Could F-Droid Potentially Give Google Play a Run For It's Money?

D

Deleted member 111282

Guest
I recently came across this thread: https://linux.org/threads/reports-of-linux-container-failing.38069/. I originally was going to respond to it, but then I realized I'm better off making my response a separate thread.

Being that F-Droid isn't the creation of some big, well-known company with commercial support, and has far-less software because of that, this unfortunately makes Google Play assume the role of Goliath. However, that's not to say F-Droid isn't the Little Engine That Could. If there was a change in the tide, how do you think it would play out in a realistic way?

Because Lineage is well-known for working on pre-Googled devices, what I can see happening is them creating their own laptops, piggybacking off of the success of Chromebooks (maybe calling them FOSSbooks), and when it comes to commercializing them, marketing themselves as a freedom-respecting version of Android. Unfortunately, I know they still use GP, so if they swapped it out in favor of FD, that would further their marketing. If they manage to have success with that, and want to also create their own phones, tablets, set-top boxes, etc, that could potentially make GP less relevant. The only thing that would still hinder F-Droid is Big Business not putting their apps on the platform (which is more of a problem with Big Business in general than anything else). I'll message them about this and see what they say.
 
Last edited by a moderator:


No it cannot because only people who care about FOSS and privacy use it as well as those run it along side Play store. I run LineageOS on my phone and I use F-Droid and the Aurora store which is installed using F-droid because I need to install other regular apps which I use which for most of them aren't in F-droid.
 
Last edited:
No it cannot because only people who care about FOSS and privacy use it

Being that privacy is a human right, and FOSS helps protect that right, those who use FD should encourage the people they know to switch to it (obviously not in some kind aggressive, condescending, religious-like way (I've inadvertently did that in the past, and knowing that about myself, I've taught myself to stop)). I know the sheeple will complain "I gotta have ma facebook!", but if they see someone playing a game that's only available through FD, they can show that game, and all of the other games it has to offer, and that could potentially intrigue them enough to try it out. Once they download it and look at the games on it, they'll subconsciously start looking at the other apps available, try them out, and get into a habit of only using them (especially when they ask the person who introduced them to FD for help). Granted, and as I said, it has far less apps than GP, but the contributions FOSS devs have made have given it the traction it has now, and there's no signs of stopping it at this point. While I don't recommend social media sites for personal use (as I've personally found it addicting and time wasting), maybe some dev could create some FOSS clone of FB and call it FOSSbook. That way, the person trying out FD can still have FB without the spookiness (especially if it can integrate the person's friends and groups).

Another thing someone could do on a larger scale is set up a series of workshops on how to install and use FD. They could do this at their local community centers, libraries, schools, etc. I would especially encourage young children or teenagers to participate in that because it could inspire them to go into software development, and eventually contribute software to FD. If a kid really wanted to, they could create desktop versions of Lineage and FD. By getting these workshops set up all over the world, that could lead to a movement.

All of that might sound good on paper (or, in this case, a forum thread), and its also possible that the saying "You can lead a horse to the water, but you can't make it drink" might take effect, but it still doesn't hurt to try and see what happens.

After reading the anti-features about the Aurora Store, I can't recommend encouraging people to use it because it encourages the use of non-libre software.
 
After reading the anti-features about the Aurora Store, I can't recommend encouraging people to use it because it encourages the use of non-libre software.
Aurora store is way of being able to use the apps in the Play store anonymously without needing a Google account or Google being able to trace you. 99% of the apps I use are not even in The F-droid store, not even the CoronaCheck app for showing my QR code if they were to ask me at a restaurant or another public place where they can ask it. Just as on my PC I use opensource where I can and where that is not an option I use something else. On the phone it seems harder to use something opensource since there are no alternative clients for WhatsApp and I find it strange that Signal is not in F-Droid, there is no opensource client for Uber or Airbnb.

I'm not going going to try and remove all non-free software from my live because that would make my life impossible to keep in touch with people who I don't see on a regular basis and it would make the rest of my life 10x more complicated than I am willing to make it. A privacy person I have been following recommended Aurora store as place to install Apps from which can't be found in F-Droid that being the reason why I have been using it.
 
Being that privacy is a human right, and FOSS helps protect that right

I'm not sure how FOSS helps protect privacy really. Encryption helps data privacy, and encryption is mostly FOS, although I suppose it isn't defined as such.

A lot of FOSS would by it's nature invade the users privacy (e.g. use the camera, microphone, etc).

People aren't about to stop using WhatsApp and such. The end-to-end encryption it uses is far more valuable than the tracking it does is scary/ or a hassle. Its not even clear how it makes money, or what it can be used for in terms of advertising. Which in my case is blocked by browser/plugins/nextDNS anyway.
 
I'm not sure how FOSS helps protect privacy really. Encryption helps data privacy, and encryption is mostly FOS, although I suppose it isn't defined as such.
I don't know much about encryption but I know someone who's hobby is encryption and they told me it depends how the encryption is implemented as in how secure it is.
 
I don't know much about encryption but I know someone who's hobby is encryption and they told me it depends how the encryption is implemented as in how secure it is.

Yeah, it's a on-off interest for me. There is something very beautiful about it, although that is only true when it can be comprehended! The attacks are fascinating too, something considered "broken" is often only broken in a theoretical way with like 2**129 known plaintexts, and crazy stuff like that.

It's true it depends on how it is implemented. Most real-world attacks are on poor implementations rather than any problem with underlying theories. Even good implementations can be defeated easily with good old-fashioned rubber-hose cryptanalysis.
 
People aren't about to stop using WhatsApp and such. The end-to-end encryption it uses is far more valuable than the tracking it does is scary/ or a hassle.

Because it's proprietary software, and you can't audit the code yourself to know how it works or what it's doing, FB could have a secret backdoor put in and the end user wouldn't even know. One way to prove that is the moderation team getting a copy of a flagged message, and then using one of their own decryption keys to review and evaluate it. If they can do that, then they can also decrypt any message at will, especially if compelled to by the alphabet boys. That alone means it's not truly end-to-end encrypted.
 
Its not even clear how it makes money, or what it can be used for in terms of advertising. Which in my case is blocked by browser/plugins/nextDNS anyway.
I use AdAway on my android from the F-Droid store. It actually blocks ads from all the apps! Quite awesome. There were so many "free" apps on the Google Play store that spam ads everytime you touch the screen! And this seems to just wipe them all out!
 
I know someone who's hobby is encryption

That's a rough hobby to have. I'm a mathematician and even I struggle with some of the math involved.

While off-topic, I'd caution folks to never, ever try to roll your own encryption. It's simply beyond the scope of a single person these days, outside of the infamous OTP.

Assuming one maintains physical security, the OTP is the only unbreakable encryption out there.
 
Because it's proprietary software, and you can't audit the code yourself to know how it works or what it's doing, FB could have a secret backdoor put in and the end user wouldn't even know. One way to prove that is the moderation team getting a copy of a flagged message, and then using one of their own decryption keys to review and evaluate it. If they can do that, then they can also decrypt any message at will, especially if compelled to by the alphabet boys. That alone means it's not truly end-to-end encrypted.

Who can "audit" the code themselves? Not most. So in the end we all need to trust someone. I can code, particularly in JS, but I cannot remotely "audit" proper code even in JS. The majority who you want to flout to f-droid certainly cannot audit code.

I don't really know what you are talking about from the point "One way to prove" onwards. Do you understand the encryption that is used?

Whatsapp used eliptic curve encryption, which they would have every reason to use as it means they cannot comply with any requests to decrypt messages, and they use the signal protocol now. In any case they cannot decrypt messages, they cannot have a master key, etc.

It's a nonsense really to think that there is any value to WhatsApp lying about the encryption, or putting in a backdoor. So they can read messages about bland nonsense, stuff i've edited out, football, chain jokes, etc. How are they monetising it? Or are they just on a moral crusade fighting terrorism/etc?
 
Last edited:
That's a rough hobby to have. I'm a mathematician and even I struggle with some of the math involved.

While off-topic, I'd caution folks to never, ever try to roll your own encryption. It's simply beyond the scope of a single person these days, outside of the infamous OTP.

Assuming one maintains physical security, the OTP is the only unbreakable encryption out there.

