially with this and their requirement for manufecturer authorization for shipping GMS suite with their products.
The only way out is this ridiculous decision of Google getting push backs from legislation, because there's nothing manufecturers can do and without them there's nothing FOSS developers can do to push back long term, and Google isn't stopping themselves from doing Evil™.
Fully agree
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald’s and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
But if I'm already using LineageOS without GApps, this wouldn't make any difference, right?
Edit: Also - thanks for all your work!
And soon you will need a second device with locked down bootloader and play integrity to use mainstream apps.
What when meta will require attestation to run WhatsApp? Not if, when...
I agree that those things are going to happen, but again, I'm deliberately not using GApps and thus no Playstore apps, including WA. Using an undesirable product is a vote for the continued existence of that product, so the only winning move is not to play, isn't it? 🤷
Counterpoint: I use the McDonald's app where it belongs - on a giant greasy ordering kiosk.
But seriously, banks have websites. Everyone and everything has a website.
I don't need Android apps at the cost of my privacy or at the cost of control of my devices.
I use GrapheneOS as my only phone, and I have done so for years.
Whatever the topic, I don't need an app for that.
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
That sounds extremely inconvenient. Individual apps for 2FA? No thanks. I'm good with KeePass and Aegis, both open source, encrypted, and don't require any extra hardware.
Dang. Y'all need to pick better credit unions. MFA rolling token is an open standard. Any single app can support all of my (correctly implemented) tokens. I prefer Aegis, but they (correctly implemented MFA apps) all work.
I don't want to trust my money to someone who can't implement standards compliant MFA.
That would scare the daylights out of me.
Well, they have a kind of 2FA since at least 30 years, long before rolling tokens were all over the place. Their latest implementations are as simple to use as Steam 2FA. If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about. Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.
If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about.
Exactly. Any organization whose MFA doesn't work on Aegis, I take action to protect myself from their incompetence.
Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.
I'm sure they claim that. But I still recognize it as simple incompetence. They aren't able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Y'all are welcome to risk your money there. It's probably insured anyway, right?
For me, that's too much risk. Even if insurance makes me whole, getting robbed is a huge pain.
Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.
That'll surely end their business. /s
I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?
Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?
Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can't easily be compromised to ripp off stupid people?*
* Let's just assume that you, the lead developer, are not at all "incompetent", quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).
This is actually a solved problem:
The credit union mplements (purchases from a competent vendor) their own custom branded standards compliant MFA solution.
This is what competent organizations already do.
Because the app is standards compliant, experts use Aegis instead of the branded app. Everyone else sticks with the branded app.
Also because the app is standards compliant, provided by a specialized vendor, and occasionally being used in unusual ways by expert users, serious security mistakes are much less likely to happen, and less likely to only be noticed by attackers.
I don't expect my credit union to tell me to use Aegis - I expect them to use a credible MFA vendor that interoperates correctly when I do use Aegis.
That's insane, I have never heard of such a thing, but I'm in the US where most banks don't even have non-sms second factor.
load more comments
(3 replies)
Counter-counterpoint:
Banks use their app to generate the otp and they reinvented the wheel so if you want to login you need to install it, can't use a generic authenticator. I am not aware of any single bank in the EU that allows the use of generic authenticators.
For McDonald's, using the app gives at least 50% off. A menu in the app costs 5 euro while on the store kiosk costs 12 euro. I do not personally care because I find their food to be just barely edible, but I understand why there's a need to install the app
load more comments
(7 replies)
I've never had an issue with the three banking apps I tried on LineageOS, and I didn't even know there was a McDonald's app or pokemon games.
If this list for /e/os roughly applies to LineageOS (with microG), I wouldn't call it "only for secondary devices", more "won't work for some people"
Did I miss something? AFAIK google is requiring devs to ID, not to use SafetyNet or whatever the "only-runs-on-certified-phones" thing is called
Same, my bank also doesn't require strict play integrity. I think I ran into an issue with a dating app once, but that's about it, and that's no real loss.
