Serious Discussion F-Droid client for Android - An Android App Repository for FOSS apps

Do you think F-Droid repo & client is trustworthy and reliable?

  • Yes

    Votes: 11 78.6%
  • No

    Votes: 1 7.1%
  • Unsure

    Votes: 0 0.0%
  • Never tried

    Votes: 2 14.3%

  • Total voters
    14

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
F-Droid is a robot with a passion for Free and Open Source Software (FOSS) on the Android platform. On this site you’ll find a repository of FOSS apps, along with an Android client to perform installations and updates, news, reviews, and other features covering all things Android and software-freedom related.

Download: F-Droid | F-Droid - Free and Open Source Android App Repository
Android itself is open in the sense that you are free to install APKs from anywhere you wish, but there are many good reasons for using F-Droid as your libre software app manager:
  • Get notified when updates are available
  • Optionally download and install updates automatically
  • Keep track of older and beta versions
  • Filter out apps incompatible with the device
  • Find apps via categories and searchable descriptions
  • Access associated URLs for donations, source code etc.
  • Stay safe by checking repo index signatures and APK hashes
 
Last edited:

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490

Summary:
  • rolled out the new front facing web servers
  • a major overhaul of the official F-Droid client app (thanks to FFDW funding), including a security audit (thanks to NLnet funding)
  • new contributor buildserver instances for testing app builds on the production setup
  • new hardware for the production buildserver to enable parallelizing the build processes
  • new legal entity with its own board of directors
  • more core contributors to get paid to work on F-Droid
 

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,364
New repository format for faster and smaller updates

Growing repository size​

As more and more apps make their way into F-Droid, the official repository index that includes all apps and their metadata also keeps growing. Currently, the size of the compressed index is 8 MB which is 33 MB uncompressed. When updating the repository index, each F-Droid client app has to download and process those 8MB again and again. This problematic trend became apparent a long time ago.

Updating only what has changed​

Our repository index is in JSON format and we decided to make use of RFC 7396 JSON Merge Patch to create much smaller JSON files that only contain the changes since your F-Droid app last updated. Technically, this works by downloading a new entry.json file instead of the full index. This entry file points to the full index in case the app had never updated before and needs all app metadata anyway. But the entry also contains pointers to various smaller difference files. The app automatically picks the right diff and only downloads that much smaller file instead of the full index. This not only saves bandwidth, it also makes updating the index much faster as only the minimum amount of data needs to be downloaded, processed and stored. As of writing, the latest diff is 80 KB compressed which is 241 KB uncompressed which is only 1% of the full index. Version 1.16 of the official F-Droid client app for Android supports this new repository format.

Other improvements​

The new version has a large number of radical changes under the hood. For example, the entire database had to be replaced to support the new difference based repository format. We also used the opportunity to improve various bit and pieces along the way:
  • improved mirror support: all files (e.g. images) now get loaded from mirrors reducing the load on the main server
  • better support for low RAM devices, because the index now gets streamed into the DB instead of loading all of it into memory
  • hash verification: The SHA256 hash of all files is now part of the repository metadata and gets verified while downloading
  • stronger digest algorithm for repository signing: We now use SHA256 instead of SHA1 for the index signature
  • support for downloading repository files via IPFS
  • many bug fixes that came out of modernizing ancient code
The new version went through a series of alpha releases with extended testing to make sure no severe issues make it into the stable release. It is now considered ready for general use.
 
  • Like
Reactions: harlan4096

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
Because of the recent article posted below


I have shifted to use Droid-ify instead

 
  • +Reputation
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top