Add to fdroid

[Thewisem]

Add your app to the fdroid store, an open source store that is filled with open source apps

[Morpheus0x]

+1 F-Droid would be awesome

[b3pio]

Inclusion on F-Droid app store would be fantastic, if not the main f-droid repo then consider IzzyOnDroid repo. Personally I'd also like to see you consider completely removing the 'Google Firebase Analytics' tracker or at least replacing with a privacy respecting analytics tracker in future versions please.

[julianfairfax]

Please do add this app to F-Droid!

[DanielProg39]

Inclusion on F-Droid app store would be fantastic, if not the main f-droid repo then consider IzzyOnDroid repo. Personally I'd also like to see you consider completely removing the 'Google Firebase Analytics' tracker or at least replacing with a privacy respecting analytics tracker in future versions please.

Yes, as of a great replacement of Google Analitycs I would recommend Matomo, which is privacy friendly, self-hosted and FOSS

[ghost]

Yes, as of a great replacement of Google Analitycs I would recommend Matomo, which is privacy friendly, self-hosted and FOSS

Plausible is also a great alternative to Matomo simple and easier to use too in my Opinion.

[DanielProg39]

Yes, as of a great replacement of Google Analitycs I would recommend Matomo, which is privacy friendly, self-hosted and FOSS

Plausible is also a great alternative to Matomo simple and easier to use too in my Opinion.

I agree with you, but if developers are used to Google Analitycs, Matomo will be more familiar in terms of functionality and interface

[Dwynr]

We actually don't use any kind of analytics for our app. Just take a look at the source, you won't find any, neither Google Firebase nor anything else

[Morpheus0x]

We actually don't use any kind of analytics for our app. Just take a look at the source, you won't find any, neither Google Firebase nor anything else

According to this analysis it does... https://reports.exodus-privacy.eu.org/en/reports/203669/ Also the build.gradle file includes the com.google.gms class

[Dwynr]

The scan just looks for google signatures. We never actually initialize any trackers, the gms lib is imported because it includes more functionality than just a tracker.

[Morpheus0x]

Ok thank you, makes sense

[bingoxo]

@IzzySoft do you mind adding it to your repo ?

[IzzySoft]

Without any description or screenshots I actually do mind :wink: How about adding Fastlane Structures to this repo? F-Droid would want to have that, too, once you reach that.

But my scanner would find the same structures and complain, let me check…

Offending libs:
---------------
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Play Services Places Placereport (/com/google/android/gms/places_placereport): NonFreeDep,NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): Tracking

5 offenders.

Ugh… even louder…

We never actually initialize any trackers,

Then why including them at all? Did you try to exclude them?

the gms lib is imported because it includes more functionality than just a tracker.

And which of those do you need so urgently to taint a FOSS app with a proprietary dependency? :wink:

[bingoxo]

@IzzySoft for description and screenshots you can use : https://play.google.com/store/apps/details?id=io.filen.app&hl=en_US&gl=US

as for the other stuff the devs would need to answer those as i'm just an end user , they are revamping the app though so hopefully some or even all the issues you mentioned will be fixed in the near future

[IzzySoft]

@bingoxo confirmed: I can initially import metadata from that (I have a tool in my repo that does this). Though the other issues must be addressed first.

[bingoxo]

@IzzySoft can you please check if the latest update is suitable ?

[IzzySoft]

Better already:

Offending libs:
---------------
* Play Install Referrer Library (/com/android/installreferrer): NonFreeDep,NonFreeNet,Tracking
* Android Market (/com/google/android/finsky): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep

3 offenders.

Not yet suitable for F-Droid (no NonFreeDep allowed) – and unfortunately too big for my repo (limit: ~30 MB)… Maybe an armeabi only build could fit in, that should be slightly below the 30 MB limit.

[nep2ner]

It would be great to see a fully FOSS version of Filen on F-Droid! This would put me all in on the Filen train. If Filen offered this, they would be the only player in this space, which is surely a competitive edge.

[julianfairfax]

The scan just looks for google signatures. We never actually initialize any trackers, the gms lib is imported because it includes more functionality than just a tracker.

Yeah same question as Izzy, what functionality is there that you're using? The app worked fine last I tried on my degoogled device. If there actually is something missing feature, I'm sure it'd be fine if it was only available on the Google Play Store version, and if a separate version of the app existed on F-Droid without it.

[julianfairfax]

I can't find where GMS is referenced in the code. And I still don't understand why it's needed.

[IzzySoft]

It's most likely a dependency of a dependency, so it becomes only visible at build time (when all the dependencies are resolved) – an ugly fact with all Node stuff. Have you tried npm list (see https://stackoverflow.com/a/47040266) to find out?

