Update: this blog post has been changed to reference our new FDroid repository at https://guardianproject.info/fdroid. If you are still using the old one originally described here which has the URL https://guardianproject.info/repo, you should switch to the new repo as soon as possible!

For all of you out there looking for a safe way to find and download apps outside of the Play Store (aka Android Market) or random, sketchy third-party app stores and file sharing sites, then your wait is over:

The FDroid Repository is an easily-installable catalogue of FOSS applications for the Android platform. The server contains the details of multiple versions of each application, and the Android client makes it easy to browse, install them onto your device, and keep track of updates.

In other words, F-Droid is like an app store for open-source. More importantly, there is not just one “store”. Anyone can deploy their own repositories of apps, or Repos, much like the way the Debian repo model works.

We’ve now begun creating our own hosted F-Droid compliant repo where we can easily provide the latest greatest versions of all our apps. As we update the apps, F-Droid should notify you and allow you to update quickly and without hassle.

Quick Steps for using F-Droid with Guardian Project Repo

1) Install the F-Droid Client app. You can get it here: https://f-droid.org/FDroid.apk

2) Run the app and go to Menu > Manage Repos

3) Turn on the “Guardian Project Official Releases” repo

3) Enter: https://guardianproject.info/repo/

4) Optionally, disable the default repo if you just want GP apps

5) Return to the main screen, and Menu > Update

6) Verify the repo fingerprint by clicking on the repo to see the repo details view. The fingerprint you see there should match this: 59050C8155DCA377F23D5A15B77D3713400CDBD8B42FBFBE0E3F38096E68CECE.

From here you will see the “Available” tab for apps you don’t have the “Installed” tab for apps you have the latest version of, and the “Updates” tab for apps you have, but that are not up to date.

You can open each app by browsing and selecting them, and then via Menu options, choose to install them, or access their websites, source code links, or issue tracking pages.

Our new F-Droid App Repository (out of date!)
Tagged on:         

71 thoughts on “Our new F-Droid App Repository (out of date!)

    • 2012/10/13 at 1:27 pm
      Permalink

      Comment seems to imply DO NOT USE F-droid at this time (?)

      /thx

      Reply
      • 2012/10/25 at 4:51 am
        Permalink

        F-Droid is now up to date again.

        Reply
  • 2012/10/25 at 4:49 am
    Permalink

    Hi

    the hash key changed?

    cinq

    Reply
    • 2012/10/25 at 4:51 am
      Permalink

      Yes, it did. Our previous directory and keystore somehow was wiped out.

      However, the underlying APKs are still signed by the same guardian project key.

      Reply
  • 2012/11/14 at 10:14 pm
    Permalink

    Is Data Wipe available in the F-Droid Guardian project repos yet?

    Reply
    • 2012/11/15 at 9:38 am
      Permalink

      No it is not. The app, as you discovered, is now called InTheClear, and is on a development hiatus at the moment. We hope to revisit and update it in the near future.

      Reply
  • 2012/12/15 at 11:07 am
    Permalink

    the apps are out of date or am I doing something wrong?

    Reply
    • 2012/12/16 at 3:00 am
      Permalink

      Which apps? Are you using our repo (you must add it manually to F-Droid) or are you just looking at the version of our apps in the default repo?

      Reply
  • 2013/02/26 at 6:32 pm
    Permalink

    hello there, i need to know what tipe of smart phone is the best to use tor.
    kind regards

    Reply
    • 2013/03/05 at 1:46 pm
      Permalink

      We like the Galaxy Nexus, flashed with a clean AOSP ROM firmware.

      Reply
        • 2013/10/31 at 1:30 pm
          Permalink

          Well, maybe… BB10 supporst Android apps right?

          Reply
  • 2013/03/01 at 6:41 am
    Permalink

    This is just as unsafe as Google. The .apk file needs to be downloadable to a PC, where it can be checked, then transferred to the tablet and installed there. Nothing else is safe.

    Reply
    • 2014/03/21 at 1:14 am
      Permalink

      > .apk file needs to be downloadable to a PC

      This is already possible.

      > as unsafe as Google

      F-droid repos are less unsafe than google’s malware tolerance play store. google play allows the nefarious majority to categorize their adware as free; this is a contradiction in terms.

      Adware shifts the COST from financial to human dignity trafficking.

      Treating privacy, a fundamental right and prerequisite to liberty, as a commodity is vile per se. Worse is profiting from this human trafficking whether or not there is informed consent.

