I have switched everything to privacy alternatives is it safe to delete my Google account or is it needed for some android features also if I delete my account does Google delete all my data if not, can I request the deletion of my data under the GDPR
Since you get your apps straight from the source. Also F-droid is recommended against in Privacyguides. And lastly you can download F-droid apps in obtainium. Just make sure to use Appverifier or at least compare hashes if Appverifier doesn’t support the app
oh and also, nobody really verifies what gets into an apk uploaded to github releases. but f-droid does have an array of checks, and I like that they can catch if an app tried something fishy or had a build accident (like accidentally including google servifes dependencies that automatically run code, because another new or updated dependency pulled it in). in the past there were occasions where an app got unlisted, and when I went looking for the reason it was either developer negligence, or sometimes changes that were really not too good.
Last thing, I trust Appverifer more than I trust F-droid verification
I think Obtainium is objectively better since you have 24 sources including F-droid and Google play store with Shizuku or Sui
I also use obtanium for apps not on f-droid, but for all apps that are accessible on f-droid (maybe through a custom repo) I rather use it. and for the rare occasion when I need something from the play store I use aurora.
“Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards.” This is what PrivacyGuides says. Also you have Appverifier integration in Obtainium which verifies signatures or smth, I know it’s a lot better than comparing hashes
there were several statements in that article that lead me to believe it wasn’t revised in many years. yes, they had some difficulties just a few weeks ago, but otherwise that doesn’t occure often anymore. also they are working on replacing the build system with something better, if google does not kill them first
trust is not in package IDs, should never be. packge IDs can be easily “faked”. trust should be in the apk signature. sometimes not even that, like with google play, where the keys are handled not by the developer but by google.
but yes, they do reuse package IDs, because they cannot patch every app that does not provide an fdroid build variant, doing so could break apps. what it causes today is that you can’t have installed the fdroid version and a different version of the app.
and since f-droid focuses increasingly on reproducible builds, as they have been doing for the past few years, apps that are built that way are not even affected by this, because users get the file that was built by the original developers.
I disagree. the play store allows and recommends lots of malicious apps.
so those apps must be made inaccessible to all users, right? NO! these apps should have a warning, not being deleted!
this?
contrary to f-droid’s build system it does not look for fishy things in the APK, it just checks whether the app was built by its expected developer. that’s what the apk signature can be used for.
sometimes it’s useful, like if you get the apk file from wherever, except when the developer’s signing keys are handled by google, because then google can release altered versions that still pass the verification. but it does nothing to check whether it has tracking components that would be rejected by f-droid.
thats what appverifier exactly does. it compares the hashes of the apk’s public signing key with a known good value.
I see, that’s fair. Personally I trust f-droid more. also I was surprised to notice recently that obtanium just added a china specific app source that is default enabled in the search menu. that store is not really known in the global android community.
I don’t think adding a Chinese source is necessarily bad, what if they have users in china that want local apps?
that’s not the point. but that they added a generally unknown app source that’s