F-Droid

One of the cool things about Android is the open market model. The folks at Google don't mind at all if you sideload apps, or use your phone to build apps of your own, or even if you install a whole separate application market. That's the real meaning of open when you hear the word being tossed around so freely. Because the platform is open, we get to see things like F-Droid.

F-Droid is a third party application "store" that hosts FOSS (Free and Open Source Software) in a repository for easy installation and updating. The repo is full of open-source software written under a variety of licenses, but all nice and FOSSy enough to please most any die-hard fan.

Having it laid out all nicely this way offers a few benefits as well. You can choose which version of an app to install, track which FOSS apps you have installed, and turn on update notifications right in the app settings. It's an excellent way to manage things, and closely mimics software repos from popular desktop Linux distributions. Even the F-Droid app itself is FOSS and licensed under the GPLv2+.

Of course we can't mention any third party application centers without thinking of security. F-Droid tackles this in a pretty novel way. Developers can upload a pre-built apk file, but the preferred way is to upload the source. F-Droid then builds an signs the code, creating an apk file they guarantee is 100% derived from the source code anyone can look through. Community oversight has long been a staple of the FOSS world, and when source is readily available you'll find that very few shenanigans are tried. The guys and gal who can read the code will let everyone know if they find something shady. Everyone.

There's quite a few interesting apps in F-Droid, and I'm going to give it a spin. If you're a fan of FOSS, I recommend you do the same.

Source: F-Droid, via +Josh Armour

 

Reader comments

F-Droid is the FOSS application store for your Android phone

5 Comments

The problem I see here is that the "guys and gal who can read the code" don't have time to read the code.

The best you can hope for is that any malicious (as well as accidental) bugs will be found more quickly. It won't prevent their inclusion by some rogue developer. Its easy to obfuscate code such that even reviewers have no clear idea of what the heck its doing.

The key to using FOSS is to use widely used applications that have a number of developers and contributors, virtually none of whom are anonymous, because those projects have lots of eyes on the code, and lots of reputations to protect.

Joe Basement has none of that. If anybody slips malware thru this portal it will be that guy.

And yet, major projects that rely on FOSS have very, very rarely encounter problems with malware.