Yay, a well backed Linux based OS for mobile!
Android Open Source Project
(AOSP)
ROMs
- Control
- Support
- Customization
- Freedom
- ...
Current ROM situation
- Support many devices
- Documentation
- Community
Software situation?
An alternative to Google Play
Mi store
AppVn
Aptoid
a.d.cn
F-Droid: The "app store"
- Search and browse for apps
- Update notifications
- Screenshots
- Localized (over 40 languages and growing)
F-Droid: the "package manager"
- Packages from source
- No account necessary
- No tracking
- No advertising
- Decentralisation
- ...
Plus a number of other things
repomaker
: Desktop/Web frontend to fdroidserver
update-channels
: Libs to use F-Droid repositories into other apps
fdroidcl
: (Unofficial) CLI client for managing apps via USB
Fossdroid-Core
: (Unofficial) Web front-end for F-Droid repositories
- ...
Privacy, Security, and Freedom
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Request for Packaging
Build metadata
Categories: Games
License: GPL-3.0
Description: ...
...
Build metadata
Repo Type:git
Repo:https://github.com/lexica/lexica
Build:0.10.0,1000
commit=v0.10.0
subdir=app
gradle=yes
Flag any anti features
- Ads The app contains advertising
- Tracking The app tracks and/or reports your activity to somewhere, either without your permission, or by default (i.e. you’d have to actively disable it)
- Non-free Network Services The app promotes/depends on a non-Free network service
- Non-free Addons The app promotes other non-Free apps or plugins
- Non-free Dependencies The app depends on another non-Free app (e.g. Google Maps)
- Upstream Non-free The upstream source is non-free - the F-Droid version is patched to fix this
- Non-free Assets The app contains non-free assets
- Known Vulnerability The APK has a known security vulnerability
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Verification Servers
...automatically reproduce official releases published by f-droid.org to ensure that everything in the release APK came from the source code, and nothing was inserted or included during the build process
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Android Signing Model
- .apk files are signed by developers
- OS will only update packages if the update is signed by the same cert
Typical Signing Process
Dev machine:
- Build .apk
- Sign .apk with certificate stored on disk
Good Signing Process
Build machine:
- Build .apk
- Copy .apk to USB for transfer to signing machine
Airgapped machine:
- Sign with a cert stored on a HSM
- Transfer to internet connected machine via USB
Paranoid Great Signing Process
https://f-droid.org/docs/Building_a_Signing_Server/
- Buy a computer off the shelf with cash, avoid having it shipped, especially across borders
- Buy a Debian-supported Chromebook with removeable WiFi hardware, and needs no binary blobs
- Install a reproducibly built coreboot binary
- Install from a reproducibly built Debian image, wiping out Chrome OS entirely
- ...
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Reproducible builds
F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures
https://f-droid.org/docs/Reproducible_Builds/
- Avoid F-Droid having to sign anything
- Moves a bit more trust from F-Droid to the dev
- More difficult than the verification server (dev builds using F-Droid tools)
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Verifying signed metadata
Pinned certificates for f-droid.org
and guardianproject.info
Pinned certificates
app/src/main/res/values/default_repos.xml
(link)
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string-array name="default_repos">
<item>F-Droid</item>
<item>https://f-droid.org/repo</item>
<item>3082035e308...</item> <!-- pubkey -->
...
Verifying signed metadata
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Distributing metadata + respecting privacy
- No accounts
- HTTPS (certificate pinning issue #105)
- Tor
Leaking identifying information to servers
- HTTP ETag
- TLS sessions (issue #984)
- Language preferences
Repository mirrors
Not setup for f-droid.org
yet (issue #46)
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Distributing apps
- Checksum
- Hash checks
- External/Internal storage
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Installing apps
How does Google Play do it? It is blessed.
How does F-Droid do it?
Package Manager
Privileged Extension
- Flash like a ROM (or like
gapps.zip
)
- Lives on
/system/priv-app
(it is blessed)
- Receives install requests from F-Droid
- Checks F-Droid sig matches own sig
- Performs install
Privacy, Security, and Freedom
- Sourcing an application
- Building packages
- Signing packages
- Distributing metadata
- Distributing apps
- Installing apps
Popular F-Droid repositories
F-Droid.org
1000s of free and open source apps, built by F-Droid
IzzyOnDroid
100s of free and open source apps, mostly those unavailable in F-Droid.org
Others
Anyone is free to publish their own repository
An app store without internet!
Security scanning
Scanning over 2000 open source apps for vulnerabilities