The beauty of having the Privacy Cookbook online here is that as it grows, I can return to earlier chapters and add additional sections or provide updates, corrections/amendments and new information or developments.  The only constant is change and given the rate of change, it is great to have a living, breathing body of work here, a real-time reference manual for all things tech, surveillance and computing.

If you read Chapter 5 on Cellphone Security, we looked specifically at hardening and the best way to keep your cellphone private. You would have seen f-droid mentioned multiple times. In fact, if you read elsewhere in decentralize.today ,, you will often find a link or reference to f-droid, usually in connection with Android cellphones, so today, as a sub-section to the original chapter and section, I am going to look more closely at it ;)

So what is f-droid and why the fuss?

f-droid, unlike Google Play Store, only lists Android apps that are 100% open-source.

Additionally, most of the Google Play Store apps include trackers like Google Analytics, Firebase, CrashLytics etc. This is mainly because most app providers, plus Google itself, want to make money. This is not the model used by f-droid! For them, it's all about you!

Every app on f-droid is 100% open-source and is free! No paid apps and all apps need to be Free-Open-Source-Software (FOSS)...let that sink in!

https://de.wikipedia.org/wiki/Foss

If you use Android, try to replace your apps with FOSS equivalents in order to have greater privacy and to be more secure!

Android is basically controlled by Google, except when you use Lineage or any other custom made Android versions that do not have the Google apps and framework involved.

But even having achieved this you still need to find apps that are not going to take you back to Google. Even if you use a phone with the Google Framework involved you can still reclaim some privacy back by replacing your apps with FOSS based apps.

You might not find absolutely every app you would have hoped for on f-droid but even in that case there are ways to work around this. Again, the goal is to get apps that are FOSS  based and to make f-droid your first stop!

If you are a journalist, a doctor, a lawyer, a Bitcoin Maximalist or simply someone who values and/or requires privacy you should stop acquiring and using apps that have tracking software pre-installed.

f-Droid checks all Source-Code before activating any app on the f-droid store for security and potential trackers. Of course, given the volume of apps and the time & cost involved in running a full audit on each, you cannot expect a 100% bullet proof app store but at least there is some checking in place.

I have also seen reports about fake apps .being pushed in the Google Play Store, apps that can spy on you, that can download your data without your knowledge or permission and even a fake WhatsApp updater was spotted on the mighty Play Store!

Fake WhatsApp Updater on Google Play Store Served Malware to Users
The Google Play Store has been found to have a fake WhatsApp updater which redirects people to install the malware “Cold Jewel Lines”. Read on to know more!

On f-droid I haven't heard or seen any such instances or reports.

f-droid was audited in September 2018

Second Security Audit Results | F-Droid - Free and Open Source Android App Repository
The second full security audit of F-Droid is complete. We aresatisfied with the results, which confirmed again that the coresecurity model and standard oper...

A great example how f-droid checks and cleans right down to the code is demonstrated with the Telegram app:

Several proprietary parts were removed from the original Telegram client, including Google Play Services for the location services and HockeySDK for self- updates. Push notifications through Google Cloud Messaging and the automatic SMS receiving features were also removed.

So what to do now and how to install f-droid?

Its pretty simple, visit:

https://f-droid.org/

and click Download F-Droid

After you've downloaded the app, install it and start f-droid. Once started you might not see any apps, this is because they need to be synchronized, to do so swipe your finger down the screen and update the store.

Once this is all done you can start downloading apps!

Some really great apps to start with would be

NewPipe (YouTube)

NewPipe does not use any Google Framework libraries, or the YouTube API.  It only parses the website in order to gain the information it needs.  Therefore, this app can be used on devices without Google Services  installed. Also, you don't need a YouTube account to use NewPipe, and  it's FOSS.

NitterizeMe (Twitter, YouTube and Instagram redirects)

  • Allow to redirect Invidious, Nitter and Bibliogram links to the preferred instances-
  • Built-in player that ensures videos are read locally (default disabled) with download and share buttons
  • Redirect Google AMP URLs to the original URLs- Remove AMP tracking after unshortening URL
  • Add support for Twitter media to convert them into Nitter links
  • Unshorten support for buff.ly

Riot.im

Riot gathers all your conversations and app integrations into one single app.

iVPN

Privacy focused VPN service with WireGuard

PilferShush Jammer

blocks the microphone

NetGuard

Available from GitHub for the donation version or f-droid - this will block trackers and ads

Fennec

as a browser

OSMAnd+

good for maps

AnySoftKeyboard

a good choice for avoiding key-logging.

FairEmail

as a e-mail client, see previous section

Shelter

can be used as a sandbox to trial potential apps

And this one is special as you can have your Play Store experience on the secret side of your phone (if you really need that fix!).

If you are a Nextcloud user, you have a bunch of great Nextcloud apps available to you in the f-droid store

dt.gl - privacy cookbook Nextcloud home office app
Let’s start with an explanation as to what Nextcloud is? It’s a fully open source storage and productivity platform that keeps you in control. It’s a monster when it comes to features and you can seriously look to making it your full blown android/google and desktop as well as iCloud replacement! …

Nextcloud - Synchronization client

NextcloudPasswords - Manage your Nextcloud passwords

Nextcloud Notes - View and edit notes on Nextcloud

Nextcloud Deck - Companion app for Nextcloud Deck

Nextcloud Talk - Have private video calls and chat using your own server.

If you are into Video Calling there is always Jitsi Meet

dt.gl - Jitsi Meet is a solid video conference with encryption option
Since the lockdown, Zoom had become the goto tool for video conferencing. But the list of incidences, including their claim of End-to-End Encryption that was never actually implemented, have made Zoom one of the worst choices you can make. One product that you can use is Jitsi Meet.

But f-droid has everything you need, thousands of FOSS apps that will help make your life less trackable and more private. And that is why f-droid deserved to have it's very own sub-section in the Privacy Cookbook.