Trusted Update Channels vs. Scratching Your Itch

One of the great things about free software is that people can easily take a functional program or library and customize it as they see fit. Anyone can come along, submit bug fixes or improvements, and they can be easily shared across many people, projects, and organizations. With distribution systems like Python’s pypi, there is an update channel that the trusted maintainers can publish fixes so consumers of the library can easily get updates. [Read More]

PanicKit 1.0: built-in panic button and full app wipes

Panic Kit is 1.0! After over three years of use, it is time to call this stable and ready for widespread use. Built-in panic button This round of work includes a new prototype for embedding PanicKit directly into Android. Android 9.0 Pie introduced a new “lockdown” mode which follows some of the patterns laid out by PanicKit. [Read More]

Building a Signing Server

The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the recommended lifetype of an Android signing key: 20+ years. On top of that, it is difficult to migrate an app to a new key. Since the signing key is an essential part to preventing APKs from impersonating another, Android signing keys must be kept safe for the entire life of the app. [Read More]

Repomaker Usability Trainers Worldwide, June 2017

Repomaker Usability, Trainers Worldwide Study Prepared by Carrie Winfrey and Tiffany Robertson, Okthanks, in partnership with F-Droid and Guardian Project OK Thanks – Guardian Project For more information, contact carrie@okthanks.com. Purpose The purpose of this study was to understand the following things. Are users able to complete basic tasks including, creating a repo, adding apps from other repos, removing apps, editing app details, and creating a second repo? [Read More]

Tracking usage without tracking people

One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software. [Read More]

fdroidserver UX Testing Report

We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation. Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be measured and that exploratory behavior within the app should take place after the tasks are completed. [Read More]

Announcing new libraries: F-Droid Update Channels

In many places in the world, it is very common to find Android apps via a multitude of sources: third party app stores, Bluetooth transfers, swapping SD cards, or directly downloaded from websites. As developers, we want to make sure that our users get secure and timely update no matter how they got our apps. We still recommend that people get apps from trusted sources like F-Droid or Google Play. [Read More]

New research report on the challenges developers face

The Guardian Project has been working with the F-Droid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments. While doing this we have started to become more aware of the challenges and risks facing software developers who build software in closed and closing spaces around the world. There are a wealth of resources available on how to support and collaborate with high-risk users. [Read More]

F-Droid User Testing, Round 2

#by Hailey Still and Carrie Winfrey **** Here we outline the User Testing process and plan for the F-Droid app store for Android. The key aims of F-Droid are to provide users with a) a comprehensive catalogue of open-source apps, as well as b) provide users with the the ability to transfer any app from their phone to someone in close physical proximity. With this User Test, we are hoping to gain insights into where the product design is successful and what aspects need to be further improved. [Read More]

F-Droid: A new UX 6 years in the making

_(post by Peter Serwylo)_ F-Droid has been a part of the Android ecosystem for over 6 years now. Since then, over 2000 apps have been built for the main repository, many great features have been added, the client has been translated into over 40 different languages, and much more. However, the F-Droid UX has never changed much from the original three tab layout: This will change with the coming release of F-Droid client v0. [Read More]

F-Droid Lubbock Report – What We Want to Know

F-Droid LBK Usability Study Report – What We Want to Know Prepared by Carrie Winfrey Preliminary Version – April 17, 2017 Introduction When planning this user test, the team outlined features and flows within the app on which we wanted feedback. From there, we created tasks for participants to complete that would access these areas, and produce insights related to our inquires. This document is organized by the tasks participants completed. [Read More]

F-Droid now supports APK Expansion Files aka OBB

Many games, mapping, and other apps require a large amount of data to work. The APK file of an Android app is limited to 100MB in size, yet it is common for a single country map file to be well over 100MB. Also, in order to get users running as quickly as possible, they should not have to wait for huge amounts of data to download in order to just start the app for the first time. [Read More]

Building the most private app store

App stores can work well without any tracking at all Attackers are increasingly seeing app stores as a prime attack vector, whether it is aimed at the masses like XCodeGhost or very targeted like in FBI vs Apple. When we install software from an app store, we are placing a lot of trust in a lot of different parties involved in getting the source code from the original developer delivered to our device in a useful form. [Read More]

How to Migrate Your Android App’s Signing Key

It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated. What? The Android OS requires that every application installed be signed by a digital key. The purpose behind this signature is to identify the author of the application, allow this author and this author alone to make updates to the app, as well as provide a mechanism to establish inter-application trust. [Read More]

First Reproducible Builds Summit

I was just in Athens for the “Reproducible Builds Summit“, an Aspiration-run meeting focused on the issues of getting all software builds to be reproducible. This means that anyone starting with the same source code can build the exact same binary, bit-for-bit. At first glance, it sounds like this horrible, arcane detail, which it is really. But it provides tons on real benefits that can save lots of time. And in terms of programming, it can actually be quite fun, like doing a puzzle or sudoku, since there is a very clear point where you have “won”. [Read More]

Building a trustworthy app store that respects privacy

One core piece of our approach is thinking about very high risk situations, like Ai Weiwei or Edward Snowden, then making the tools for operating under that pressure as easy to use as possible. That means that we might occasionally come across as a little paranoid. It is important to dive into the depths of what might be possible. That is an essential step in evaluating what the risks and defenses are, and how to prioritize them. [Read More]

Complete, reproducible app distribution achieved!

With F-Droid, we have been working towards getting a complete app distribution channel that is able to reproducibly build each Android app from source. while this may sound like a mundane detail, it does provide lots of tangible benefits. First, it means that anyone can verify that the app that they are using is 100% built from the source code, with nothing else added. That verifies that the app is indeed 100% free, open source software. [Read More]

Question: central server, federated, or p2p? Answer: all!

There are many ideas of core architectures for providing digital services, each with their own advantages and disadvantages. I break it down along the lines of central servers, federated servers, and peer-to-peer, serverless systems. a central service with clients connecting to it Most big internet companies operate in effect as a central server (even though they are implemented differently). There is only facebook.com, there are no other services that can inter-operate with facebook. [Read More]

New Official Guardian Project app repo for FDroid!

We now have an official FDroid app repository that is available via three separate methods, to guarantee access to a trusted distribution channel throughout the world! To start with, you must have FDroid installed. Right now, I recommend using the latest test release since it has support for Tor and .onion addresses (earlier versions should work for non-onion addresses): https://f-droid.org/repo/org.fdroid.fdroid_710.apk In order to add this repo to your FDroid config, you can either click directly on these links on your devices and FDroid will recognize them, or you can click on them on your desktop, and you will be presented with a QR Code to scan. [Read More]

Automatic, private distribution of our test builds

One thing we are very lucky to have is a good community of people willing to test out unfinished builds of our software. That is a very valuable contribution to the process of developing usable, secure apps. So we want to make this process as easy as possible while keeping it as secure and private as possible. To that end, we have set up an FDroid repository of apps generated from the test builds that our build server generates automatically every time we publish new code. [Read More]