Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Fenix
Discontinued ⚠️ Fenix (Firefox for Android) moved to a new repository. It is now developed and maintained as part of: https://github.com/mozilla-mobile/firefox-android
-
Iceraven also has an option to prevent frequent tab reloading[1], a problem that many users of Firefox have on Android[2].
[1] https://github.com/fork-maintainers/iceraven-browser/issues/...
[2] https://github.com/mozilla-mobile/fenix/issues/12731
Iceraven also has an option to prevent frequent tab reloading[1], a problem that many users of Firefox have on Android[2].
[1] https://github.com/fork-maintainers/iceraven-browser/issues/...
[2] https://github.com/mozilla-mobile/fenix/issues/12731
One of the important Android security features is the signature enforcement model. All Android apps must be signed, and the OS will refuse to ipdates to an installed app must have the same signature as the current version. [1] On the Play Store, apps are signed by each individual developer. Consequently, as long as the APK file distributed by the Play Store was not compromised at the time of initial install, you can be reasonably confident that any updates distributed through the Play Store are coming directly from the app developer and have not been modified by Google or any other party. (Play Store, Play Services and the other system-level Google apps have a wide array of scary permissions, so you should assume it's still possible through some convoluted "backdoor" method. That's a separate discussion, though.)
F-Droid sort of breaks the signature enforcement model because apps on F-Droid are signed by the F-Droid server, rather than the individual app developers.
If you trust the app developer (as you should, especially with proprietary software, but also with complex open source software like web browsers), this model is probably ideal. Android's strict sandbox and permission model reduces the amount of trust you need to place in individual app developers anyway.
On the other hand, if you trust F-Droid, you can be reasonably confident that the APK file you receive from F-Droid corresponds to the source tarball from F-Droid, and you can inspect the source to verify that the APK doesn't contain malware. Additionally, the F-Droid team manually reviews the source code for each app before approving it. But keep in mind that if F-Droid were compromised, it would be easy to sneak malware into any app on the store.
Overall, I would trust F-Droid for most purposes. I still prefer APK files signed directly by the original developer for critical apps like Signal. In fact, one of the reasons Signal isn't on F-Droid is because the developer doesn't believe it provides enough security. [2]
[1] https://source.android.com/security/apksigning
[2] https://github.com/signalapp/Signal-Android/issues/281#issue...