Hacker News new | past | comments | ask | show | jobs | submit login
F-Droid 1.0 released (f-droid.org)
441 points by app4soft on Oct 19, 2017 | hide | past | web | favorite | 96 comments

F-Droid is my go-to place for no-nonsense Android apps. By no-nonsense, I mean "typically lightweight and not forcing me to create an account merely to use the core functionality." They may not be very pretty or polished, but they tend to do their job well.

Obviously that's not true 100% of the time. But surprisingly often.

It's the only place I can be pretty sure a "flashlight app" is actually a flashlight app and not going to ask me for extraneous permissions. It's great.

Oh yeah after ditching Swiftkey I was looking for a new keyboard on my phone.

So rare to see apps without asking for permissions these days. Don't see that with Gplay.

Did you find a Swype-ish replacement on F-Droid? Gesture typing is the one thing I miss about running stock Android.

I'm using AnySoftKeyboard now.

Data mining and machine learning just doesn't sit well with me even though it can't directly be traced back to a individual. At the end of the day all of it will be used for one thing: selling more services and products to me. Convenience comes with a price.

There's some progress happening for this in AnySoftKeyboard: https://github.com/AnySoftKeyboard/AnySoftKeyboard/issues/26...

Are you opposed to Google Keyboard/Gboard? It's had gesture typing for a while, and not too long ago added some nice gestures which use the spacebar to control cursor position and backspace key to delete one or more words at a time rather than character-by-character.

Its gesture-interpretation algorithm has gotten absolutely terrible for me recently, to the point that I frequently have to type out whole messages letter by letter because it will keep spitting out really strange guesses when I gesture. (It used to work a lot better, and when I revert to old versions they work great.)

Is there something wrong with SwiftKey? That'd mean so much work for me as I'm using extensively.

It's pretty clearly key-logging and on top of that they've had poor security in the past which is not great when they're key-logging everything you type.

Personally I can't say I took the high ground though I just blocked swiftkey with a firewall and figure that's good enough for me.

pretty clearly? Got a source or anything to back that up?

I researched a bit and apparently they had a bug which made the cloud sync leak the personal data of others: https://www.theverge.com/platform/amp/2016/7/29/12326152/swi...

Cloud sync is opt in and I don't know why anyone in their right mind would enable it...

That being said, using a closed source application packed with features (also known as "attack surface") as your main input method clearly isn't ideal.

Well, I do cloud-sync but it's super helpful. I don't know if SK would be SK without cloud-sync.

How else does it know what to predict without logging what keys you press?

yeah and that's why i block it assess to internet using afwall+

Terrible example. You do realize recent Android versions have a native flashlight app?

Yeah, nowadays they do, but it was the first example that came to mind because I definitely used F-Droid for this purpose back before they did.

To pile on to the no non-sense, it also means it doesn't try to do social networking and share my information publicly by default.

"Yalp Store" allows you to install apps from google store without google account.

Not sure if that's really relevant to the quality of the apps themselves.

Since everything (at least by default) through F-Droid is FOSS, there is a significant lack of ads and other misfeatures. Apps that depend on an account with a non-free third-party service are clearly marked as such. Most apps aren't foolishly tied at the hip to Google Play Services. Malware is non-existent.

I know of many such stores. Usually they are proxies: They download the app from the Google store, you download it from the proxy. The question is, how do you know they haven't inserted malware? It seems like a very obvious vector for attack. You could authenticate signatures or hashes, but where do you find the authoritative signature/hash?

For those interested in taking a shot at using these services, here are a couple of the more credible ones I've run into in the last couple years (I haven't used them in at least 6 months, so possibly their status has changed). Use at your own risk!:

- APK Downloader: By someone on XDA-forums, a leading Android dev community. It comes in several versions and forks by other XDA members, and for several platforms. I don't have time to sort them out now, sorry. Beware of malware-infected hosted implementations.

http://codekiem.com/2014/08/07/official-apk-downloader-v2-do... / http://forum.xda-developers.com/showthread.php?t=1515021



- Racoon: Desktop OS client for Play Store (along with its Github and XDA links)

http://raccoon.onyxbits.de / https://github.com/onyxbits/Raccoon / https://forum.xda-developers.com/showthread.php?t=2772436

Yalp is a FOSS Android app available from F-droid. The Yalp app on your phone talks directly to the Google Play servers.