Yes the wonderful OTP, but impossible to implement in reality. Bernstein is a modern great, and I think his wonderful stream cipher is pretty close to a OTP if implemented correctly.

What math(s) do you find so difficult? Surely stuff like exponentiation in a finite field, or euclid's extended algorithm are bread and butter to you? I learned about modular arithmetic when I discovered the beauty of cryptography! Ha ha - I bet you mean something far more difficult!

I have never had so much trouble learning something, even just on a layman level. Don't leave school when you are 16 kids!
 
I find the biggest mental hurdle is the abstract algebra (at that level). While I'm familiar with many of the theorems involved, I'm an *applied* math grad. I'm not yet into my Friday wine, so you're not getting a novella, That's too bad, 'cause it's a pretty fascinating subject. My understanding of number theory is really not as great as it might have been had I been a pure maths geek.

Hmm... I did finish dinner. So, maybe...
 
Last edited:
I don't really know what you are talking about from the point "One way to prove" onwards. Do you understand the encryption that is used?

Whatsapp used eliptic curve encryption, which they would have every reason to use as it means they cannot comply with any requests to decrypt messages, and they use the signal protocol now. In any case they cannot decrypt messages, they cannot have a master key, etc.

It's a nonsense really to think that there is any value to WhatsApp lying about the encryption, or putting in a backdoor.

They claim the contents are stored on the user's phone instead of on their servers, but unless the devs actually verify that by giving an audit of the code, they want us to take their word for it.

According to this article from the help center, https://faq.whatsapp.com/general/account-and-profile/about-account-bans, they can ban accounts if they violate the ToS. Explain to me how they can do that without viewing the violation themselves or without hearsay.
 
@SpongebobFan1994 what apps from F-droid do you use on your phone?

I don't, as I haven't had a smartphone in the last few years. With my current phone being a basic but rugged flip phone, I couldn't install it on there anyway. However, if there was a version of FD that could run on basic phones, and I had one capable of doing that, then I'd tell you about the apps I'd use.

I believe I've mentioned in the past that I no longer want a smartphone because it's often too expensive, it's features make it more of a pocket-pc more than anything else, and aside from the Librem5 and PinePhone, smartphones contain spyware by default. In case you weren't aware of this, there's a slowly growing movement where people are ditching their smart devices in favor of simpler ones (here's an article to read about that: https://www.huckmag.com/perspective...-young-people-are-ditching-their-smartphones/).
 
According to this article from the help center, https://faq.whatsapp.com/general/account-and-profile/about-account-bans, they can ban accounts if they violate the ToS. Explain to me how they can do that without viewing the violation themselves or without hearsay.

It's quite obvious how they can do that. You simply need to search "reasons whatapp ban" and you'll find out why they ban most people. The ToS don't simply relate to content of messages. The vast majority relate don't relate to message content.

In any case, the messages are (as well as being encrypted) digitally signed if that helps. Difficult to spoof, difficult to tamper with, difficult to forge, et cetera, also means that it is difficult to claim you didn't send a message. Hence the reason for stuff like this and the ridiculously complex signature scheme behind monero (i think).

So how do WhatsApp make money, with their mass surveillance team going through everyone's messages (100 billion per day, yes billion) checking for inappropriate content?
 
I don't, as I haven't had a smartphone in the last few years. With my current phone being a basic but rugged flip phone

So in the name of privacy, you only use a basic phone to make completely unencrypted calls and send unencrypted SMS messages that can not only be read by the network operator, but anyone in the appropriate range with the relevant equipment?

And does your non-smartphone run proprietary software/firmware? How can you audit the code, and how can you trust it?
 
So how do WhatsApp make money, with their mass surveillance team going through everyone's messages (100 billion per day, yes billion) checking for inappropriate content?

After further research, I'll admit I was wrong about what I said previously. What I found out was when they updated their privacy policy back in February, users were no longer allowed to opt-out of FB collecting their data (particularly metadata), as it owns WA. However, because of how EU laws work, this was banned over there. While the metadata isn't as satisfying as the messages themselves, FB can still monetize it if they chose to.
 

Staff online

Members online


Top