      Profit by any means necessary is not only tolerated by google, but promoted as they are frequently [one of] the ad serving platform[s] employed. Don’t misunderstand. I’m not a fan of “fair” trade tithing, carbon tax, coerced union dues, raising taxes to cool the sun, ponzi schemes, erroneous social “justice”, subjective reality, “redistribution” of wealth, moral relativism, genocide, greenness, “renewable” energy despite thermodynamics, fear of biochemical solar energy, the ‘should brush’, or similar idiocy. Corporations aren’t evil by construction, nor is profit.

      Ads are useful for sales but I draw a distinction between passive ads (billboards, magazines, traditional tv, shirts, logos, et al) and aggressive ads which not only look back at you but stalk you in RL and the interweb (third party loaded ad servers, behavioral stalking, false privacy policies, gps breadcrumbs, collating with those you contact, etc) building (collecting, buying, selling) an ever creepier eternal profile on the user that would have made the gestapo drool with lust. The SS would have required everyone to wear google Glass.

      Had google not been in the business of stalking users or selling ads there might not have been as large a concern. There are several generations who’ve remained internets newbies. They are raping the culture and increasing the noise to signal ratio of the interweb. You can drive the sheep to water but you can’t make them drink although drowning them is tempting, and waterboarding them out of ignorance more so.

      Giving consent does NOT mitigate.

      > The .apk file needs to be downloadable to a PC, where it can be checked

      The repo could provide hashes of the apk and links to the online tool(s) used to vet content like iseclab’s anubis. You then could generate a hash locally and compare to either resource.

      > (all third party interweb ads in app is malware)

      Absolutely true! No one can afford the irreparable harm done by using adware. Deliberately providing false information to collection is useful but does nothing to remove the already harvested information.

      > F-droid needs to become much much more anti-adware.

      I am not pleased with the simple notice in red text on the app info page in the repo client. Plenty of F-droid contributors remove-, null-, or disable the malware [adware, spyware, tracking, logging, unique id harvesting] components. All contributors ought perform this public service

      > is now called InTheClear

      I’m watching it develop with interest. Please provide an alternative to old fashioned sms texting also other than email.

      Reply
      • 2014/09/15 at 7:13 am
        Permalink

        A climate science denial nerd. I’ve seen it all.

        Reply
      • 2014/09/17 at 5:10 pm
        Permalink

        It is true that malware scanners are helpful, and Google’s Play Services provides a pretty good one, in addition to their own “Bouncer” scanner for the Play Store itself. Luckily, there are other third party scanners like Lookout which can be installed on devices that do not come with Google Play.

        Reply
  • 2013/03/15 at 4:18 pm
    Permalink

    I LOVE TOR!! MORE TOR-BROWSERS FOR ANDROID MOBILE!

    Reply
  • 2013/04/23 at 8:30 am
    Permalink

    Says download unsuccessful due to space on my galaxy note ive deleted most of my apps. Why is this still showing

    Reply
  • 2013/05/20 at 5:48 am
    Permalink

    Tor and Fdroid are quite nice in Iran :)

    Reply
  • 2013/06/14 at 6:15 pm
    Permalink

    not working 06/14/2013 on my samsung jb 2.12 note today.

    Reply
  • 2013/08/06 at 6:56 am
    Permalink

    Are there plans to update the fdroid repo? Its quite out of date now.
    Cheers

    Reply
  • 2013/10/01 at 11:20 am
    Permalink

    you need to give more guidance. Once installed the repo, click to install an app (Orbot, for example) and there’s no way there other than the Play store or Chrome, so what’s the point?

    Reply
  • 2013/10/25 at 5:27 pm
    Permalink

    So why is it, that in F-Droid, where I’d like to get most of my apps from (rather than the Google Play Store), the latest version of Gibberbot is 0.0.11-RC5 from 06/05/13, while the Google Play Store tells me something about Version 12 and it now being Chatsecure?

    Don’t you update the independent Open Source repositories any more, but rather put everything in the Play Store, so that Google knows exactly who is interested in privacy?!? Well, that’s clever, isn’t it?

    Reply
      • 2014/06/23 at 4:12 pm
        Permalink

        Yes but you must modify your BB10 by hitting it with a hammer and dropping it down the toilet first.

