Conversation

Google have suspended Element in the Play Store without notifying us; we're reaching out to find out what's going on. Apologies for the inconvenience; in the interim there's f-droid.org/en/packages/im but it's a few versions behind. We'll post updates here.

1,205

1,764

Replying to

and

Maybe a good idea to push the newest versions to f-droid at the same time as you push them to play store in the future?

Replying to

and

That's not how the official F-Droid repository works. Developers don't release their apps through it. The way it works is the F-Droid packagers choose apps to package and are responsible for keeping them updated. They could make their own F-Droid repository to do it themselves.

Replying to

and

The issue with that is F-Droid handles it quite poorly and confuses users since the app releases signed with different signatures are incompatible. Perhaps F-Droid should add an app id prefix when using their own signing keys but they aren't doing that. It's a bit of a mess.

Replying to

and

Huh thanks for clearing that up, didn't know it worked that way. It seems that F-droid needs some improvement considering how much it is quickly becoming critical FOSS infrastructure.

Replying to

and

I don't feel like it's on the path to becoming what's needed. For GrapheneOS, we're going to be making our own app install / update system. One of the apps we'll provide in our repo is F-Droid, but we aren't comfortable bundling it with the OS or giving auto-install privileges.

Replying to

and

It has too many issues with usability and maintenance. It has security implications. For example, Android switched to v2 apk signatures in 2016 (Android 7) to address security limitations with the original signing system from the Java world. F-Droid kept using v1 until 2020.

1:41 AM · Jan 30, 2021Twitter Web App

Replying to

and

It could be blamed on lack of resources, but it's their choice to package such a huge number of apps including many that are unmaintained and/or blatantly insecure. Play Store also has minimum API target level for privacy/security reasons, and F-Droid definitely doesn't do that.

Replying to

and

The reason they finally switched to v2+ signatures is that Android starting enforcing it for apps targeting API 30+ as a security improvement. F-Droid had dozens of apps with v1 signatures and API 30+ which all broke for users on Android 11. This impacted GrapheneOS users a lot.

Show replies