Lately, it did not look too good for the privacy of Android users. Afteranother were infected with malware in March, followed by July's discovery of collect the data even after you deny permissions and a core meltdown of Chrome extension security occurred in May.
It's a good time to check. And an even better time to go for a spin with F-Droid, the safety-driven Android app marketplace that replaces the Google Play store with a catalog of fully-openable FOSS-installed software.
"In general, consumers have very few tools and clues to properly control their privacy and make decisions," Egelman said earlier this year. "If app developers can only circumvent the system, it's relatively meaningless to ask consumers for permission."
With so few tools, you can consider using one of the most effective – disabling the Google Play Store.  Is F-Droid Safe?
While Google Play promises to scan its apps, the outbreak of malware in its software proves that no app repository is ever 100% secure.
But as an open source project, F-Droid shows us what they can do: none of the applications in the catalog contain tracking or hidden costs. A community of developers can easily examine the source code to detect suspicious behavior and F -Droid has rigorously documented its own external security checks and made a history of how to fix security vulnerabilities. If F-Droid detects apps with potentially incompatible features, they will be flagged.
It is no coincidence that sticking to pure open source apps means that an F-Droid app that is not supported by a developer is not necessarily a death sentence for personal information that you may want to save.
In terms of privacy, F-Droid has numerous precautions: it sends everything through HTTPS, avoids sharing app search and browser data, supports Tor, and includes all supported languages in the metadata, so servers do not even know what language do you use to speak.
For security reasons, CNET previously reviewedAndroid apps or third-party APKs (the Android app file package that contains executables similar to Windows EXE files) ) that are not officially supported by Google. But have a way to put things in perspective.
Times have changed. In addition to F-Droid, there are other competitors that are not part of the Google App Store and can not be found in the Play Store, including Amazon Appstore and Samsung Galaxy Apps. And all work with varying degrees of data security. To be on the safe side, you no longer have to stick to the biggest brands. It's about improving your review and improving your safety.
F-Droid is one of the best-studied play store alternatives we can recommend. Therefore, review the security model critically to form an opinion on F-Droid and review the most recent security review.
How do I install F-Droid?
If you want to download F-Droid, you will not find it in the Play Store. Instead, you can download it directly from the F-Droid website. Confirm the installation as soon as your phone tells you to and you can start browsing. If you want a two-click visual tour of the installation, PrivacyPro offers a walkthrough of it (along with a list of preferred starter apps).
For those looking for the right privacy-oriented apps, check out the F-Droid approved Guardian project. The easy-to-use security app suite is the perfect place to start building your data-safe mobile usage routine.
If you are using an older version of Android, you must allow software from unknown sources through the system settings. However, if you are using Android 8 Oreo (or later), we recommend enabling a handy new setting that only certain apps (like F-Droid and the Play Store) can install APKs. This prevents other applications such as email clients from silently installing malicious software through hijacked attachments.
We encourage F-Droid users to comply with APKs on the F-Droid App Store to ensure that you install only those apps that have been deleted for a strict security clearance. If you want to use both F-Droid and the Play Store, we recommend activating Google Play Protect, if you have not already done so.
It's not a magic shield, it's a first line of defense by tapping Android's built-in security to screen apps you install both inside and outside the Play Store. Play Protect is not enough. You should also use at least one of the other 16 non-Google security apps that outperformed Play Protect when AV Test fired 18,000 malwares on them last year.
- Open source software offers better overall security.
- A rigorous app review process ensures that you are not tracked.
- No hidden costs in apps and a more complete customization of any app.
- Without a visible rating system, you may have to rummage around and experiment to find the best apps.
- There are only about 2,600 apps in F-Droid, compared to more than 2.5 million apps in the Play Store. Noteworthy here is a Playstore filter app approved by F-Droid, Yalp. You can use it to search Play Store apps while filtering out ads, hidden costs, and blacklisting, and then download each app's APK files directly from the Play Store.
- Most of your F-Droid apps need to be manually updated, while Play Store apps are typically updated automatically.
For those who want to stay in the Play Store, Android's 31-page official security and privacy report for 2019 may provide cause for optimism. Despite a reported 0.02% to 0.04% increase in the number of potentially harmful applications (PHAs) downloaded from the Play Store, Google attributes much of this increase to improvements in its own tracking methods, including the earlier mentioned broader implementation of Play Protect Scanned More than 50 billion apps on more than 2 billion devices every day. Google has apparently taken good faith action to lure
This year's report also found that "only 0.08% of devices using Google Play alone had one or more PHAs installed (unchanged from the previous year), while 0.68% of devices were affected, where apps from outside of Google Play were installed by one or more PHAs in 2018. "
CNET asked what part of these 0.68% F-Droid users were and whether Google had any more safety warnings for users of the apps outside the Play Store. In response, Google redirected CNET to a help article and advised users to download apps from the Google Play Store to prevent.
Editor's note : Using a third-party app store like F-Droid to get apps instead of the Google Play store gives you more control and more privacy and security, but requires also more care. It is for power users. Installing third-party apps on Android is still at your own risk. So make sure you take that risk.