The beauty of having the Privacy Cookbook online here is that as it grows, I can return to earlier chapters and add additional sections or provide updates, corrections/amendments and new information or developments. The only constant is change and given the rate of change, it is great to have a living, breathing body of work here, a real-time reference manual for all things tech, surveillance and computing.
If you read Chapter 5 on Cellphone Security, we looked specifically at hardening and the best way to keep your cellphone private. You would have seen f-droid mentioned multiple times. In fact, if you read elsewhere in decentralize.today ,, you will often find a link or reference to f-droid, usually in connection with Android cellphones, so today, as a sub-section to the original chapter and section, I am going to look more closely at it ;)
So what is f-droid and why the fuss?
f-droid, unlike Google Play Store, only lists Android apps that are 100% open-source.
Additionally, most of the Google Play Store apps include trackers like Google Analytics, Firebase, CrashLytics etc. This is mainly because most app providers, plus Google itself, want to make money. This is not the model used by f-droid! For them, it's all about you!
Every app on f-droid is 100% open-source and is free! No paid apps and all apps need to be Free-Open-Source-Software (FOSS)...let that sink in!
If you use Android, try to replace your apps with FOSS equivalents in order to have greater privacy and to be more secure!
Android is basically controlled by Google, except when you use Lineage or any other custom made Android versions that do not have the Google apps and framework involved.
But even having achieved this you still need to find apps that are not going to take you back to Google. Even if you use a phone with the Google Framework involved you can still reclaim some privacy back by replacing your apps with FOSS based apps.
You might not find absolutely every app you would have hoped for on f-droid but even in that case there are ways to work around this. Again, the goal is to get apps that are FOSS based and to make f-droid your first stop!
If you are a journalist, a doctor, a lawyer, a Bitcoin Maximalist or simply someone who values and/or requires privacy you should stop acquiring and using apps that have tracking software pre-installed.
f-Droid checks all Source-Code before activating any app on the f-droid store for security and potential trackers. Of course, given the volume of apps and the time & cost involved in running a full audit on each, you cannot expect a 100% bullet proof app store but at least there is some checking in place.
I have also seen reports about fake apps .being pushed in the Google Play Store, apps that can spy on you, that can download your data without your knowledge or permission and even a fake WhatsApp updater was spotted on the mighty Play Store!
On f-droid I haven't heard or seen any such instances or reports.
f-droid was audited in September 2018
A great example how f-droid checks and cleans right down to the code is demonstrated with the Telegram app:
Several proprietary parts were removed from the original Telegram client, including Google Play Services for the location services and HockeySDK for self- updates. Push notifications through Google Cloud Messaging and the automatic SMS receiving features were also removed.
So what to do now and how to install f-droid?
Its pretty simple, visit:
and click Download F-Droid
After you've downloaded the app, install it and start f-droid. Once started you might not see any apps, this is because they need to be synchronized, to do so swipe your finger down the screen and update the store.
Once this is all done you can start downloading apps!
Some really great apps to start with would be
NewPipe does not use any Google Framework libraries, or the YouTube API. It only parses the website in order to gain the information it needs. Therefore, this app can be used on devices without Google Services installed. Also, you don't need a YouTube account to use NewPipe, and it's FOSS.
NitterizeMe (Twitter, YouTube and Instagram redirects)
- Allow to redirect Invidious, Nitter and Bibliogram links to the preferred instances-
- Built-in player that ensures videos are read locally (default disabled) with download and share buttons
- Redirect Google AMP URLs to the original URLs- Remove AMP tracking after unshortening URL
- Add support for Twitter media to convert them into Nitter links
- Unshorten support for buff.ly
Riot gathers all your conversations and app integrations into one single app.
Privacy focused VPN service with WireGuard
blocks the microphone
Available from GitHub for the donation version or f-droid - this will block trackers and ads
as a browser
good for maps
a good choice for avoiding key-logging.
as a e-mail client, see previous section
can be used as a sandbox to trial potential apps
And this one is special as you can have your Play Store experience on the secret side of your phone (if you really need that fix!).
If you are a Nextcloud user, you have a bunch of great Nextcloud apps available to you in the f-droid store
Nextcloud - Synchronization client
NextcloudPasswords - Manage your Nextcloud passwords
Nextcloud Notes - View and edit notes on Nextcloud
Nextcloud Deck - Companion app for Nextcloud Deck
Nextcloud Talk - Have private video calls and chat using your own server.
If you are into Video Calling there is always Jitsi Meet
But f-droid has everything you need, thousands of FOSS apps that will help make your life less trackable and more private. And that is why f-droid deserved to have it's very own sub-section in the Privacy Cookbook.