[Flam3z]

New User here, is there any progress on adding this to the f-droid store? considering there are many who are trying to move away from google. Adding it there would of course bring more customers.

[julianfairfax]

We actually don't use any kind of analytics for our app. Just take a look at the source, you won't find any, neither Google Firebase nor anything else

Any progress on F-Droid inclusion then? Why does it say it requires GMS? @IzzySoft does F-Droid's scanner show any useful details? I could just open a request for packaging there?

[IzzySoft]

@julianfairfax you could open an RFP, but we would be unable to process it unless above quoted dependencies are gone. And those results are of one of the scanners used at F-Droid (which you find in the issuebot results as "APK library scanner" – I wrote that one). And again as pointed out: if it wasn't explicitly included for some reason, it was dragged in by a dependency.

[MalteKiefer]

I added to my personal repo:

https://repo.beli3ver.de/

It is not F-Droid but an F-Droid repo.

[licaon-kter]

This draft recipe metadata/io.filen.app.yml

AntiFeatures:
  - NonFreeNet
Categories:
  - Network
License: AGPL-3.0
AuthorName: Filen
AuthorEmail: support@filen.io
AuthorWebSite: filen.io
SourceCode: https://github.com/FilenCloudDienste/filen-mobile
IssueTracker: https://github.com/FilenCloudDienste/filen-mobile/issues

AutoName: Filen

RepoType: git
Repo: https://github.com/FilenCloudDienste/filen-mobile

Builds:
  - versionName: 2.0.18
    versionCode: 218
    commit: bdf224f6881416cf9635fb0723df5190081498fa
    subdir: android/app
    sudo:
      - sysctl fs.inotify.max_user_watches=524288
      - apt-get update || apt-get update
      - apt-get install -y openjdk-11-jdk-headless
      - update-alternatives --auto java
      - curl -Lo node.tar.xz https://nodejs.org/dist/v16.16.0/node-v16.16.0-linux-x64.tar.xz
      - echo "edcb6e9bb049ae365611aa209fc03c4bfc7e0295dbcc5b2f1e710ac70384a8ec node.tar.xz"
        | sha256sum -c -
      - tar xJf node.tar.xz
      - cp -a node-v16.16.0-linux-x64/. /usr/local/
      - npm i -g npm@8.5.5
    init: npm install
    gradle:
      - yes
    scanignore:
      - node_modules/jsc-android
      - node_modules/react-native/android
    scandelete:
      - node_modules/
    ndk: r21e

AutoUpdateMode: Version
UpdateCheckMode: Tags
CurrentVersion: 2.0.18
CurrentVersionCode: 218

...fails:

2022-08-10 14:52:40,844 DEBUG: > bash -x -c -- npm install
+ npm install
npm notice 
npm notice New minor version of npm available! 8.5.5 -> 8.16.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.16.0>
npm notice Run `npm install -g npm@8.16.0` to update!
npm notice 
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: filen-mobile@2.0.18
npm ERR! Found: react@17.0.2
npm ERR! node_modules/react
npm ERR!   react@"17.0.2" from the root project
npm ERR!   peer react@"^16.8.0  || ^17.0.0 || ^18.0.0" from react-use@17.4.0
npm ERR!   node_modules/react-use
npm ERR!     react-use@"^17.3.2" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^18.2.0" from react-dom@18.2.0
npm ERR! node_modules/react-dom
npm ERR!   peer react-dom@"^16.8.0  || ^17.0.0 || ^18.0.0" from react-use@17.4.0
npm ERR!   node_modules/react-use
npm ERR!     react-use@"^17.3.2" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/vagrant/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/vagrant/.npm/_logs/2022-08-10T14_52_41_054Z-debug-0.log
ERROR: Could not build app io.filen.app: Error running init command for io.filen.app:2.0.18

As usual node apps need hand from the dev, so which npm? nodejs? special steps?

[julianfairfax]

This draft recipe metadata/io.filen.app.yml

[...]

...fails:

2022-08-10 14:52:40,844 DEBUG: > bash -x -c -- npm install
+ npm install
npm notice 
npm notice New minor version of npm available! 8.5.5 -> 8.16.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.16.0>
npm notice Run `npm install -g npm@8.16.0` to update!
npm notice 
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: filen-mobile@2.0.18
npm ERR! Found: react@17.0.2
npm ERR! node_modules/react
npm ERR!   react@"17.0.2" from the root project
npm ERR!   peer react@"^16.8.0  || ^17.0.0 || ^18.0.0" from react-use@17.4.0
npm ERR!   node_modules/react-use
npm ERR!     react-use@"^17.3.2" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^18.2.0" from react-dom@18.2.0
npm ERR! node_modules/react-dom
npm ERR!   peer react-dom@"^16.8.0  || ^17.0.0 || ^18.0.0" from react-use@17.4.0
npm ERR!   node_modules/react-use
npm ERR!     react-use@"^17.3.2" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/vagrant/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/vagrant/.npm/_logs/2022-08-10T14_52_41_054Z-debug-0.log
ERROR: Could not build app io.filen.app: Error running init command for io.filen.app:2.0.18

As usual node apps need hand from the dev, so which npm? nodejs? special steps?

