Replacing Google Play with F-Droid

intro

Attempting to stay secure or preserve your privacy when using android is a futile endeavour. When the company making your entire operating system has the specific goal to harvest your personal information (and sell it to the highest bidder) you simply cannot be either secure nor private. But what are we to do? There's really only two viable alternatives if you want to take part of the modern, mobile world. It's android or ios. Since ios is entirely closed source, dependent on a single company and (up until recently) forced you to use their app store or nothing at all.. well, it's just not an option for me. Android is better since there's many vendors making hardware, the software is open source and you can use any number of app stores (or install apps directly, ie side-loading). It still leaves the issue with google embedding themselves, their services and their privacy invading nature into the operating system itself. But many de-googled versions of android has been popping up for the last several years. I fully intend to switch to one of these in the future, so expect future musings on that topic, but for now I'm going to make the best of a bad situation. Namely I've finally fully switched from using apps from google play to using open source equivalents from f-droid. A process that turned out to be exceedingly smooth and hassle free. This is how I did it.

android permission

Every android application is granted a certain amount of permissions when you install them. These can be found on the relevant store pages. Of course they're overly vague and many times you're not sure what you're actually accepting. But a good example is how just about every bloody application on the play store wants access to; 1. your contacts 2. network access You've likely accepted it so many times that you're not even thinking about it anymore. And every single time you're giving away all of your friends, business associates, family members and your own personal information. It's all being hoovered up by that silly game you wanted to try out for five minutes while waiting for the bus. By google themselves. Adobe. Microsoft. Everyone. And it's all being packaged and sold. Over and over again. Do not install applications that want access to any part of your phone while also demanding network access. Ever. If you absolutely must then vet the application and the developers first. Thoroughly. There's a few worst offenders that must never have network access under any circumstances. A good example of this is the android keyboard you're using, which statistically will be google's gboard. An android keyboard has access to every single keystroke you make, every word you enter, every e-mail, password and lewd text. If your keyboard has been granted network access you're fucked. Plain and simple. Never. Ever. Allow. Your. Keyboard. Network. Access. But browsing the play store trying to find applications that don't request every permission under the sun is an exercise in futility. There's hardly any at all, and if there is you just won't find them since play won't recommend them. What if there had been a store specifically curated with privacy, security and open source in mind?

f-droid

"F-Droid is a free and open source app store and software repository for Android, serving a similar function to the Google Play store. The main repository, hosted by the project, contains only free and open source apps. Applications can be browsed, downloaded and installed from the F-Droid website or client app without the need to register an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions." Sounds perfect doesn't it? And it pretty much is. Simply head to their website, download the apk for the store, make sure your phone allows you to install apks and hit install. Done and dusted. No accounts required, no registering anything, simply stringently verified open source goodness ahead. The only catch is that every application you might need won't be on f-droid, even if the application is open source it might not meet f-droid's requirements. That's where obtainium enters the picture.

obtainium

obtainium is an application that allows you to (fairly) easily install applications directly from the developers. All you need to do is to either perform a search for an application, like the brave browser, or enter its github url and obtainium will download, install it and prompt for future updates. Very smooth. If it's on github it's easily installable with obtainium.

replacing apps

Let's do this in three steps. First let's detail the apps that I used that existed in f-droid, thus allowing me to simply uninstall the google play versions and replace them with the same apps from f-droid. Then let's have a look at the apps that aren't open source but I could replace with 1:1 replacements. Finally let's have a look at the ones that I still need to use but couldn't replace.

existing apps

mpv - video player. antennapod - podcast manager and player. feeder - rss reader. round sync - rclone on android. Also the best network share mounter ever, bar none. standard notes - end to end encrypted note taking. Recently joined forces with proton. open camera - camera application. proton pass - password manager from proton. proton vpn - vpn from proton.

replacements

gboard -> florisboard. A smooth switch, unfortunately swipe is being refactored but is returning shortly. solid explorer -> material files. Solid's network share mounting is vastly better, but in every other way they're equivalent or a slight advantage to material files. 2fas -> aegis authenticator. 2fas looks better, aegis feels more extensible. But they're pretty much drop in replacements for each other, difference being aegis is properly open source.

obtainium

brave browser - this is unlikely to ever come to f-droid. signal - it does exist as a third party f-droid repository, but not in the main one. proton mail - this is coming to f-droid, it just relies on google services for push notifications. proton calendar - this is coming to f-droid, it just relies on google services for push notifications. proton drive - this is coming to f-droid, it just relies on google services for push notifications.

remainders

smart audiobook player - I simply do not care if anyone figures our what books I listen to. It's a fantastic app with sensible permissions. dialer - It's samsungs default. I don't care. It's logged by default by my carrier and my data sold left right and center. For private and secure voice communication, do not use the GSM networks. messages - Same thing here. Your SMS data is sold by your carrier to everyone and everything. Use a secure messenger like signal. bankid - it's complete bizarre that we're forced to use a commercial applications by a company to manage our citizen identities. If there's ever been an application that should be fully open source, and thus on f-droid, it's this one. But it isn't and you cannot live in sweden without it. You can side-load it though, while it will complain about not having google services on a de-googled phone it does still function. For now.

outro

Now, I will fully admit that I'm likely not the typical android user. I don't really play games on my phone, being a programmer I really only need a terminal and an ssh client for work apps. Thus my migration was very straightforward, yours might be trickier. But let's go back to what I said in the beginning. Perfection is the enemy of progress. Don't give up because you can't replace all the apps immediately. Don't be despondent because you have to use a googlefied version of android. Do the best that you can. Every step you take is better than no steps at all. Do what you can today so that you can go even further in the future.