F-Droid Board of Directors nominations 2026(f-droid.org)

92 pointsby edent5 hours ago2 comments

scrollop4 hours ago
Will F-droid continue when Google bring in their changes, soon?
- microtonal4 hours ago
  Even with Google's changes, F-Droid will continue to work with Android phones that do not use Google GMS.
  If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad.
  - miroljub2 hours ago
    GrapheneOS works only with Pixel devices, which doesn't make it much useful for the vast majority of Android users.
    microtonal2 hours ago
    Indeed. Sadly the reality is that most other Android devices are simply not secure enough. Many Android phones do not have a separate secure enclave (outside Pixel and IISC Samsung flagship and A5x range), so they are vulnerable to breaking PIN-based unlocking, side channel attacks, etc. Besides that they often only provide old vendor kernel trees, old firmware blobs, etc.
    So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc.
    Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse).
    saintfire42 minutes ago
    Reduced security has always annoyed me a bit as an argument. Sort of in the same way as signal deprecating SMS because it's insecure.
    I get all or nothing when your threat model is state actors. However, for most people, the benefit is just freedom from corporate agendas.
    Not everyone needs kernel hardening, or always E2EE (as with signal). Personally I just like the features it provides (e.g. scoped storage, disabling any app including Google play services, profiles etc etc
    Its also an easier sell to people who are apathetic to security when the product is just better and more secure, the same way apple does (for whatever their reasons may be).
    All that said, I get they're limited in funds and manpower, plus the things mentioned at the end there, so I can only be so peeved they chose a target and stuck with it. They typically cite security as the reason, not those other ones, however.
    Novosell4 minutes ago
    Oh man, I am still annoyed about Signal removing SMS support. Had to add another app to my phone and I can now no longer accidentally discover that someone I'm texting has Signal, which happened more than once to me!
    RealStickman_an hour ago
    Perfect really is the enemy of good when it comes to GrapheneOS
  - scrollop3 hours ago
    Would love to ditch google and use grapheneOS, however have so many banking and (stupid) outlook for work.
    amelius3 hours ago
    You can check banking app compatibility here:
    https://privsec.dev/posts/android/banking-applications-compa...
    ekjhgkejhgkan hour ago
    > Would love to ditch google and use grapheneOS
    grapheneOS only works with google phones.
    4gotunameagain16 minutes ago
    I would rather pay a one off ransom to google, than have them harvest all my data and profit from them in perpetuity.
    Better yet, you can buy a used pixel phone.
    burningChrome4 minutes ago
    Pixel 9 Pro handsets are going for around $500 on the secondary markets like ebay. That's a only a single generation off from their current Pixel 10 models and you still get OS and security updates until 2031.
    Not a bad deal and pretty crazy how fast smartphones depreciate now.
    ninjasmosa3 hours ago
    The outlook app works for me on GrapheneOS, is there something about it that doesn't work for you?
    Many banking apps do work on GrapheneOS, the list had already been linked to by others
    TobTobXX3 hours ago
    The outlook webapp is quite decent. I've never used their native app, but I've manahed to get by fine with their webapp, even though notifications don't work (I just check it regularily). IIRC K9/Thunderbird also has support for exchange now.
    ekjhgkejhgkan hour ago
    Why do people need banking on their phones though? Banks have websites too.
    gyulai44 minutes ago
    > Why do people need banking on their phones though? Banks have websites too.
    2FA. I was a smartphone hold-out for longer than anyone I know, but banks mandating 2FA with no options for doing it in a standards-compliant way or any way that doesn't involve the app stores was what finally broke my resistance.
    pmontra41 minutes ago
    This is asked again and again. Apparently you guys in the USA or in other parts of the world are still lucky, but in Europe banks must be compliant with regulation that more or less force them to do 2FA through their app with the biometric authentication of either an Android or an iOS phone. There are other ways (eg giving a hardware OTP generator to customers,) but apps are the cheapest solution.
    zipping154940 minutes ago
    My bank has no website or physical branches. They’re mobile-only, but their app is leaps and bounds ahead of the competition.
    sheiyei3 hours ago
    Apparently a lot of banking apps work with the sandboxed Google malwares. Not sure though, I'm not a user (wrong hardware)
    microtonal2 hours ago
    Correct. I am using my Dutch bank and credit card apps without any issues. Someone linked the curated GrapheneOS banking list already. If your bank does not support it, you could either contact them. If they require remote attestation, this can be implemented for GrapheneOS as well:
    https://grapheneos.org/articles/attestation-compatibility-gu...