Thanks. That helps!

For those who want to know more; here's what I found:

https://github.com/yeriomin/YalpStore - The readme is a great place to start.

On F-Droid: https://f-droid.org/packages/com.github.yeriomin.yalpstore/

EDIT: It looks great!

Yalp downloads directly from Google Play using included "fake" credentials (you can also supply your own).

> Yalp downloads directly from Google Play ...

How do you know? Why do you trust it?

Because it's a FOSS application, and you can read the source and verify that the Yalp app is indeed talking directly to Google Play servers?

I think what OP meant was having to make an account inside the app

Izzydroid repo has been a good addition to my F-Droid, a lot of very useful apps: https://android.izzysoft.de/repo

Some great apps I've been using through F-Droid:

* Battery Charge Limit (Stops charging at a desired level) - https://f-droid.org/app/com.slash.batterychargelimit

* Mi Manga Nu (Manga reader) - https://f-droid.org/app/ar.rulosoft.mimanganu [ Stable, usable, without annoying ads - consistently better than manga readers from play store I've tried. ]

* NewPipe (Lightweight YouTube frontend) - https://f-droid.org/app/org.schabi.newpipe

* SeriesGuide (keep track of your favorite TV shows and movies) - https://f-droid.org/app/com.battlelancer.seriesguide

* Slide (Companion app for reddit) - https://f-droid.org/app/me.ccrama.redditslide

* Termux (Terminal emulator with packages) - https://f-droid.org/app/com.termux [sounds cool, haven't had a chance to use this yet. ]

* XDA Labs (XDA Labs: Forums & App Store) - https://f-droid.org/app/com.xda.labs

Thanks for the link to Newpipe! Been looking for something like this ever since YouTube disabled playing videos in background tabs.

You're welcome!

For anyone else who hasn't come across it: Newpipe allows you to (a) watch the video directly in fullscreen (b) download it as video or audio (c) play the audio in the background (d) play it in a small (adjustable) pop-up window that can remain on screen while you browse other apps.

It's still very much in development though. There are random errors that pop up when navigating (not too frequent, but you'll probably see one if you use it for a week or so), and it just recently got the ability to display playlists (you have to manually select the next video after one finishes playing, doesn't have auto-advance feature yet).

There's also the YouTube Downloader for Android, which is not perfect but has served me well: https://dentex.github.io/apps/youtubedownloader/

Just so you know, NewPipe lets you download videos too (although a dedicated app might have a better interface for it)

Another thank-you from me! It also blocks ads!

It doesn't block, it just doesn't implement that particular feature.

* DNS66 for adblocking is pretty cool too

Oh yeah, I totally forgot about DNS66 (works in non-root phones) or AdAway (which is what I use, root required). And also there AFWall+ (and probably others) for firewall duties.

Any idea how does Slide compare with Red Reader, which is another Reddit client in Android ?

The two are quite a bit different.

Slide feels more modern, presents images and videos more prominently and overall, it feels like you're consuming more content. It's also a bit buggier and I found using it to be more strenuous, just because you're going through more content.

RedReader has a much more conservative and simpler navigation scheme, feels more text-focused and more reliable. It's missing some features compared to Slide, for example a "gallery view" for image-focused subreddits or some filtering and customization features, but it also has its own strengths.

For me, RedReader's offline-viewing feature worked a lot better. It (pre-)caches posts while you're reading and then you can just transparently read on when you lose internet. Slide seemed to not cache as much and while it has a separate feature to download entire subreddits' posts at a set time, that never seemed to work reliably for me (again seemed to not cache that much).

Another relatively big detail is that in RedReader, you can vote by sliding a post or comment left/right. In Slide, you have to instead hit a button, which is much harder to do and takes you out of the reading flow.