        Reply
    • 2014/02/22 at 6:17 am
      Permalink

      This whole “project” has obveously been created to either Aid in Data Mining by Government Organizations (NOT A BAD THING, AS I HOPE THIS IS THE CASE), or to Cirucumvent it (although not currently, illegal, in most cases) seems rather unnessesary, immoral, suspicious and un-needed to become Anon on the internet, unless you are either:
      1-Super Paranoid
      2-Preforming Illegal Activites(or attempting to) w/o detection
      3-Part of an Organization that is not supposed to exist (with malicious intents in mind)
      4- Are attempting or prepairing a cyber/physical attack, where Anonimity and ID Prevention are essential (unless this is being done by One Gov’t ORG vs Another) this is infact a crime; as to my knowladge there is NO VALID LEGAL REASON TO INITIATE AN ATTACK, as a non-sanctioned Citizen in ANY Country(or ATTEMPT TO).
      5- Attempting to Hide Illegal Transfers or Products/Payments
      6- Transmission of Illegal Content
      7- Set-up of “off the books” P2P meeting to discuss any of ABOVE
      8- Attempting to compromise an already established Secure Server
      9- Are involved in illegal Espionage (seeing as ACTUAL Clandestine Service Officers, not involved in non-sanctioned actions, are generally protected and Anonomized by their Host Organization, not left to “figure it out on their own”, as this would put not only the Officer/Agent, Their Family and HOST NATION at SEVERE RISK if not done correctly) or are attempting to sell/trade/transfer Illegally Obtained Classified Documents*
      *-I do belive there are certain instances where this would infact be needed durring a SANCTIONED OP(e.g. Blown Cover ID, Asset Location, or to “Find a way out”…however, I am almost sure that most if not all Intel communities, have ways to do this on their own that do not involve the use of OPEN-SOURCE SERVICES, as they are infact OPEN to the network of users providing remote access for the service…therfore, NOT ACTUALLY SECURE AMONG USRERS as it would appear that all “shared” connection points are accessable ANY user of the system!!!!)
      10- AND FINAL: ARE ATTEMPTING TO CIRCUMVENT CENSORSHIP EMPOSED BY COUNRY OF ORIGIN’S GOVERNMENT (ALSO ILLEGAL)…not nessesarily opposed to this if Countries where you can ACTUALLY be punished for your opintion (and thoughts/word) NOT ILLEGAL ACTIONS.

      CASE IN POINT: Posts like “Sobhan Mohammadpour says:
      2013/05/20 at 5:48 am
      Tor and Fdroid are quite nice in Iran :)”
      -seem to indicate the true intent of this “Program” (or atleast that particular userea intentions) and point to the Absurdity of this even being Available to ANYONE.

      TO CREATORS AND DEVOLOPERS: PLEASE BE AWARE THAT YOU MAY BE KNOWINGLY OR UN-KNOWINGLY PUTTING THE SAFETY OF MANY NATIONS, INDIVIDUALS, AND ORGANIZATIONS AT RISK, AS WELL AS ARE MOST LIKELY CONTRIBUTING TO THE DISTROBUTION OF ILLEGAL GOODS/SEVICES AROUND THE WORLD AND ONE DAY, THE TARGET MAY YOU OR SOMEONE/SOMETHING YOU ACUALLY CARE ABOUT(ASSUMING THAT YOU ARE A DECENT GROUP OF DEVLOPERS WITH THE BEST INTENTIONS AT HEART)
      -I AM NOT SLAMMING/SLANDERING/ATTEMPTING TO DICREDIT YOUR LIFES EFFORST
      **Personal Opinion Only**

      Reply
  • Pingback: Pixelknot: Για κρυπτογραφημένα μηνύματα μέσα σε εικόνες στο Android

  • 2013/12/13 at 9:40 pm
    Permalink

    I add and updated the repo, but chatsecure didn’t appear on F-Droid

    Reply
  • Pingback: Jabber en Android | LiGNUx

  • 2013/12/15 at 3:07 pm
    Permalink

    Keep getting “file corrupted” when trying to download from f-droid. Has been happening across 3 different phones.

    Reply
  • 2014/02/08 at 2:13 pm
    Permalink

    F-Droid 0.58 has the option to enter a repo’s fingerprint alongside its URL. Can you please update this post with the fingerprint? Thanks and greetings!