If my bank would suddenly stop working on Android with microG (with no simple alternative), I'd just switch to another bank, there are enough.
load more comments
(6 replies)
Fdroid is just the best. Around half of the apps on my phone are from Fdroid and Izzy.
Why the Google identity check is completely useless:
Step 1: scammer acquires stolen id card
What's the difference between malware developed anonymously and malware developed anonymously but registered under a fake id? It can be installed today and it can be installed tomorrow. Do they really believe that malware developers will doxx themselves when publishing their malware?
load more comments
(1 replies)
When Android stops working properly, I'll move back to a dumb/feature phone. My wife will hate it, but so be it.
I hear you. My wife has also requested that I not deprecate certain proprietary apps until I can provide a good alternative that works on both Android and Apple. Last time was when we were traveling and wanted to share locations with each other in real time. I had to give WhatsApp location perms 🤮
Oh, I hear you there. I've had to give persistent location data to GMaps of all things, because she uses Apple and actually wanted me to get one of those devices just for location.
Some friends and I were talking about the feasibility of that earlier today.
It's possible, assuming that you never need to use your phone as an MFA method, never need to scan a QR code, or never need to use an app for something because they lack a web version.
My company recently required us to have mandatory fun at a baseball stadium. Apparently, Ballpark MLB is the only way to receive tickets and get into the park... I had to sign up for some stupid account and download some stupid app because my company required it.
The future is stupid.
load more comments
(7 replies)
load more comments
(8 replies)
load more comments
(2 replies)
Looks like I'm searching for a device that can run LineageOS, then.
🤗
If this comes to pass, f-droid might get closed as the userbase dwindles. Many apps will also cease to be developed and be left without updates. You will not get out with just updating to LineageOS. We should be looking at Linux phones at that point.
load more comments
(10 replies)
Still using LOS, haven't looked back...
load more comments
(4 replies)
DOWN WITH GOOGLE
DOWN WITH GOOGLE
DOWN WITH GOOGLE
...
really hope someone finds a way to break google's block on apks that aren't registered. with more and more manufacturers locking down bootloaders, changing roms is no longer an option.
Except that it is still an option to only buy phones that allow bootloader unlocking and root? That's been a requirement for me since my first smartphone.
Where can I find a list of such phones?
On the respective ROM websites:
https://wiki.lineageos.org/devices/
https://doc.e.foundation/devices
and whatever else ROM you'd like.
The only apps I have installed from the play store are ones that came pre-installed with the phone. The rest are all from f-droid....
LONG LIVE F-DROID ! !
I'm confused by this:
The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users5 will be left adrift, with no means to install — or even update their existing installed — applications.
My understanding is that developers need to sign up with Google and once they have an account they can sign their own apks.
How would this impact F-Droid in any way? Presumably by the time F-Droid enters the picture the developers of the apps they distribute would have already gone through that entire process, right? The apks will be tied to that new Google certificate, but after that they can still be distributed anywhere.
I mean, don't get me wrong, this has genuine, very serious, dealbreaking issues, in that Google can just cancel the account of a developer making apps they don't like, the same way Apple has done in the past. That's not great. But from F-Droid's perspective all of that has happened upstream, they are not anywhere in that loop, unless I've misunderstood the changes.
How would this impact F-Droid in any way?
F-Droid itself builds the APKs to ensure that they're reproducible and not signed on a development machine that could be compromised.
https://f-droid.org/en/docs/FAQ_-_General/#is-your-building-and-signing-process-secure
With these changes, either:
- They use Google's developer identity process to sign every APK they build with their own developer identity, which Google is likely not going to allow or is going to quickly find an example of a "malicious" app so they can blacklist all of them; or
- They stop building APKs and just trust the developer provides a non-malicious, pre-verified APK;
- They find a way to mediate the process between the original developer and Google. Knowing Google, they would make it as needlessly painful for everyone involved to discourage and punish alternative app stores.
load more comments
(1 replies)
load more comments
(2 replies)
view more: next ›
this post was submitted on 29 Sep 2025
457 points (100.0% liked)
Android
32024 readers
150 users here now
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
founded 2 years ago
MODERATORS