Open MarkSchmidty opened 3 years ago
Simply run a cron job to scrape for updates from the XML pages for a list of repos and analyze everything in a queue.
The amount of apps in these repos is not that high. So this may actually be the easiest and most user-friendly solution.
Why do people trust one of the 20 different builds of Signal Messenger in the above repos over any other one? Should they be trusting repos maintained by random strangers on the internet? What would an analysis reveal about these questions?
Neo Store offers some of these by default so it would be great.
The problem: Privacy conscious users frequently install apps from unofficial F-Droid compatible repositories. For example, https://guardianproject.info/fdroid/ for Tor Project software, EFF software, and other privacy software. There's currently no good way of knowing if tracking is being added or removed to builds in these repos.
Since these repos are all F-Droid compatible already, adding support to the submit for analysis page should be fairly straight forward. (Once Exodus can support just one unofficial F-Droid repo, it should be able to support them all.)
Here are some of the more popular F-Droid compatible repos used by privacy conscious people:
(Larger and frequently updated list here: https://codeberg.org/mondstern/F-Droid-Paketquellen/wiki )
Potential Solution 1: (open-ended approach)
Allow users to pass an alternative repository URL (like
https://guardianproject.info/fdroid/repo
) in a text-entry field. Pros:Cons:
Potential Solution 2: (curated approach)
Start with one additional unofficial F-Droid repo (e.g. Guardian Project) and entertain requests for additional repos later. Pros:
Cons
Possible conflicts: