Conversation

Google have suspended Element in the Play Store without notifying us; we're reaching out to find out what's going on. Apologies for the inconvenience; in the interim there's f-droid.org/en/packages/im but it's a few versions behind. We'll post updates here.

1,205

1,764

Replying to

and

Maybe a good idea to push the newest versions to f-droid at the same time as you push them to play store in the future?

Replying to

and

That's not how the official F-Droid repository works. Developers don't release their apps through it. The way it works is the F-Droid packagers choose apps to package and are responsible for keeping them updated. They could make their own F-Droid repository to do it themselves.

Replying to

and

The issue with that is F-Droid handles it quite poorly and confuses users since the app releases signed with different signatures are incompatible. Perhaps F-Droid should add an app id prefix when using their own signing keys but they aren't doing that. It's a bit of a mess.

Replying to

and

Huh thanks for clearing that up, didn't know it worked that way. It seems that F-droid needs some improvement considering how much it is quickly becoming critical FOSS infrastructure.

Replying to

and

I don't feel like it's on the path to becoming what's needed. For GrapheneOS, we're going to be making our own app install / update system. One of the apps we'll provide in our repo is F-Droid, but we aren't comfortable bundling it with the OS or giving auto-install privileges.

1:39 AM · Jan 30, 2021Twitter Web App

Replying to

and

It has too many issues with usability and maintenance. It has security implications. For example, Android switched to v2 apk signatures in 2016 (Android 7) to address security limitations with the original signing system from the Java world. F-Droid kept using v1 until 2020.

Replying to

and

It could be blamed on lack of resources, but it's their choice to package such a huge number of apps including many that are unmaintained and/or blatantly insecure. Play Store also has minimum API target level for privacy/security reasons, and F-Droid definitely doesn't do that.

Show replies