/

###3 Basic System Management - App Store

1. The Problem with the Play Store many people advocate the use of the Google Play Store for a few of it’s advantages. The Google Play Store lets app developers sign their apps using their own cryptographic signatures, for one, which many app stores do not. It also sometimes receives updates before other app stores do. However, those pale in comparison with it’s disadvantages. The first and foremost disadvantage is the seemingly total lack of meaningful auditing of the apps that are included in the Play Store. On a single search for a more-or-less benign term like “Chess Game” it is possible to find half a dozen instances of apps that ask for inappropriate or excessive permissions in order to track users. These anti-features are not explicitly listed and they are frequently deliberately surreptitious. There are other real problems with the Play Store and Google’s services in general as well, including backdoors which allow Google to install and remove applications from your device without your consent or knowledge. If you installed a Free and Open-Source ROM for your device, you’ve already rid yourself of the Play Store and now you can move on to something better.
2. The Safe Alternative: F-Droid is an app store which was created partly to deal with the problems surrounding Google Play by the Free Software Community. It is much more selective about the apps it will include, meaningfully auditing the code for malicious inclusions and anti-features. Anti-Features which don’t disqualify an app from being included in F-Droid must be explicitly listed in the app’s description in order to allow the user the oppourtunity to make a conscious decision to use that app or not. Using F-Droid means you are much less likely to receive a malicious app or update from your app store. Installing F-Droid will require you go into your phone’s settings and enable installing apps from “Untrusted” sources.

####How to Install F-Droid

**First, Enable Installation from “Untrusted” Sources. ** Out-of-the-box, your device “Trusts” applications which Google Play Services “Trusts,” which we’ve already seen means your phone trusts the vast majority of malicious apps already. In this step, we’re going to enable you to install apps which aren’t trusted by Google Play Services but which provide their own trust mechanism through F-Droid. Security-Conscious users should carefully judge apps they install on their own merit, and not upon the trust that Google places in them.

1. Open your device’s “Settings” app from the App Menu.
2. Tap the “Applications” menu in the “Settings” app
3. Tap “Enable Installation from Unknown Sources”
4. When warned, click OK.

Next, Download and Install F-Droid from the Web Site

1. Open the “Browser” app from the App Menu
2. Navigate to https://www.f-droid.org
3. Click the big blue button that says “Download F-Droid.” It should only take a few seconds.
4. In your Downloads menu click “f-droid.apk” and install the app.
5. Open F-Droid from the App Menu to to access the app.

#####Appendix 3 * Upkeep: The focus of F-Droid is to put control of the device’s features into the hands of the person who owns and uses the device. To that end, it will inform the user of when an update is available, but it will not install that update automatically. When using F-Droid to obtain security software, as you should, you should make sure to review and install updated versions of the apps as they become available. * Notes: You should still avoid installing anything unnecessary, even though F-Droid provides reasonable assurance apps are not created with malicious intent, code is hard to create and vulnerabilities are easy to implement by accident in even the best of circumstances. Judgment will always be key to serious security. * Developers/Aspiring Developers: F-Droid is a responsive, vibrant community for people who want to publish Free and Open Source apps for Android. If you’re a developer, I encourage you to consider informing F-Droid of your Free Software application and asking them to consider including it. Usually, the process is only a matter of a few days and making F-Droid better makes the world a safer place for Android users.