    Reply
    • 2014/02/12 at 7:23 pm
      Permalink

      Yes, good idea, here is the fingerprint of the FDroid repo signing key:
      050C8155DCA377F23D5A15B77D3713400CDBD8B42FBFBE0E3F38096E68CECE

      I also added it above. It is probably easier to verify it after the fact than type that whole long string.

      Reply
  • Pingback: Navegación segura y anónima en Android con Orbot

  • Pingback: Navegación segura y anónima en Android con Orbot | Misiongeek

  • Pingback: Navegación segura y anónima en Android con Orbot | Actualidad mobile | Bridgen.com

  • Pingback: Navegación segura y anónima en Android con Orbot | SUNETFON

  • 2014/03/29 at 4:19 am
    Permalink

    Fdroid official repo is pushing out a new version of orbot with a different fingerprint. I wont load it myself but it looks fishy – and if it is it is troubling to see it pop up.

    Reply
    • 2014/03/31 at 12:24 pm
      Permalink

      Apps distributed via the official FDroid app repository are signed by a different key than the apps distributed via Google Play or our direct releases page. If you have FDroid installed but installed Orbot from Google Play, then you should set Fdroid to ignore Orbot releases. You can do that from the menu in the Orbot page in FDroid.

      Reply
  • 2014/04/25 at 11:14 pm
    Permalink

    The fingerprint was missing the first two digits (59), it should read: 59050C8155DCA377F23D5A15B77D3713400CDBD8B42FBFBE0E3F38096E68CECE. Thanks to Adam Pritchard for spotting and reporting it.

    Reply
  • 2014/04/26 at 3:59 pm
    Permalink

    Why is there a discrepancy between Orbot versions and release dates? 13.0.7-BETA-1 added on 26/10/2012.

    My full apologies here but am green when it comes to development.

    Reply
    • 2014/06/09 at 3:39 pm
      Permalink

      There were some FDroid-specific releases done in order to fix building Orbot for FDroid. Hopefully the release process will be more in sync now.

      Reply
  • 2014/05/30 at 12:16 am
    Permalink

    Downloading Privacy apps off Google is fine. Loads of people regularly download privacy apps off Google Play Store. Security experts like myself all advise internet/network users to protect their privacy.

    Using privacy protection applications and strategies is a good way to protect against identity theft, phishing and fraud. Using alternate credentials and protecting your privacy is not a crime or does not make you suspicious, rather it helps prevent crime.

    I always advise clients not to use their real identity online unless it is completely necessary (like for online Government services), and protect their personal information such as real name, Login name, passwords, email addresses, home address, phone numbers, etc by using Data Protection software (which often is available in AV or firewall software these days).

    Users should also use password manager software, and encryption like TrueCrypt for their personal computer storage hard drives, SSDs, USBs, DVDs and backup NAS devices where possible. Also GPG or similar software should be used to secure all personal email. You should have a couple of online email addresses for useless online stuff that will end up getting that email account spammed, or people with poor security practices, out of date or no antivirus/firewall, and that can’t use Bcc or Cc fields correctly.

    If you have more than one computer or laptop then you should leave one for personal work and any personal information permanently offline with it’s network disabled and all hard drives and storage encrypted. You can then use your other computer/laptop for online activities. If you use the same internet security software on both systems you can use a secure method to download updates like Tor and save the update files via a sandbox (using something like Sandboxie), then after scanning the update files for Rootkits, Trojans, Viri and other Malware, you can then extract just the update files needed from the Sandbox to a USB device for transferring to your offline system.

    Privacy and security is not a criminal act, it’s intelligent and helps you avoid cyber crime and identity or financial theft. The more people understand security and practice good security and privacy techniques, the less victims and income available to cyber criminals.

    Reply
  • 2014/05/30 at 4:06 pm
    Permalink

    There are currently two updates that are in the F-Driod repository but not in the Guardians Project’s own repository. They are Orweb 0.5.2 –> Orweb 0.6, and PixelKnot 0.3-RC1 –> PixelKnot 0.3.1. Why are these updates not in the Guardian Project’s own repository? Are they fake?

    Reply
  • 2014/06/09 at 1:42 am
    Permalink

    Thie guardianproject repo doesn’t seem to work with FDroid 0.66. Update and select “all” category, shows nothing.

    Reply
  • 2014/07/02 at 12:17 pm
    Permalink

    F-droid shows the following updates from the guardianproject.info repo:
    – Orbot 14.0.4.1 -> 14.0.4.3
    – Orweb 0.6 -> 0.6.1

    The “Added on” dates for both updates are in October 2012, making them a couple of years _older_ than the previous versions.

    Would you confirm that the updates are correct despite the dates, and explain the older dates?

    Reply
    • 2014/08/11 at 2:21 pm
      Permalink

      Yes, sometimes it takes a bit longer for us to update our own fdroid repos than we would like. We have a rigorous offline process for generating the repos, while the official FDroid repo does all of its build online, and automatically (for the most part).

      The APKs in /releases will always be the latest available from anywhere.

      Reply
      • 2014/08/11 at 5:07 pm
        Permalink

        Our fdroid repo is now up-to-date. We’re working on automating our whole release process as much as possible to keep things in sync and updated.

        Reply
  • 2014/09/03 at 11:55 pm
    Permalink

    The government is useless as snot. All your data is data mined. The Tor project was funded to stop US gov being data mined as they were stupid enough to teach Al Quida about their intelligence sat network when they dropped 30,0000 militia into Afghanistan to beat the Soviets to the huge gas fields as Iran didn’t want a great gas pipeline running through their country.
    Al Quida promptly used old soft drink cans to build their own satellite dishes and captured CIA transmitters to hack back into US intel systems every time they thought they were doing the eavesdropping.

    Post 9/11 they knew they had a problem – their crap was p0wn3d! So they took THINTHREAD (NSA mass data mining tool then in development) stripped out the hardware and software component that encrypted all public communications that did not have a proper wiretap warrant, and re-purposed it to collect all communications either internal, exiting, entering or passing through US jurisdiction. This program was then expanded to all US partners to tap all 20 major undersea cables, mobile telephone, sat, radio and other communication systems. This was all done without legal authority and against the express orders of the US Attorney General and against good advice from the US justice committee that it would be illegal. The program kept getting shut down then restarted again using various legal theories, until finally Bush sought approval from congress to try and backdate it’s legality and get a ‘legal’ super warrant that allows all communications to be mined.

    So everything is mined. Tor is not bad. Sure they collect everything but it is encrypted and stored until they can break the encryption or you become high priority enough to divert significant resources to. If you use Tor or know how to properly set your browser to use encryption that isn’t NSA backdoor then it makes it much harder for them.

    Tor is simple and works, though researchers have been attacking hidden services for FBI and other attempts are made at eavesdropping Tor entry or exit nodes and trying to populate many nodes. The more people that run Tor nodes the better the system works and the harder to eavesdrop. Run good security practices and encrypt everything. Any computer can be broken into if targeted with enough resources or physical access gained, this is why you should keep an interest in all IT security matters and practice good security like not plugging other peoples USB gear or not use a phone or computer at all. Actually I encourage not using smartphones at all as they are very easy to hack and follow, though if you always keep them in ‘airplane mode’ in or near your house, use burner SIMs and a custom ROM with all third party apps removed (Titanium Backup let’s you easily remove third party apps), they are slightly better (also ensure smartphone is encrypted and disable location tracking and install a firewall that allows you to properly configure IPtables). Best smartphone is one in pieces. Get a cheap laptop and run Tails or build your own custom ROM of Debian/GNU. Don’t use the cloud at all.

    Learn stuff or die trying. Don’t be an idealist or extremist/fundamentalist/patriot etc. Read books and use internet for learning about intelligent stuff as all those stupid cat videos and images contain rootkits to hack your firmware.

    Reply
  • 2014/09/27 at 8:31 pm
    Permalink

    I am being constantly narrated by my so called account security go my in phone mobile apps. My pages on Android never fully load. My settings and apps ‘re always altered or edited . I am being taken advantage of due to my economical low income conditions. I am a 2 year survivor of witnessing first hand how evil and deceitful they are. They continue haccking from outside Google buildings. They have tried hard to smother my use of Android but thanks to F-droid and yourselves The Guardian Project and GitHub ans others. I am still alive and kicking their defeat with this little Android ZTE Concord UK.

    Reply
  • 2014/10/29 at 5:02 pm
    Permalink

    Please get with the F-Droid admins to help with transitioning between signing keys when adding a new repo.

    For example, I would prefer to use your repository within F-Droid for downloading/installing GuardianProject software and apps. Unfortunately, since I’ve already installed most of these apps through the normal F-Droid repo, the applications have been signed with different keys.

    It would be convenient to be able to ‘verify’ the integrity of a new signer, and have that new signer be the governing signer, replacing the previous.

    Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>