In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:
While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I’ve been hearing good words about F-droid in lemmyverse.
I am not good at assessing arguments, so I want to ask you guys for more aspects and information.
Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
If you want to be as secure and private as possible, your best option is to set up your own build servers and automate builds, and validate the components used by each product conform to your needs and standards for security and privacy, and deployment to your own repository that your devices use for updates.
Beyond that, there are tradeoffs based on your needs with each app store out there. If you need total privacy on what you install and your devices are already not connected to the internet, then a VPN or Tor to obfuscate your identity might be all you need. If you’re more concerned about components of applications that contain spyware, then some stores like fdroid has a lot of data available to hep you decide if the app is OK for your needs, otherwise you’d need to build your own packages or verify them manually before installation. And there are various other tradeoffs between more accessibility vs. more security and/or privacy.