Mastodon IzzyOnDroid


Say thanks!
↓ Your product here? ↓
Das Inoffizielle Android-HandbuchAndroid kennenlernen, Tipps & TricksDas Inoffizielle Android-Handbuch
Android kennenlernen, Tipps & Tricks
Buy at Amazon for EUR 16,99
Das Inoffizielle Android SystemhandbuchTiefer ins System einsteigenDas Inoffizielle Android Systemhandbuch
Tiefer ins System einsteigen
Buy at Amazon for EUR 7,00
Die besten Android-AppsDen Androiden austattenDie besten Android-Apps
Den Androiden austatten
Buy at Amazon for EUR 5,00
 
help

F-Droid for advanced users and developers

package
F-Droid Package; © Izzy (CC0)

The previous article introduced F-Droid as a privacy-friendly app store providing privacy friendly apps. This article now addresses advanced users who want to get the most out of F-Droid – as well as developers who wish to provide their apps via F-Droid.

In this series:

more F-Droid articles at IzzyOnDroid:

For advanced users: The F-Droid PrivilegedExtension

The previous article showed that the F-Droid app, if it didnt come pre-installed, cannot install updates by itself: for security reasons, only system apps can do so. That’s also why, if the user manually triggers an install, Android’s own Package Manager intervenes and asks the user for confirmation – which does not happen if you use the Google Play Store app, as that’s a system app.

If you want to grant F-Droid that very same privilege, you can do so using the F-Droid PrivilegedExtension. On devices which shipped with F-Droid pre-installed, it of course is already integrated – and custom ROMs shipping with F-Droid integrated, like LineageOS for microG, also come with it. To manually install it where it’s missing, your device needs to meet some requirements:

That given, an installation is not especially hard:

The installation completed, you restart the device („reboot system“) – and immediately profit from the advantages a completely system-integrated F-Droid app offers:

For advanced users, developers, companies, organisations and others: 3rd party repositories

ManageRepos
Repositories verwalten

The previous article already addressed them when talking about options: repositories (package sources). By default, only the official main repo of F-Droid is enabled – and three more repositories are pre-configured:

All pre-configured sources solely provide apps conforming to the strong criteria of the F-Droid project (see below). Nevertheless this menu lets you include other repositories. Those are e.g. provided by developers for their testers. Or by other F-Droid users to provide apps not acceptable to the official repo as they do not comply to all the required criteria (like the IzzyOnDroid Repo does, which you can see in the screenshot).

Those sources have been deliberately excluded. If you want to use such a third-party repository, you must be aware of the risks involved: criteria an app must meet to be included are usually much less strict. That doesn’t necessarily mean all apps in those repos are risky – but that theoretically they could be. Lists of available third-party repositories can e.g. be found

None of these lists claims completeness. After all, everybody and his little sister can run their own F-Droid repository without the need to „register“ it somewhere – but this fact will be discussed in a later article.

For developers: the process of integrating an app with F-Droid

So you’ve created an app and now want it listed at F-Droid? Great! If your app meets the Inclusion Criteria (also see below), there should be nothing standing in its way.

The first step is creating a requests for packaging – after having checked that hasn‘t already be done by someone else or the app even is already listed. In this process you need to fill a form with details needed to get your app listed. By no means should you simply remove the template and fill in „something informal“, as that would make it impossible to process. Next to filling as much fields as possible you should care to provide a meaningful Description – one enabling users to understand what the app is doing and why it should be this app (s)he must install. Description and screenshots can also be maintained in your app’s repository; more on that below. Additionally, any donation links (Liberapay, Bitcoin etc.) must be verifiable – e.g. by also being mentioned in the app’s repository or on its website. This is to protect against abuse, as otherwise anybody could add his/her own Bitcoin address here.

The request saved, within a few ours the „F-Droid Bot“ will show up and check the provided source repo. Results of its check it then posts as another comment on the request – which ideally will be an „all green“ (ie. no issues found). But often it finds some small things that flew below radar level: some pieces not meeting the inclusion criteria (such as a binary library), or some security issue with the setup (like „insecure gradlews“ using http URLs instead of https). For you that means to make some adjustments fixing the indicated issues. If something’s unclear to you and/or you need help, just call out in another comment on the same request. The F-Droid team will be there to help you.

This step successfully taken, an F-Droid team member will create a „Metadata File“ out of the specifications you made and try to build the app. If this succeeds, the metadata file will be committed to the fdroiddata repository, and the app finally build. Before it becomes visible to other F-Droid users, it will need to be signed. For security reasons, that’s another manual step performed „offline“ – to avoid the risk of the signing keys to „escape to the wild“. Which, as every developer will agree, would be quite fatal.

The developer also can make use of reproducible builds. This requires some additional efforts – but comes with the advantage of making „cross updates“ possible: if successfully „reproduced“, F-Droid won‘t sign the APK itself but use the one signed by the developer. Which means there won‘t be any „signature mismatch“ when the app was originally installed via Google Play Store and then updated from F-Droid (or vice versa).

How long it will take from opening the RFP until the app will finally be available in F-Droid is hard to say. If everything goes right and straight, it might be just a few days – but it could as well be several months if problems arise. Plus, the F-Droid team is permanently understaffed; so it might even take a little until someone can pick it up.

In his blog David Boddy describes this process goes easier than it sounds. That he performed several steps himself usually done by F-Droid team members might have contributed to that – so you are welcome to use that as example :)

Core F-Droid GitLab Repositories and what they are used for:

Repo Verwendung
rfp Request for Packaging: Ask to integrate a new app with the F-Droid catalog
fdroiddata Maintain Metadata of all apps
fdroidclient Development and Troubleshooting of the F-Droid Android client
privileged-extension Development and Troubleshooting of the PrivilegedExtension
fdroidserver Development and Troubleshooting of the F-Droid Server Applikation
repomaker Development and Troubleshooting of the RepoMaker Application
fdroid-website things affecting the F-Droid website

 

For developers: acceptance criteria for apps

For an app to be accepted into the official F-Droid catalogue, it needs to meet certain criteria. It is not sufficient to simply provide the APK file (as you can do with Google Play Store or Aptoide): F-Droid only accepts Open Source apps – i.e. all parts of the app must be available as source code, in a public repository for everyone to investigate. This especially means:

For developers: descriptions and screenshots in your on hand

AppScreenshot
App mit Beschreibung und Screenshot

„All About Descriptions, Graphics and Screenshots“ is the title of a document provided by F-Droid in its fundus of documentation. It describes different approaches for the integration of these „Metadata“:

It is definitely a good idea (and highly recommended) to provide screenshots – be it in the app’s repo or in fdroiddata. The corresponding structures allow for different screenshot sizes corresponding to display sizes (phone, tablet). And for descriptions in different languages.

How to make life easier for the F-Droid team – and possibly speed up publication of a new app?

appsmarketsprivacy


  1. For more details, see this Wikipedia article ↩︎

2018-12-23