Vortrag: F-Droid: building the private, unblockable app store
your app store does not need to know who you are
As app developers, we want to focus on making our apps better. It is easy to delay thinking about security. But exploits are now targeting developers, for example, XCodeGhost had a massive impact. The F-Droid free developer tools make a secure process vastly easier, and with little change to your workflow, while providing automated uploading to Google Play and F-Droid when posting new apps, releases, their descriptions, and the translations.
There are also many things that can make it hard to get apps to users. Google Play is blocked in some places, regional app stores are often cesspools of malware. The internet can be disabled or even just plain expensive. People turn to getting apps from websites, email, bluetooth, SD Cards, or any other method they can figure out. In China, the internet is ubiquitous but heavily filtered and monitored; but "collateral freedom" techniques have proven effective. In Vietnam, swapping apps with Bluetooth is widespread. In Cuba, people get apps via mesh networks and by buying "La Paquete". These techniques work in many places, but none work in all, and it is very difficult to keep track of them all. This requires users, developers, companies, and organizations to be fluent in many technical details in order to effectively get and distribute mobile apps and media around the world.
F-Droid includes all these techniques in system that is easy for developers to plug into. we are focused on providing a simple, smooth user experience, with three use cases in mind:
* The end user gets a familiar app store experience, regardless of the complexity behind it all
* The developer is in control of a simple set of commands that automate the entire distribution workflow for easily making highly secure builds, then getting apps out through all possible channels, including Google Play
* Non-technical organizations and people can use these tools to publish curated collections of apps and media, without getting caught up in the technical details of the whole process.