Sliding is then again reserved in Slide for navigation. For example, you generally slide left to right to go back. That works well, too, makes for a fluid feel, but I find I have to often stop and think for half a second what my slide will do or how I have to slide to do what I want to do. This adds to the strenuous feel, but I can imagine that this becomes really intuitive, if you use the app for a while.

Personally, I actually had both installed most of the time and switched back and forth between them (which also creates problems, like filter lists & settings not being shared).

Most of the time, I spent in RedReader, but that was purely subjective. I liked the simplicity and reliability. I do think that more people would prefer Slide. It seems to follow the design that's currently popular with Reddit apps.

Mind that I've stopped using Reddit about two months ago (when they made up obvious bullshit to excuse not anymore open-sourcing the website code), so that's about how up-to-date I am on these two apps.

Thanks, that was helpful.

Sorry, I haven't used Red Reader. It's better looking than redditisfun and IMO has better UX and customizability than Boost (those two are the other reddit clients I've used).

Damn, I didn't realize I hadn't been updating the Android client. Just did it.

The only sad thing is that the previous no-updates message has been replaced. It used to read "Congratulations! Your apps are up to date (or your repositories are out of date)."

This always tickled me as a perfect evocation of the open-source software spirit: cheerful, optimistic, mildly pedantic, and technically correct.

The new message omits the parenthetical. More user friendly, but missing a bit of FOSS personality.

It is sadly the way that FOSS ends up because of pressures to be more "commercial".

Frankly i dislike the new version, as i much prefer the list layout of the old. Never mind that now i have to dig into the settings to see what apps i have installed that match what is in f-droid repos (and thus can update via f-droid rather than Play).

One of the great things about F-Droid is that it is all free software, so anyone is free to make their own F-Droid client. If you like the old UI, please fork it and maintain it. It shouldn't be much work since the XML app index format is maintained for backwards compatibility.

For more info, see https://gitlab.com/fdroid/fdroidclient/issues/48

I also liked the message the first few times I’ve seen it.

But then I realized the parenthetical was false 99+ percent of the time (I’ll mostly see it when I’d just finished refreshing my repositories) and it became… irksome, exactly because it was mildly pedantic and technically correct.

I dislike the redesign, some parts at least. The bottom navbar particularly irks me. It's a navbar a la iOS, completely nonstandard for Android, where the sliding sidebar is preferred to navigate between sections of the app.

The previous app had perfect compliance with the standard interface guidelines, no unexpected custom elements. This version has them by the truckload. It was much cleaner before, so this feels like a regression (even though I like some parts, such as the "Latest" screen. EDIT: The "Categories" screen is very pleasing and navigable too, were it not for the floating Search button senselessly blocking parts of the screen. I've always hated that trainwreck of an element. Particularly needless in this case: search belongs on a searchbar on the top (most usability and least surprise).

We are aware that it is not to everyone's liking, but we've done our best to modernise and appeal to a wider audience, all the while conducting UX tests and responding to feedback.

One thing we'd really love is for there to be an "F-Droid Light" which forks the previous stable release, strips it down, and offers the essentially app store experience with no bells and whistles on the widest range of devices [0]. Alas we are a small volunteer team and this would add a maintinence burden we can't seem to muster at this point.

[0] - https://gitlab.com/fdroid/fdroidclient/issues/48

Is anything bad going to happen if we stick to a previous version, assuming that there is no security vulnerability in those? I plan to do that, because of the new design. If there's no changes in protocol it should be OK I guess.

We added a new metadata format for this release to deal with translatable metadata, feature graphics, screenshots, etc. The server tools output the old and new metadata to the repository webroot though, so the old version will still be supported for some time. I'm not aware of any plans to completely deprecate and remove it.

> The bottom navbar particularly irks me. It's a navbar a la iOS, completely nonstandard for Android, where the sliding sidebar is preferred to navigate between sections of the app.

Have you seen the YouTube app lately?

The bottom navbar has been part of the Material guidelines for a while now. Sliding sidebars are bad because of the challenges they pose for discoverability.


They are also on top ... with our huge phones, it is a pain to reach.

