Yves JeanrenaudFeb 23

I made an app.
https://play.google.com/store/apps/details?id=ch.pocketpc.nearbyglasses
Nearby Glasses is here to warn you when smart glasses are nearby.

I hope it's useful for someone.

The app is now open source (AGPL-3.0), the app is free and rather simple
https://github.com/yjeanrenaud/yj_nearbyglasses

It's also downloadable outside the Play Store. iOS port is in the making. F-Droid is an option, will have to look into that

Show threadGeraldo Feb 24
@yjeanrenaud cool! Please consider publishing it on the F-Droid store, too.
Show threadAsterisk ๐Ÿ‡จ๐Ÿ‡ฆ
@mosquete @yjeanrenaud Probably not the best idea given its security track record. Should be put on Accrescent though.
Feb 24 at 1:48pmWeb
Show threadYves JeanrenaudFeb 24
@asterisk @mosquete I did consider f-droid and prepared a merge request. Accrescent is new to me, I will have to look into it
Show threadOlivierFeb 26

@yjeanrenaud instead of (or in addition to) F-Droid, I would consider @IzzyOnDroidOrg. The repository is compatible with the F-Droid clients.

@asterisk @mosquete

Show threadIzzyFeb 26
@dacmot @yjeanrenaud @IzzyOnDroidOrg @asterisk @mosquete Quick pre-check looks good, we'd just need the metadata (in a fastlane tree). Be welcome to file an inclusion request with us, we'll guide you through the process then: https://codeberg.org/IzzyOnDroid/repodata/issues/new?template=.forgejo%2fissue_template%2fapp-inclusion-request.yaml
Sign in

Codeberg is a non-profit community-led organization that aims to help free and open source projects prosper by giving them a safe and friendly home.

Codeberg.org
Show threadYves JeanrenaudFeb 26
@IzzyOnDroid thank you! That's kind
Show threadIzzyFeb 27
@yjeanrenaud and welcome aboard โ€“ inclusion completed ๐Ÿฅณ Please check the notes for some hints, though ๐Ÿ˜‰
Show threadYves JeanrenaudFeb 27
@IzzyOnDroid Thank you! I tried to address those issues, too
Show threadGilles MertensFeb 24
@asterisk @mosquete @yjeanrenaud hi, i am curious. Do you have links or information about fdroid security issues ?
Show threadAsterisk ๐Ÿ‡จ๐Ÿ‡ฆFeb 24

@gillesmertens @mosquete @yjeanrenaud

F-Droid stuff:

https://privsec.dev/posts/android/f-droid-security-issues/
https://xcancel.com/GrapheneOS/status/1883895255142932816
https://gitlab.com/ironfox-oss/lronFox/-/issues/7
https://github.com/obfusk/fdroid-fakesigner-poc https://github.com/CatimaLoyalty/Android/issues/2608 https://gitlab.com/fdroid/admin/-/issues/593
https://github.com/00-Evan/shattered-pixel-dungeon/issues/1394

F-Droid Security Issues

F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider. Before we start, a few things to keep in mind: The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone elseโ€™s work.

Show threadGilles MertensFeb 24
@asterisk
Interesting ! thank you :)
Show threadpixelschubsiFeb 26

@gillesmertens @asterisk
Some of these are rather opinionated takes. Don't let perfect be the enemy of good.

One of the takes is that F-Droid signs apps themselves. This is only true if reproducible builds don't work. As a developer you can have your app listed in F-Droid with your own signing key, by making it reproducible and providing a source for your own signed updates (so their server can take your signature from it rather than providing its own).

Show threadpixelschubsiFeb 26

@gillesmertens @asterisk
I'm not saying F-Droid has no bugs or flaws. All software has.

But it's also a known thing in the scene the F-Droid is receiving hate from "security experts" for very stupid cult mentality reasons. F-Droid is/was included in CalyxOS. GrapheneOS lead hates against CalyxOS and everything that is remotely related to it, so F-Droid is also a target. And the cult about GrapheneOS is following their lead.

Show threadAsterisk ๐Ÿ‡จ๐Ÿ‡ฆFeb 26
@pixelschubsi @gillesmertens The build VMs running extremely outdated versions of Debian, did they ever get around to fixing that?