@Dwynr

[DanielProg39]

I was thinking for a while, btw: why wouldn't Filen host their own F-droid repo? There are many teams out there who host their own repos with their software (Bitwarden, Collabora Office, Bromite etc.).

[julianfairfax]

I was thinking for a while, btw: why wouldn't Filen host their own F-droid repo? There are many teams out there who host their own repos with their software (Bitwarden, Collabora Office, Bromite etc.).

Because there's no reason that they should have to. Bitwarden does it because F-Droid can't build Xaramin apps. I don't know about the other two but you shouldn't just host your own repo because you don't want to comply with inclusion criteria.

[licaon-kter]

@DanielProg39 interesting enough your examples are about apps that can't be build in a FOSS way from FOSS deps :)

[julianfairfax]

@DanielProg39 interesting enough your examples are about apps that can't be build in a FOSS way from FOSS deps :)

Oh also Collabora and Bromite? What's going on with them?

[licaon-kter]

@julianfairfax Collabora started a RFP then made their own repo promising that... in the future... etc... But time passed.

Bromite, as with other Chrome-ium forks, is a pain to build in general, let alone in a FOSS way. See F-Droid "unobtanium" issues/mrs.

[licaon-kter]

Or you can close this issue and say you are not interested in hosting on F-Droid. What's the point of this back and forth exactly?

NewPipe depends on Google's whims, it breaks every 4 months or so (was broken last week again fyi) and users go mad in the F-Droid forums/gitlab when that happens. I'm recommending using their repo as the update will come when it's ready vs when F-Droid get a chance to pickup, build and publish.

All the other apps don't have such limitations or their limitations can survive an update every 3-4 days.

[julianfairfax]

@Dwynr Can you please look into this? https://gitlab.com/fdroid/rfp/-/issues/2159#note_1057631962 If fixed it would allow your app to be added to F-Droid

[julianfairfax]

@Dwynr Can you please look into this? https://gitlab.com/fdroid/rfp/-/issues/2159#note_1057631962 If fixed it would allow your app to be added to F-Droid

See https://gitlab.com/-/snippets/1896503#flutter-and-geolocation for solutions. Following the instructions here will give you a drop-in replacement: https://gitlab.com/-/snippets/1896503#note_575517348

[TechD123]

It's somewhat absurd that Filen hasn't worked to demonstrate it's independence from Big Tech in this very straightforward way. Without getting into the details of having an app published on F-Droid: if the devs have abandoned this issue for more than two years, maybe just make it an auto-updating APK, like Signal does it. Am opening an issue for this now.

[DanielProg39]

Yes, if so, it would also be great if Filen could host its own Fdroid repository. It should at least be a temporary measure before the app is added to the official Fdroid repo.

[trymeouteh]

Please add on fdroid for us degoogled android users

[Moon-Mind]

U could install the APK there is No difrenze or use https://github.com/ImranR98/Obtainium if you are laszy

[licaon-kter]

@Moon-Mind you've read above how the app is not currently FOSS, right?

The difference is that being in F-Droid it means that it was cleaned up of the non-FOSS stuff the Github release has (and that Obtainium would give you).

[SimplyAnotherAnon]

After 2 years, still nothing?

[RasheedAZ]

Please remove the non-free dependencies and submit to F-Droid for inclusion. I've convinced many customers to subscribe to Filen exactly because it's open source and e2e encrypted.

The people who most value Filen features including privacy and free software are on degoogled OSes and Linux phones. They do not want to go through Google to get your app :)

Thanks.

[DanielProg39]

They do not want to go through Google to get your app :)

There's still an option to install it from GitHub releases, probably using something like Obtainium, for more convenience. But I totally agree that F-droid is far more preferred option.

[RasheedAZ]

Not on F-Droid means it's probably not completely FOSS. That's the real issue, not getting an apk...

[tockudex]

I've convinced many customers to subscribe to Filen exactly because it's open source and e2e encrypted.

I'd also strongly recommend it to friends and family, if it wasn't for the proprietary libraries and trackers. Therefore, a FOSS release on the official F-Droid repository would be much appreciated to not say required.