    If the bank is very hard-nosed about it, you could consider keeping an old iPhone or Pixel (because long security updates) for banking if it is practical to do for you. 95% without big tech is also a big win. Of course, if you need to have it with you at all times, that might not be a worthwhile option.
    wafflemaker3 hours ago
    can confirm. And there are even some pages that list banking and other apps working on GrapheneOS. It's actually very few that don't work with sandboxed Google Play API.
    edit: https://privsec.dev/posts/android/banking-applications-compa...
    rkagerer2 hours ago
    I don't much like the official Outlook app. Been using Nine for ages, it does everything I've needed.
    kgwxd2 hours ago
    Can you not setup your work email through a regular email client? I thought the days of being locked into Outlook specifically went away with Exchange. Everywhere I've worked since has been able to.
    Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
    duozerkan hour ago
    > Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
    Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app.
    The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on.
    bluebarbet43 minutes ago
    >Close to every bank in the EU requires their user to have an app
    Possibly this was hyperbole but in any case it's not correct at all.
    Anecdotally, of my two EU (massive legacy French) banks, neither requires a mobile app. SMS all the way.
    Even Wise, a cutting-edge neobank, does not require you to use its app. And its website accepts standard TOTP authenticator for 2FA.
    Revolut is app-only, which is why I never use it.
    wafflemaker2 hours ago
    It's way more comfortable to login with fingerprint and not going through a longer login to the website.
    Especially since in many countries it requires a national e-ID that is an app on your phone.
  - echelon3 hours ago
    This piddly open source effort pales in comparison to what we should really be doing:
    Horizontally splitting Google into multiple companies.
    Not division via department splits, but equal partitioning across the company into multiple horizontal businesses that compete on the same offerings.
    The EU and next DOJ/FTC need to force this.
    microtonal2 hours ago
    I agree, but the probability that this is going to happen anytime soon is near-0. The current US administration is not going to rein in the tech broligarchy and if they did, it would be done out of spite and the pieces wold sold to administration-aligned oligarchs (e.g. Ellison), which might end up being worse.
    The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS.
    lukanan hour ago
    The EU simply is not (and should not) be able to split up google who operate international. But they can regulate the EU market and declare that a monopolist cannot operate there as a monopolist and introduce any arbitary rule achieving it.
    microtonalan hour ago
    Yes, though I think that is what echelon was aiming at - the EU saying either you break up or you cannot do business here.
- duskdozer4 hours ago
  As of now, Google isn't destroying non-Google android installs, so F-droid will still work there (correct me if wrong). So until Google takes android fully closed or succeeds in getting popular/necessary apps to blacklist non-Google-verified devices, F-droid still has a role
- izacus2 hours ago
  Is there a KDE/GNOME/kernel-like group forming to take over Android AOSP development and provide free alternative yet?
- 4 hours ago
  undefined
- riedel4 hours ago
  I hope so. The changes can mean two things: people can only use it easily in custom roms (I guess there is an overlap there) or they actually would play with Google: i guess technically they could as well register and sign the stuff with a Google key as the software is all FOSS and would allow defining another responsible developer (otherwise Google would have to through out all FOSS without CLA from their playstore). I guess quitting would be an option, but IMHO the outrage outside the bubble would probably be hardly noticable, so what would be the point?
brador3 hours ago
You always start open source at the kernel.
Linus knew this day 1 and it bows to no one.
- iberator3 hours ago
  what do you even mean?! start what at the kernel?
  kernel is locked and most phones can't be rooted anymore