> The model also shields to a certain extent against conflict of interests (the product is the user, i.e. ads/tracking/hostile maintainership takeover)
Can you explain how? Since I've published things to F-Droid and since they also control signing and building (just like Apple and Google in this article), they can freely modify and change what's published on their store.
Just like with Google and Apple, you need to inherently trust them that they don't let people with access tamper with your app.
The question is more of where the money is coming from. Google gets paid by advertisements so that's where their loyalties are.
F-droid is funded by contributions and donations, and they need both. They also have everything out in the open, which brings extra scrutiny.
And the last part is just culture. F-droid is a community project with clear set goals. Google also has clear set goals, they just don't happen to align with their users for the most part.
One example would be basic apps and games like flashlights, editors, sudoku, minesweeper, note taking apps etc, of which 95% on the play store are ad/tracking infested. I just skip those and install f-droid's "reccomendation", problem solved. Also: Fennec is great (a rebuild of Mozilla Firefox mobile) and they also offer older versions in parallel (also via their archive). Their Firefox "fennec" build while not being a fork nevertheless has some tweaks, optimizations and brought back addons (via collections, you need to read the whole thread, it's long though), much appreciated:
I have just submitted 882 a Fennec update to 81.1.1. Should be available soon™. This version brings a lot of changes, like a new UI and modular codebase. The bad news:
Mozilla now tracks you even more actively using proprietary 3rd party services. I removed all tracking I found. (Firebase, Adjust and Leanplum libraries were replaced with stubs, so some analyzers can erroneously report their presence in the APK.)
The new UI may break your habits and disappoint you. (IMHO it’s not that bad as one can conclude from reading r/Firefox.)
Android 5.0 or later is now required. Mozilla decided so.
x86 devices are not supported anymore. I stumbled upon linkage errors and gave up. Help is welcome.
The good news is that Fennec F-Droid is alive and continues to be truly free software."
> Can you explain how? Since I've published things to F-Droid and since they also control signing and building (just like Apple and Google in this article), they can freely modify and change what's published on their store.
I think the perspective is that the distribution shields its users from possible upstream shenanigans (think stories that we used to hear about how popular free and open source Chrome extensions get bought and sold and ended up showing ads on Chrome opening page)
> The model also shields to a certain extent against conflict of interests (the product is the user, i.e. ads/tracking/hostile maintainership takeover)
What I find difficult to wrap my head around is that the Debian model (I know other distributions do this as well but just have to give it some name) is very difficult to scale. We basically need maintainers at every single Linux distributions who will (I imagine) go through all the changesets/diffs and painstakingly build the deployable artifacts for their distributions. I can't imagine a single maintainer being able to maintain more than a dozen or so packages and there is a lot of duplicated effort. The Play Store has about three million apps. I know we want to be able to escalate to a human when necessary but I imagine some automation is necessary.
As I write this, I can see the contradiction in what I am asking for... if the store builds, signs, and distributes binaries using the store's credentials but cannot vouch for the quality of the application. ...
I was just thinking that if the app stores had access to the source code and the build instructions maybe that would help somehow but I didn't think it through.
Everything is standardized and automated. There's no need for human interaction. You can tweak your code if it fails to build. The important thing is, that it's easier for Google/Apple to inspect your app if they have the code. (Maybe.)
For example they can simply refuse to release/publish anything if the code looks shit/obfuscated. They can explicitly ask questions about sections of code.
But since probably 99.9+% of "app review" is already automated ... likely there's no point in spending resources on creating a "GitHub clone" for submitting code to the various app stores.