Comment on Apple removes app created by Andrew Tate
jet@hackertalks.com 1 year agoI couldn’t use my phone at all, without side loading apps. F droid makes side loading open source apps extremely easy, most the apps I use on a daily basis are side-loaded via f droid. My browser, my password manager, my video player, my podcast player, my map system, my VPN, my secure messenger,… none of which are on the main app store.
I’m only using this as an illustration that there is a use case for side loading your own independent ecosystem onto your phone. It gives users more choice
Fight4freedom@sh.itjust.works 1 year ago
You should check out “obtainium”. You can install apps directly from source. github.com/ImranR98/Obtainium
jet@hackertalks.com 1 year ago
That’s super interesting. I looked at the burrito video, justifying the migration away from f Droid. And I agree, there’s a lot of good reasons to use the developer keys directly. One nice benefit of f droid though is ensuring the source code matches the binary. With their recent progress in reproducible builds, and using the developer signing keys for those builds, we get the best of both worlds.
Fight4freedom@sh.itjust.works 1 year ago
I use obtainium for my password manager and a few other apps, i also use f-droid for other apps. The way i understood it, is that f droid uses their own keys for signing apps, different from the source of those apps. But i may be mistaken on that. Also, i use graphene os, even though i believe burritos uninstalled it due to personal issues with the origonal copperhead creator. It still is, imo, the most secure os
jet@hackertalks.com 1 year ago
You are correct. F Droid uses their own signing keys to sign the builds they’ve made. The reproducible builds are verified by fdroid but pass through signed by the developer.
Then we’re getting two levels of protection, fdroid a test that the source code used to build the application is the public source code, and the developer attests that the binary matches the code.
But it’s the early days of reproducible builds, I think they just had an announcement where 120 builds are reproducible.