Anecdotally, resources wise it makes me happy to do not have sliding so I don't need to maintain 3 pages in memory

We actually did a lot of work to make sure that the new UI fit into the design guidelines and actual UI practice. Indeed, we tried to make it feel more natural for more users. Of course, its a big change from the old UI, so that's a big change. Plus its free software, so people who like the old UI can maintain it.

If you are interested in learning more about our design process, you can see it in our issue tracker: https://gitlab.com/fdroid/fdroidclient/issues?milestone_titl...

F-Droid could be improved in next versions, if you will send your feedback (issues, bug reports and feature requests) directly to F-Droid Team ;)

OP's pull request would be to basically revert all commits since last version, I don't think it's helpful. As OP, I was satisfied with the original design, and I really don't want the new one, so I'll keep an older version for as long as I can.

Way off topic, but I don't open imgur links anymore because they trash my data limits.

I just want to open a dumb png/jpeg/whatever url, not megabytes of JS with a purpose I'm unable to divine.


Wow, it's really come a long way since I first started using it.

Last I knew, F-Droid was a linchpin in the FOSS smartphone world. Without it, I'm not sure where people could reliably find FOSS apps (without taking big risks with malware).

If FOSS is important to you, and you don't want to see a (or the) major platform abandoned to proprietary systems, consider supporting F-Droid.

Thank you F-Droid! You guys make a difference.

I hadn't realized until now that you can have F-Droid auto-update your apps(using the Privileged Extension) even on Android 5+. First you have to install this: https://f-droid.org/packages/org.fdroid.fdroid.privileged.ot...

It will download a zip file to /data/data/org.fdroid.fdroid/ota/ that you have to flash. After having flashed that file you can use the regular privileged extension to update the system app: https://f-droid.org/packages/org.fdroid.fdroid.privileged/

The biggest change:

> Screenshots and feature graphics


Finally! The lack of screenshots spurred me to build https://fossdroid.com and opensource it (MIT license).

The F-Droid team is great!

F-Droid is a great project. I wonder why it is not installed on LineageOS by default.

With Android Oreo's install-unknown-apps permission does F-Droid do updates without prompting for each package?

Meta bikeshed: Please stop guessing my locale.

It always used to update once you tick the unknown sources box. That box has become a bit more granular, but nothing like normal operating systems. Even if you tick that box, it will still ask you individually for each app if you trust it as a source of apks. It solves the f-droid issue since f-droid has some signature checks internally. So it's ok to trust f-droid on the whole as an application. However, android has no notion of gpg keys the way regular linux distros add repos/ppas. So you can't add someone's gpg key as a trusted source. If you download an apk in your browser, it will ask you if you want to trust the browser as a trusted source, which is like the universal set of apks.

Maybe, if you also install "F-Droid Privileged Extension"[1] it will give you what you want?

[1] https://f-droid.org/packages/org.fdroid.fdroid.privileged/

Yes, I believe so. I use that to get auto-updates of f-droid apps

So there is a huge side benefit to installing F-Droid, even if you never install any apps from it. It registers as an "app store", so when a link launches the app store your phone asks you which one you would like to launch and you can cancel it.

Edit: holy commas batman.

I think you can disable the auto-open in app settings. I have that setting. I'm on Oreo

Yeah, I think that might be new. Thanks!

The blue 'Download F-Droid' button on that page links to https://f-droid.org/FDroid.apk which, at the time of writing, gives an older version.

The 'Download APK' link below it links to https://f-droid.org/repo/org.fdroid.fdroid_1000010.apk which is version 1.0

EDIT: md5 sums below:

4b0cdb5a40fe3f964aebeca276291b80 org.fdroid.fdroid_1000010.apk

943f2edf663737a56f15f55739bcf148 FDroid.apk

We're doing staged rollouts, so first alpha testers, next current users, last new users.

I tried to pull down from within fdroid and didn't see any update. So I downloaded the apk and it says

The package appears to be corrupted.

Edit: followed https://news.ycombinator.com/item?id=15514309 and i t updated

Thanks for the clarification. I was several versions behind (missed all the 1.0RC releases). They showed in the F-Droid app on my phone when I searched for F-Droid, but not in the 'Updates' tab.

