F-Droid is a software repository for Android, serving a similar function to the Google Play store. The main repository, hosted by the project, contains only free and open source apps. Applications can be browsed, downloaded and installed from the F-Droid website or client app without the need to register for an account. "Anti-Features" such as advertising, user tracking, or dependence on nonfree software are flagged in app descriptions.[2]
The website also offers the source code of applications it hosts, as well as the software running the F-Droid server, allowing anyone to set up their own app repository.[3][4][5]
History
Development of F-Droid data over time from 2010 through 2018[6]
F-Droid was founded by Ciaran Gultnieks in 2010. The client was forked from Aptoide's source code.[7][8] The project is now run by the English nonprofit F-Droid Limited.[8]
Replicant, a fully free software Android operating system, uses F-Droid as its default and recommended app store.[9][10]The Guardian Project, a suite of free and secure Android applications, started running their own F-Droid repository in early 2012.[11] In 2012, Free Software Foundation Europe featured F-Droid in their Free Your Android! campaign to raise awareness of the privacy and security risks of proprietary software.[12][13] F-Droid was chosen as part of the GNU Project's GNU a Day initiative during their 30th anniversary to encourage more use of free software.[14]
In March 2016 F-Droid partnered with The Guardian Project and CopperheadOS with the goal of creating "a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves".[15]
On 16 July 2019 the project published a "Public Statement on Neutrality of Free Software". This statement was issued to address the project's failure to prevent "oppression or harassment ... at its communication channels, including its forum", controversy surrounding alt-tech social media website Gab, and to explain how Fediverse client Tusky blocking access to it, while client Fedilab allowed its users to choose, was consistent with their principles.[16][17][18][19] Action was considered against several applications, including Purism's Librem One, to exclude them for allowing access to sites such as Gab or spinster.xyz.[20][21][22]
Scope of project
The F-Droid website lists the apps hosted, over 3,800;[23] the Google Play Store lists about 3 million apps.[24] The project incorporates several software sub-projects:
Client software for searching, downloading, verifying, and updating Android apps from an F-Droid repository
fdroidserver – tool for managing existing and creating new repositories
Jekyll-based website generator for a repository
F-Droid builds apps from publicly available and freely licensed source code. The project says it is run entirely by volunteers and has no formal app review process,[25] but some contributors have been paid for their work.[26][27][28] New apps, which must be free of proprietary software are contributed by user submissions or the developers themselves.[29]
Client application
"Get it on F-Droid" badge
F-Droid is not available on the Google Play Store. To install the F-Droid client, the user has to allow installation from "Unknown sources" in Android settings[30] and retrieve the F-Droid Android application package (.apk file) from the official site.
The client was designed to be resilient against surveillance, censorship, and unreliable Internet connections. To promote anonymity, it supports HTTP proxies and repositories hosted on Tor onion services. Client devices can function as impromptu "app stores", distributing downloaded apps to other devices over local Wi-Fi, Bluetooth, and Android Beam.[31][32] The F-Droid client app automatically offers updates for installed F-Droid apps; when the F-Droid Privileged Extension is installed, updates can also be installed by the app itself in the background.[33] However, automatic updates are not turned on by default.[34] The extension requires the device to have root access, or to be able to flash a zip file.[35]
Key management
The Android operating system checks that updates are signed with the same key, preventing others from distributing updates that are signed by a different key.[36][37] Originally, the Google Play store required applications to be signed by the developer of the application, while F-Droid only allowed its own signing keys. So apps previously installed from another source have to be reinstalled to receive updates.[38]
In September 2017 Google Play started offering developers a signing key service managed by Google Play,[39] offering a similar service to what F-Droid offered since 2011, and F-Droid now lets developers use their own keys via the reproducible build process.[40]
^"Liberate Your Device!". Free Software Foundation Europe. Archived from the original on 15 August 2014. Retrieved 27 July 2014.
^"GNU-a-Day". GNU Project. Archived from the original on 28 July 2014. Retrieved 23 July 2014. Day 9: Have an Android phone? Install F-Droid, a repository with hundreds of free software apps.