App Review You should Uninstall F-droid

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Side of Burritos

Orchid

Level 1
Thread author
Jan 27, 2023
43
MalwareTips Community,

Last night and earlier today, I saw several threads in the Android forum discussing F-droid apps or F-droid App Store in general (MalwareTips Members using the F-droid Store). Recently, I found two videos on YouTube by the creator Side of Burritos which discuss how F-droid is a security risk for android users/why android users shouldn't use F-droid as their App Store of choice. He references an article in the videos, which I will link below.

You should Uninstall F-droid - Part 1



You should Uninstall F-droid - Part 2




The article he mentions in the videos is here: F-droid Security Issues.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Bitwarden also not on F-droid since I downloaded the last and latest version from there. Strange? It's still available on github though. If future BW version not found on F-Driod or Droid-ify then I'll give BW up if it's on Google Play Store

Quote from above link

When it comes to trackers (this really comes up a lot), you shouldn’t believe in the flawed idea that you can enumerate all of them. The enumerating badness approach is known to be flawed in the security field, and the same applies to privacy. You shouldn’t believe that a random script can detect every single line of code that can be used for data exfiltration. Data exfiltration can be properly prevented in the first place by the permission model, which again denies access to sensitive data by default: this is a simple, yet rigorous and effective approach.

Unquote

I'm trying my best to use apps without trackers.......in my upcoming new phone. I know Google Play Store has more apps with trackers over F-Driod. If Google Play Store can just get rid of Google trackers (apart from others) I would gladly download apps from there.

FI, the latest F-Droid version is v1.15.6 and not v1.15.2 stated in the video
 
Last edited:
  • Like
Reactions: cryogent and Nevi

Orchid

Level 1
Thread author
Jan 27, 2023
43
@HarborFront I know what you are going through. I wanted to get away from the Google Android ecosystem too, so I installed a Custom ROM (CalyxOS) a year ago and used F-droid as my app store. However, once I saw these videos and later went to GrapheneOS, I downloaded verifiable android apps from GitHub instead. Downloading android apps from GitHub has become the method I use for downloading apps to my phone. I will also mention that some android apps on GitHub have different apk files. If you download the right one, I think it will not contain any Google trackers. You have to know what apk file (android apps) to download. The same creator (Side of Burritos) talks about this method (I speak about above) in a video I will link below. I hope this will help you in your journey.

 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
@HarborFront I know what you are going through. I wanted to get away from the Google Android ecosystem too, so I installed a Custom ROM (CalyxOS) a year ago and used F-droid as my app store. However, once I saw these videos and later went to GrapheneOS, I downloaded verifiable android apps from GitHub instead. Downloading android apps from GitHub has become the method I use for downloading apps to my phone. I will also mention that some android apps on GitHub have different apk files. If you download the right one, I think it will not contain any Google trackers. You have to know what apk file (android apps) to download. The same creator (Side of Burritos) talks about this method (I speak about above) in a video I will link below. I hope this will help you in your journey.



FI, I don't want to root my phone
 

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
252
I use both F-Droid and APKPure to install apps to bypass regional restrictions. For security I have Norton and Eset. I don't pay money for nothing, right? :D I also upload any installed application to VirusTotal. )
 
  • Like
Reactions: Nevi and roger_m

Orchid

Level 1
Thread author
Jan 27, 2023
43
FI, I don't want to root my phone

According to my research, you don't have to root your phone. On Android, you can toggle Unknown Sources in your android settings to download and install apk files from GitHub. That is unless Google took the feature away.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
According to my research, you don't have to root your phone. On Android, you can toggle Unknown Sources in your android settings to download and install apk files from GitHub. That is unless Google took the feature away.

I'm talking of custom ROM
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
Bitwarden also not on F-droid since I downloaded the last and latest version from there. Strange? It's still available on github though. If future BW version not found on F-Driod or Droid-ify then I'll give BW up if it's on Google Play Store

Quote from above link

When it comes to trackers (this really comes up a lot), you shouldn’t believe in the flawed idea that you can enumerate all of them. The enumerating badness approach is known to be flawed in the security field, and the same applies to privacy. You shouldn’t believe that a random script can detect every single line of code that can be used for data exfiltration. Data exfiltration can be properly prevented in the first place by the permission model, which again denies access to sensitive data by default: this is a simple, yet rigorous and effective approach.

Unquote

I'm trying my best to use apps without trackers.......in my upcoming new phone. I know Google Play Store has more apps with trackers over F-Driod. If Google Play Store can just get rid of Google trackers (apart from others) I would gladly download apps from there.

FI, the latest F-Droid version is v1.15.6 and not v1.15.2 stated in the video
bitwarden is on fdroid, you need to add the repository Bitwarden on F-Droid
 

Orchid

Level 1
Thread author
Jan 27, 2023
43
I'm talking of custom ROM

Rooting the phone will not allow you to install Custom ROM on your phone. For a custom ROM like CalyxOS or GrapheneOS needs an unlocked boot-loader. Chris Hoffman on How to Geek (What’s the Difference Between Jailbreaking, Rooting, and Unlocking? June 20th, 2017) discusses the difference between the two. Technically speaking:

Rooting: Give you administrative permission to access the Android file system, where you can uninstall default apps on your phone. An example of this is like using sudo privilege on Linux or using the Administrator Account on Windows.

Unlock boot-loader: Permit you to gain access to the disk partitions on your phone. An example is Disk Management on Windows, where you have C: partition, D: partition, etc. Unlocking the boot-loader, you can now change the default Android OS to a Custom ROM. However, if you buy a phone from your carrier, your phone is locked. You can buy an unlocked phone from the manufacturer or Best Buy.

*Note: GrapheneOS and CalyxOS only work on Google Pixel devices. I will also add GrapheneOS, and CalyxOS will allow you to re-lock the boot-loader after you install the Custom ROM. Other Custom ROM will not do that.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Rooting the phone will not allow you to install Custom ROM on your phone. For a custom ROM like CalyxOS or GrapheneOS needs an unlocked boot-loader. Chris Hoffman on How to Geek (What’s the Difference Between Jailbreaking, Rooting, and Unlocking? June 20th, 2017) discusses the difference between the two. Technically speaking:

Rooting: Give you administrative permission to access the Android file system, where you can uninstall default apps on your phone. An example of this is like using sudo privilege on Linux or using the Administrator Account on Windows.

Unlock boot-loader: Permit you to gain access to the disk partitions on your phone. An example is Disk Management on Windows, where you have C: partition, D: partition, etc. Unlocking the boot-loader, you can now change the default Android OS to a Custom ROM. However, if you buy a phone from your carrier, your phone is locked. You can buy an unlocked phone from the manufacturer or Best Buy.

*Note: GrapheneOS and CalyxOS only work on Google Pixel devices. I will also add GrapheneOS, and CalyxOS will allow you to re-lock the boot-loader after you install the Custom ROM. Other Custom ROM will not do that.

Anyway, I'm using Samsung phone
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Occasionally F-Droid doesn’t have the latest updates for 3 days and counting.

Resorting to GitHub or Google Play to update for the latest stable builds.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top