| We don't distribute our apps on f-droid because we feel it's insecure, and because it doesn't provide the features we need to develop stable and secure software. However, we are willing to distribute our apps outside of the Play Store, but we need the following things first: * A built in crash reporting solution with a web interface that allows us to visualize crashes and sort by app version, device type, etc. This is essential for producing stable software. * A built in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, android version, and carriers for our users. This has been crucial in shaping support and development direction. * A built in auto-update solution. Fully automatic upgrades won't be possible outside of Play Store, but we at least need something that will annoy the hell out of users until they upgrade. This is necessary for ensuring that new security features and bug fixes can be propagated quickly. * A build system that allows us to easily turn these features on and off for Play and non-Play builds. Gradle should make this easier. If you're interested in seeing Open Whisper Systems apps distributed outside of the Play Store, we'd welcome your contributions. |
Crash reports and statistics are great, except if you explicitly want to NOT spy on your users.
Auto-updates are ok, but forced auto-updates take the user's autonomy away, and are only one step short of forced remote uninstalls (which are already documented with Google Play, so far only for malware).
A proper build system is great indeed, but has nothing to do with the distribution medium.
(x) f-droid security: by having f-droid build all the apps from source by default, and signing them with their own keys, two problems appear:
a) you can not switch easily between f-droid builds and maintainer builds
b) you as the user need to trust both the author and f-droid to not be evil, instead of just the author.