F-Droid lost the Game
I am not the only one who speaks against F-Droid and it is certainly not the future as often wrongfully advertised - these statements usually come from based people, not people who actually have interest in exploring better systems or mentioning more reliable solutions. Today we are going to check what could and already does make a difference.
Google Play Store has much more features that F-Droid simply cannot implement because there is not enough money or funding nor manpower behind. There are also security reasons as well as developers that hardly can take any criticism, which is known among the F-Droid community. I linked all of the evidence already on several other places and this is not conjecture or biased, it is simply a fact. During my years I observed the Clients, and of course every alternative fork which often quickly appear and disappear because such projects are not possible to maintain by just one or two developers. No one can compete against the big Stores because no one has the money or funding to come even close, missing comment system, missing security audits, missing removal of leftovers - while writing this Silence and other unmaintained apps are still listed - and so many more reasons exist to not suggest using F-Droid.
Why F-Droid lost once and for all
There are various reasons one thing is that most coding platforms, such as GitLab and GitHub supporting now CI/CD builds, this means you do not need Google, you do not need multiple accounts, you do not need F-Droid, maybe an RSS-Reader, which is optional to get advance notifications about a new update or the change log.
CI/CD vs. F-Droid
CI/CD has benefits
- ISP could block e.g. access to auroraoss.com while it is unlikely they block normal coding platforms that contain millions of projects and developers. This would force someone to use a VPN or Proxy to bypass it however, this can cause a concern on its own since you need to trust such provider, unless you self-host your own which most people just do not do.
- API access could be restricted, limited or additional thresholds could be added to cripple third-party implementations or ban them. It is unlikely that Google bans access coming from trusted domains such as GitLab and GitHub which makes it harder to block them.
- Integrated update mechanism, so you only need to install the app and then get automatically updates
- Only one Account, no Google Play Store or Google Account to be precise, no GitLab or GitHub account just nothing. Maybe only one if you want to interact, comment or submit pull requests but that is all.
- You can self-host systems like this even a cheap VPS would do it to deliver some small updates.
- In the future reproducible builds could be delivered, assuming the code allows it which is at developers end and then, when someone wants to check it and verify it the system could push additional things on top of that like checksums, etc.
- No signature differences between Google Play Store or F-Droid, GitHub manual APKs.
- Using GitHub or other systems like self-hosting is more reliable. As you can see often in offline or not anymore maintained F-Droid repos, there is no notification except the cryptic sync error which could be a reason for lots of things. Overall it just works.
- CI/CD could utilize A.I. - Deep Learning, a system that usually does not work for a pure website such as F-Droids main website to deliver automatically processes to inspect, warn and possible even notify users about all sorts of things such as security, privacy, leaks or strange findings in the code that need attention and then maybe even self-correct with an automated new build. The ideas and possibilities here are huge.
- You still can optionally use F-Droid, assuming you do not create any dedicated page for your app to list and promote it, or even add your Repo into the client to fetch your automated builds. However, as said this is optional and not needed if you implement an auto-update function.
- You could create a index which gets automated update once a app is removed or added to ensure you cannot install unmaintained apps. Of course the system could be tweaked for exceptions.
- Example Repo.
- One signature, the same signature can be used, there is no misunderstanding between Google Play Store, F-Droid, debugging or release on the coding platform. The same APK gets delivered and can be downloaded. Google wants soon or later to get rid of the APK format and replace it with something more efficient, but is more complicated for the normal average user.
- Thread model issues.
Several people in the so-called privacy community celebrating F-Droid as alternative to Google, this is not the case, paid developers get no support the only way you possible archive that is with donation buttons no one gonna press on a website or via in-app banners that beg - please, please press me and support me - and then you still usually depend on another third-party such as PayPal, or controversial cryptocurrency systems. Or in other words, closes systems that are privacy problematic or simply systems that could crash because they are known to be unstable.
Right now I see more benefits in using CI/CD than in F-Droid. Of course CI/CD is also not perfect because you also one way or another need to depend on third-party payment systems to support the developer. Support systems on the developers website or via GitHub could help, people usually mind less to see a image with a link in a Readme.md rather than in the actual app. There are also new approaches from GNU e.g. GNU Taler that could be used as alternative for both F-Droid and CI/CD but the problem here is that such alternatives are not really recognized, means you might also need another middle-man to convert the Taler or Coins to hard cash.
However, overall the CI/CD is more sophisticated for the end user which does not like to install just another Store app that might list outdated apps, loads slowly, has Repository issues or that are hard to handle for people that are not really involved into such topics, some people just want the app and that is it.
CI/CD is something I will look into myself much more, possible write something about it but the times of hyping F-Droid is for me over. I think we are heading in a more automated way which hopefully finally get rid of any Stores.
I already use RSS + manually download or compile the APK I use, less is more you know and this systems works so far but the CI/CD can make you life much easier since lots of processes could be automated.