OK, I had F-Droid 0.97 installed. I asked it to update itself. Now it says I have version 0.102.3 installed. Do you have to advance one version at a time, or what?

(Android 4.1.2, kernel 3.4.0).

I was on the 0.103.2 and I had to manually tap on the 1.0 version to update.

I did that, using F-Droid to install/update F-Droid, and it installed, but F-Droid "About" still says 0.103.2. Something in the build or repository is inconsistent.

Discussion on F-Droid forum: [1] F-Droid repository apparently lacked correct F-Droid for a few days. Fixed now. Successfully updated to 1.0.

[1] https://forum.f-droid.org/t/why-isnt-f-droid-on-f-droid/1385...

Thank you, I thought I was going crazy

The Google cache link didn't work. F-droid.org loads fine for me, but if it's not working for others here's an archive.org snapshot: https://web.archive.org/web/20171019193128/https://f-droid.o...

Nice, I was afraid they were going to slow down after this https://forum.f-droid.org/t/so-long-farewell-and-goodbye/600

F-Droid sure has advanced, but I'm not sure that I like in which direction. This new version requires some rather invasive permissions that do not seem to be necessary, such as NFC, Bluetooth, the ability to change wifi state, etc.

F-Droid has been able to share apps over NFC, Bluetooth or wifi for some time. I don't know why they would need to change wifi state though, it does seem that if the user has disabled it then it should be disabled.

I use F-Droid for all my appsing. It's pretty good (though the apps aren't always).

Just updated, looks great! Big thanks to F-Droid team, without you I might have broken down and settled for the Google botnet.

Great app and great team! Congrats!


It is ver. 1.0? Does this mean it has been beta for this whole time?

I am obviously not an Android user. Sorry if this is a dumb question. For whatever reason, the text (mobile Safari, outdated a little) all appears in just one vertical row of letters.

Open-source projects tend to stay below 1.0 much longer than commercial projects, because there's no rush to release a "1.0".

If your software works well enough, people will be using it, no matter what the version number is. You can't stop them from doing that and you really don't want to stop them from doing that either. You'll never get outside contributions, if no one uses your project.

And if it doesn't work well enough, well, it's not like you're selling it for money. You're never going to give a guarantee for it working, whether it's past the 1.0 or not.

Of course, you're going to try to not needlessly break it, if there's people using it, but again, you'll have people using it long before the 1.0. Most likely you're going to be using it yourself, as soon as it's somewhat usable.

As a project, we are not very precious with version numbers. There have been many stable releases before this, but we named it 1.0 because of the shear amount of new features and improvements that went into it (Completely new UX, better management of updates, screenshots, feature graphics, and perhaps most importantly is internationalised metadata (descriptions, summaries, app names, screenshots).

Ah! I get it. Thanks!

I was kind of surprised that it'd be the first stable version as I've heard good things about you for years now. I don't think I've heard any non-good things.

So, F-Droid is on my radar as I consider my next mobile options. My only Microsoft software is my phone. Yup... I'm a Windows Phone user. I know my shame.

I do have an Andoid tablet somewhere. I'll have to check you guys out a bit more.


> internationalised metadata

I hope this includes the version-release dates in the app pages. As a non American, they were always a sticking point, an unintuitively presented piece of information in an otherwise smooth UI flow.

Darn it, that doesn't seem to have changed, unfortunately.

In fact, I can't detect any easily visible change from 0.104 version - I guess it's mostly bugfixes and more subtle changes.

F-Droid 1.0 – is client app. There was few "1.0betaX" before "1.0" release.

f-droid.org – is website of F-Droid project. And, yes, website still in development and has some issues. Hope, F-Droid Team will fix website as soon as possible.

Oh, I know what it is. It's Android apps that are all open source and a store for such - the client app. Android users can also sideload them from the site via APK.

Did they just number the app differently and 1.0 doesn't mean first non-beta release? They've been out for quite a while. I read about them years ago. It would be surprising if their app had been beta this whole time and is just now getting their first non- beta release.

That is the gist of my curiosity. I'm considering an Android device as my next device. F-Droid is on my radar.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact