New Official Guardian Project app repo for FDroid!

We now have an official FDroid app repository that is available via three separate methods, to guarantee access to a trusted distribution channel throughout the world! To start with, you must have FDroid installed. Right now, I recommend using the latest test release since it has support for Tor and .onion addresses (earlier versions should work for non-onion addresses):

In order to add this repo to your FDroid config, you can either click directly on these links on your devices and FDroid will recognize them, or you can click on them on your desktop, and you will be presented with a QR Code to scan. Here are your options:

From here on out, our old FDroid repo ( is considered deprecated and will no longer be updated. It will eventually be removed. Update to the new one!

Also, if you missed it before, all of our test builds are also available for testing only via FDroid. Just remember, the builds in the test repo are only debug builds, not fully trusted builds, so use them for testing only.

Automate it all!

This setup has three distribution channels that are all mirrors of a repo that is generated on a fully offline machine. This is only manageable because of lots of new automation features in the fdroidserver tools for building and managing app repos. You can now set up a USB thumb drive as the automatic courier for shuffling the repo from the offline machine to an online machine. The repo is generated, updated, and signed using fdroid update, then those signed files are synced to the USB thumb drive using fdroid server update. Then the online machine syncs the signed files from that USB thumb drive to multiple servers via SSH and Amazon S3 with a single command: fdroid server update. The magic is in setting up the config options and letting the tools do the rest.

New Repo Signing Key

For part of this, I’ve completed the process of generating a new, fully offline fdroid signing key. So that means there is a new signing key for the FDroid repo, and the old repo signing key is being retired.

The fingerprints for this signing key are:

Owner:,, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Issuer:,, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Serial number: a397b4da7ecda034
Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041
Certificate fingerprints:
 MD5:  8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D
 SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD
 SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35
 Signature algorithm name: SHA1withRSA
 Version: 1

5 comments for “New Official Guardian Project app repo for FDroid!

  1. 2014/08/21 at 6:49 pm

    ….need help configuring proxy.

    • Hans-Christoph Steiner
      2014/10/16 at 5:18 pm

      If you want FDroid to use Tor as its proxy, then it is very easy: install and start Orbot, then in the FDroid settings, turn on “Enable Proxy”, and it should work.

  2. Enoch apaibinyesim
    2015/09/03 at 9:58 am

    The Guardian project is the best thing since slice bread on security.

    • Hans-Christoph Steiner
      2015/09/07 at 2:37 pm

      Thanks! 🙂

  3. Klaus
    2016/04/27 at 3:47 pm

    My fdroid 0.100-alpha5 refuses to use the repo (index file not found). Last successfull attempt was an Feb. 28, 2016.

    Any suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *