F-Droid is afree and open sourceapp store andsoftware repository forAndroid, serving a similar function to theGoogle Play Store. The main repository, hosted by the project, contains onlyfree and open source apps. Applications can be browsed, downloaded, and installed from the F-Droid website or client app without the need to register an account. "Anti-features" such as advertising, user tracking, or dependence onnon-free software are flagged in app descriptions.[5]
The website also offers thesource code of applications it hosts, as well as the software running the F-Droid server, allowing anyone to set up their own app repository.[6][7][8]
Development of F-Droid data over time from 2010 through 2018[9]
F-Droid was founded byCiaran Gultnieks in 2010. The client was forked fromAptoide's source code.[10][11] The project was initially run by the English nonprofit F-Droid Limited.[11] As of 2021, F-Droid Limited was no longer used for donations,[12] and was being shut down, according to spokesman Hans-Cristoph Steiner.[13]
In a 2014 interview forFree Software Foundation, Gultnieks said he was inspired to launch F-Droid because of "lock-down, lock-in and general nefarious behavior from software" on phones.[14]
From 2010 to 2015, F-Droid used theAGPL-licensedGitorious repository system for development.[15] In 2015, it transitioned toproprietary licensedGitLab[16] when Gitorious was acquired by GitLab. According to Daniel Marti, Former F-Droid Developer, in 2013, removal ofAdAway from the Google Play Store caused a spike in searches and downloads of F-Droid, and he estimated there were 30 to 40 thousand users.[17]
Replicant, a fully free software Android operating system, previously used F-Droid as its default and recommended app store.[18][19] In 2016, the Replicant project determined F-Droid did not comply withGNU Free System Distribution Guidelines, on the grounds that some of the software it offers promotes or depends on non-free software. Replicant asked for assistance correcting it, but progress stalled.[20] In June 2022, Replicant announced they had removed F-Droid.[21]
In 2014, F-Droid was chosen as part of theGNU Project'sGNU a Day initiative during their 30th anniversary to encourage more use of free software.[25]
In January 2016, Hans-Christoph Steiner, a developer for Calyx Institute,[26]Debian, F-Droid, and Guardian Project, said F-Droid was focusing on issues like security, building with Debian, reproducible builds, software requiring trust of as few people as possible, transparency, user privacy, non-internet distribution of apps, block avoidance, and media distribution.[27]
In March 2016, F-Droid partnered with the Guardian Project andCopperheadOS with the goal of creating, "a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves".[28] Follow-on projectGrapheneOS does not include F-Droid, and is developing their own app distribution method for "higher robustness and security".[29]
On 16 July 2019, the project published a "Public Statement on Neutrality of Free Software". This statement was issued to address the project's failure to prevent "oppression or harassment ... at its communication channels, including its forum", controversy surroundingalt-tech social media websiteGab, and to explain howFediverse client Tusky blocking access to it, while client Fedilab allowed its users to choose, was consistent with their principles.[30][31][32][33] Action was considered against several applications, includingPurism'sLibrem One, to exclude them for allowing access to sites such as Gab or spinster.xyz.[34][35][36]
According to Ankush Das writing for ItsFoss.com in 2021, F-Droid is known for hosting open-source apps such asElement or Tusky (later reinstated)[when?] that have been removed from Google Play Store.[37]
The F-Droid website lists the apps hosted, over 3,800;[38] the Google Play Store lists about 1.6 million apps.[39] The project incorporates several software sub-projects:
Client software for searching, downloading, verifying, and updating Android apps from an F-Droid repository
fdroidserver – tool for managing existing repositories and creating new ones
F-Droid builds apps from publicly available and freely licensed source code; new apps, which must be free of proprietary software, are contributed by user submissions or the developers themselves.[40] F-Droid tries to check the source code and remove issues, but warns that the checking is not exhaustive.[41] Many app stores, such as Google Play and Apple's App Store, screen apps mostly using automated tools only; malware withdefeat devices can pass these tests, by detecting when the software is being automatically tested and delaying malicious activity.[42][43][44]
The project describes itself as having a core of volunteers;[45] some contributors have been paid for their work.[46][47][48]
"Get it on F-Droid" badgeDroid-ify is a F-Droid client with Material UI focused on user experience. It is an alternative to the official F-Droid client, also using the F-Droid app repository.[49][50][51][52][53]
F-Droid is not available on the Google Play Store. To install the F-Droid client, the user has to allow installation from "Unknown sources" in Android settings[54] and retrieve the F-DroidAndroid application package (.apk file) from the official site.
The client was designed to be resilient against surveillance, censorship, and unreliable Internet connections. To promote anonymity, it supports HTTP proxies and repositories hosted onTor onion services. Client devices can function as impromptu "app stores", distributing downloaded apps to other devices over localWi-Fi andBluetooth.[55][56] The F-Droid client app automatically offers updates for installed F-Droid apps; when the F-Droid Privileged Extension is installed, updates can also be installed by the app itself in the background.[57] However, automatic updates are not turned on by default.[58] The extension requires the device to haveroot access, or to be able toflash azip file.[59]
The Android operating system checks that updates are signed with the samekey, preventing others from distributing updates that are signed by a different key.[60][61] Originally, the Google Play store required applications to besigned by the developer of the application, while F-Droid only allowed its own signing keys. So apps previously installed from another source have to be reinstalled to receive updates.[62]
In September 2017 Google Play started offering developers a signing key service managed by Google Play,[63] offering a similar service to what F-Droid offered since 2011, and F-Droid now lets developers use their own keys via the reproducible build process.[64]
In 2012, F-Droid announced they had removed an app because of a security flaw that could leak personal information.[65] In 2017, F-Droid stated "No malware has been found in f-droid.org in its 7 years of operation."[66] In 2022, F-Droid discovered over 20 distributed applications contained "known vulnerabilities".[67]
In August 2019, Rae Hodge ofCNET recommended F-Droid as a way to avoid malware from Google apps, which according to Google was a low risk. Advantages of F-Droid were said to include better security odds of open source software, avoidance of tracking in apps and a "stringent security auditing process", no hidden costs, and greater customization. Disadvantages were said to be lack of a rating system, only about 2,600 apps in F-Droid, versus more than 2.5 million in the Play store, and more manual process for updating apps. Editors cautioned F-Droid can give users more control and better privacy and security, but also takes more diligence.[68]
In an April 2022 detailed article for HowtoGeek, Joe Fedewa wrote "The selection of apps is much smaller in F-Droid than the Play Store, around 3,000 compared to around 3 million, but that's to be expected. If you're looking to de-Google your life a bit, or you just want to try some apps that have better ethics, F-Droid is a great place to go."[69]
In a December 2022 detailed article inPopular Science, Justin Pot wrote "F-Droid isn't going to replace Google Play for most people, but it's a nice and simple alternative for finding free and safe apps before you dive into the swamp that is Google's app store."[70]
.svg)
