[Feature Request] Support popular unofficial F-Droid repos

[MarkSchmidty]

The problem: Privacy conscious users frequently install apps from unofficial F-Droid compatible repositories. For example, https://guardianproject.info/fdroid/ for Tor Project software, EFF software, and other privacy software. There's currently no good way of knowing if tracking is being added or removed to builds in these repos.

Since these repos are all F-Droid compatible already, adding support to the submit for analysis page should be fairly straight forward. (Once Exodus can support just one unofficial F-Droid repo, it should be able to support them all.)

Here are some of the more popular F-Droid compatible repos used by privacy conscious people:

Antox           https://pkg.tox.chat/fdroid/repo
Bitwarden       https://mobileapp.bitwarden.com/fdroid/repo
Briar           https://briarproject.org/fdroid/repo
Bromite         https://fdroid.bromite.org/fdroid/repo
CalyxOS         https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo
Firefox unofficial  https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo
Guardian Project    https://guardianproject.info/fdroid/repo
I2P         https://f-droid.i2p.io/repo/
IzzyOnDroid     https://apt.izzysoft.de/fdroid/repo/
Kali Nethunter      https://store.nethunter.com/repo
KDE         https://cdn.kde.org/android/fdroid/repo
microG          https://microg.org/fdroid/
Molly           https://molly.im/fdroid/repo
Newpipe         https://archive.newpipe.net/fdroid/repo
Protox          https://submarine.strangled.net/fdroid/repo
PurpleI2P       https://fdroid.i2pd.xyz/fdroid/repo
Riot            https://fdroid.krombel.de/riot-stable/fdroid/repo
Umbrella        https://secfirst.org/fdroid/repo
Ungoogled Chromium  https://www.droidware.info/fdroid/repo

(Larger and frequently updated list here: https://codeberg.org/mondstern/F-Droid-Paketquellen/wiki )

Potential Solution 1: (open-ended approach)

Allow users to pass an alternative repository URL (like https://guardianproject.info/fdroid/repo) in a text-entry field. Pros:

• Supports all F-Droid compatible repos, past, present, and future
• Prevents requests for additional repo support
• User-summited repo data provides insights and trends on unofficial repo usage

Cons:

• Not terribly user-friendly (so, call it an "experimental" feature and collect submission info to improve it)
• Some submission sanitization will be necessary (as with any text submission field)
• Analysis results page will need to parse and display arbitrary repositories beyond F-Droid Official and Google Play

Potential Solution 2: (curated approach)

Start with one additional unofficial F-Droid repo (e.g. Guardian Project) and entertain requests for additional repos later. Pros:

• More user friendly
• Gets something shipped faster
• No need to deal with potential edge cases of other repos (ex. some repo has an unusually long url, etc.)

Cons

• Less user-choice
• Devs will have to field requests for additional repos (though this could be streamlined)
• Lacks the high-quality indicator of unofficial repo popularity provided in the open-ended solution.

---

Possible conflicts:

1. This may effect or be dependent on the way #393 (F-Droid pulling beta versions) will be handled.
2. Unofficial F-Droid repos differ in whether APKs their are built with automated CI or are simply user-submitted builds.
3. Different repos may have identical naming and versioning for builds that are not-identical to builds from other repos.

[MarkSchmidty]

Potential Solution 3

Simply run a cron job to scrape for updates from the XML pages for a list of repos and analyze everything in a queue.

The amount of apps in these repos is not that high. So this may actually be the easiest and most user-friendly solution.

Why do people trust one of the 20 different builds of Signal Messenger in the above repos over any other one? Should they be trusting repos maintained by random strangers on the internet? What would an analysis reveal about these questions?

[yoshimo]

Neo Store offers some of these by default so it would be great.