[pserwylo]

While this is true of many projects, F-Droid has a track record of sourcing funding for security audits. To date there have been at least three audits, in 2015, 2018, and 2022.

https://www.opentech.fund/security-safety-audits/f-droid/

https://f-droid.org/2018/09/04/second-security-audit-results...

https://f-droid.org/2022/12/22/third-audit-results.html

I was involved in addressing in issues identified in the first one in 2015. It was a great experience, much more thorough than the usual "numerous static analysers and a 100 page PDF full of false positives that you often receive.

[udev4096]

I'm surprised that several audits didn't uncover this signing issue. GrapheneOS devs do not recommend f-droid. Instead, Play Store is the safest option for now, after Aurora Store

[cenamus]

But their goals are also kinda opposed, software security with not much concerns paid to freedom.

[udev4096]

What? That's so not true. They give heavy preference to security because without it, your freedom and privacy has no value

[t0bia_s]

How can you trust proprietary software, when you cannot inspect code? It's just a blind trust.

[gruez]

You don't have to. On grapheneos google play service isn't given special privileges and is sandboxed like any other normal app.

[fl0id]

Well yeah so Theo goals are opposed. F-droid is foss first and probably say proprietary illusion of security has no value ;)

[t0bia_s]

Aurora Store downloads apk files directly from gplay servers, why it should be less safe than Play Store?