That's not how the official F-Droid repository works. Developers don't release their apps through it. The way it works is the F-Droid packagers choose apps to package and are responsible for keeping them updated. They could make their own F-Droid repository to do it themselves.
Conversation
The issue with that is F-Droid handles it quite poorly and confuses users since the app releases signed with different signatures are incompatible. Perhaps F-Droid should add an app id prefix when using their own signing keys but they aren't doing that. It's a bit of a mess.
5
22
Huh thanks for clearing that up, didn't know it worked that way. It seems that F-droid needs some improvement considering how much it is quickly becoming critical FOSS infrastructure.
1
6
I don't feel like it's on the path to becoming what's needed. For GrapheneOS, we're going to be making our own app install / update system. One of the apps we'll provide in our repo is F-Droid, but we aren't comfortable bundling it with the OS or giving auto-install privileges.
1
11
It has too many issues with usability and maintenance. It has security implications. For example, Android switched to v2 apk signatures in 2016 (Android 7) to address security limitations with the original signing system from the Java world. F-Droid kept using v1 until 2020.
1
12
It could be blamed on lack of resources, but it's their choice to package such a huge number of apps including many that are unmaintained and/or blatantly insecure. Play Store also has minimum API target level for privacy/security reasons, and F-Droid definitely doesn't do that.
1
10
The reason they finally switched to v2+ signatures is that Android starting enforcing it for apps targeting API 30+ as a security improvement. F-Droid had dozens of apps with v1 signatures and API 30+ which all broke for users on Android 11. This impacted GrapheneOS users a lot.
1
9
The apps got detected as invalid after booting up the Android 11 upgrade and forcefully disabled. It's invalid to have an app with v1 signature and API 30+. Unfortunately, the F-Droid developers don't seem to test on modern Android. F-Droid itself has an old target API level.
2
10
Very sensible not to have it preinstalled/default with all these issues considered, but it is still the main recommended source of FOSS apps. I am very weary of apps on F-droid which haven't been updated in a long time. Looking forward to what GOS comes up with!
1
Also while you are here thanks for getting GrapheneOS to accept Monero donations! Anecdotally that has convinced a few people to say they would donate now that it can be done privately.
1
2
Should thank the Trezor developers for adding support for Monero. If I had been able to use it with a hardware wallet earlier, would have done it earlier. When I checked up on it to see if it was finally possible, I was able to do it. It's still a bit annoying (different wallet).
One of my few gripes with Monero is that (in the past) during protocol upgrades sometimes the hardware wallets are slow to catch up. I think recently there is more communication between the HW wallet devs and the Monero community, so hopefully this issue will not resurface.
1