[wjd2030]

I downloaded an app from F-Droid once, it was Spotify. Later that week I started getting strange spanish songs on my recently played. Checked my logged in sessions and there were several from latam. I deleted the app.

[lucgommans]

I'm fairly sure you must have gotten a fake f-droid store that installs malware instead. I didn't know those were out there.

The real one can be found at: https://f-droid.org

You can also download individual apps (APK files) from the website, so you don't need the store if you don't want updates. Also note how Spotify is not listed if you use their search, because (like others already said) it's not open source and thus not on F-Droid.

[usr1106]

Spotify on F-Droid? F-Droid has only open source apps. Is Spotify open source? I have serious doubts about this story.

(Not a Spotify user, low-volume F-Droid user)

[marcodiego]

I don't think Spotify has ever been on f-droid. Can you post a link?

[mdp2021]

Have you cross checked the signatures?

[wjd2030]

Nope, and it was totally my fault, though at the time I tried to find a way to report the app and I didnt see it (though I could've missed it)

[mdp2021]

> totally my fault

Not totally: the big question remains of how a tampered-with package can reach a prominent repository.