惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Spread Privacy
Spread Privacy
V
Visual Studio Blog
爱范儿
爱范儿
Apple Machine Learning Research
Apple Machine Learning Research
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
GbyAI
GbyAI
Google DeepMind News
Google DeepMind News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
V2EX
J
Java Code Geeks
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
B
Blog RSS Feed
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
The Register - Security
The Register - Security
Latest news
Latest news
The Cloudflare Blog
Project Zero
Project Zero
月光博客
月光博客
U
Unit 42
Vercel News
Vercel News
Attack and Defense Labs
Attack and Defense Labs
Know Your Adversary
Know Your Adversary
V
Vulnerabilities – Threatpost
F
Full Disclosure
Schneier on Security
Schneier on Security
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
博客园 - 叶小钗
腾讯CDC
博客园 - 三生石上(FineUI控件)
T
The Blog of Author Tim Ferriss
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - Franky
S
Security Affairs
Hacker News: Ask HN
Hacker News: Ask HN
Security Latest
Security Latest
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
MongoDB | Blog
MongoDB | Blog
D
DataBreaches.Net
SecWiki News
SecWiki News
Recorded Future
Recorded Future
NISL@THU
NISL@THU
Hacker News - Newest:
Hacker News - Newest: "LLM"
Cloudbric
Cloudbric

Comparitech

How to watch McGregor vs Holloway 2 (UFC 329) from anywhere Medical billing firm MCBS warns 300,000+ patients of data breach - Comparitech Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs - Comparitech Colorado Health Network warns 68,000+ people of data breach that leaked SSNs, credit cards, and medical records - Comparitech Middletown, OH warns 123,000+ people of data breach that leaked SSNs, financial and medical info - Comparitech DeGoogling your life: What is it and how do you do it? How to opt out of Meta AI data collection - Comparitech Is CurseForge safe? Common risks and how to mod safely - Comparitech Cybercriminals say they hacked New South Wales Rural Fire Service - Comparitech Grandview School District warns 9,000+ people of data breach 21 months later - Comparitech Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols - Comparitech Kootenai County, ID warns residents of government data breach that leaked personal info - Comparitech What is Kik? Is it safe for kids? - Comparitech Cybercriminals say they hacked Reynella East College - Comparitech Are UK council websites adhering to government security guidelines? - Comparitech Bellflower Unified Schools warns students of data breach that leaked SSNs - Comparitech What are location services and how do they work? - Comparitech How to bypass Xbox age verification - Comparitech What is a Minecraft dedicated IP? Do you need one? The best Discord alternatives in 2026 - Comparitech How to watch UFC Freedom 250: Stream UFC White House online Taos Mountain Casino warns of data breach that leaked SSNs Cybercriminals give Delano Public Schools two weeks to pay ransom How to fix ‘Your connection is not private’ in Chrome Plaza Home Mortgage warns 138,000 people of data breach that leaked SSNs How to watch the NBA Finals live online from anywhere Cybercriminals take credit for Singing River Health System data breach How Spammers Are Hiding Behind Google and the New York Times Ransomware roundup: May 2026 Iowa hospital warns 24,000+ people of data breach that leaked SSNs, medical and financial info 80K+ people notified of data breach at Louisiana university that leaked SSNs & bank info Finance firm IMA warns 525,000+ people of data breach Auto lender IAC warns 79,000+ people of data breach that leaked SSNs Sandstone, MN says SSNs and financial info compromised in ransomware data breach Las mejores herramientas de gestión de Active Directory Die besten Active-Directory-Management-Tools I Migliori Strumenti di Gestione di Active Directory Las mejores herramientas de gestión de logs Die besten Log-Management-Tools I migliori strumenti di log management Watching You, Funded by You: Number of CCTV Cameras by UK Council & Police Force Las mejores herramientas SIEM para alertas de seguridad automatizadas Die besten SIEM-Tools für automatisierte Sicherheitswarnungen I migliori strumenti SIEM per gli avvisi di sicurezza automatizzati Software maker warns 200,000 Frost Bank customers in Texas of data breach Oregon employment firm notifies 142,000+ people of two data breaches claimed by ransomware gangs Cybercriminals say they hacked Harrison County, WV commission, demand ransom Cybercriminals say they breached AdvancedHealth, Tennessee clinic confirms Fluke Corp notifies 18,000+ people of data breach that leaked SSNs What is Token-Based Authentication? Tokens Explained Western Orthopaedics warns 113,000+ people of data breach that leaked SSNs, credit cards, and medical info What is ARP? ARP protocol explained What is symmetric encryption? Crunchyroll VPN not working? Fix buffering, errors & region blocks American Lending Center notifies 123,000+ people of data breach that leaked SSNs How to watch Oleksandr Usyk vs Rico Verhoeven online Cybercriminals say they hacked CarePoint Health, stole data Ransomware gang claims attack and data theft from UK city school Horizon Media reports data breach of SSNs, cybercriminals take credit Claude VPNs (and how to use Claude safely) What is GhostPairing on WhatsApp? What is a prompt injection attack? Where do leaked passwords end up? A statistical analysis of the dark web’s credential pipeline Ransomware roundup: April 2026 Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances How to watch UFC 328 (Chimaev vs Strickland) from anywhere Cybercriminals say they hacked Winona County, MN (again) Keeper vs 1Password: Which password manager is best in 2026? Proton VPN Secure Core: What is it, and should you use it? What is an agentic browser? Features and how to use them safely Sandhills Medical Foundation warns patients of data breach Cybercriminals say they hacked Massachusetts Development Finance Agency, its second breach in 2 years STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued Debt collector Rodenburg Law Firm warns 81,307 people of data breach Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches How to block ads on Paramount Plus A complete guide to smart speaker privacy What is the Great Firewall of China Cybercriminals say they hacked Rusk County, WI What is a decentralized VPN? Do you need a dVPN? Southern Illinois Dermatology warns patients of data breach that leaked SSNs 92,000 people notified of data breach following cyber attack at Puerto Rican hospital Cybercriminals say they hacked Minidoka Memorial Hospital, demand ransom What is sensitive data? Types and how to protect yourself Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace What is a passphrase? Are they safer than passwords? Phoenix Art Museum warns of data breach that leaked SSNs Mozilla VPN vs NordVPN – VPN Comparison Guide Cookeville Regional Medical Center warns 338,000 people of data breach Antimalware vs Antivirus: What’s the difference? What is URL phishing? Examples and how to stay safe How to use a VPN in Bhutan (and the best options) Cybercriminals give Brockton, MA hospital one week to pay ransom after hack Is Truth Social safe? Everything you need to know What is cyberwarfare? Medical implant maker TriMed warns 80,000+ people of data breach Ransomware roundup: Q1 2026 Heart South Cardiovascular Group warns 46,000+ people of data breach Cybercriminals say they hacked Community College of Beaver County Critical Infrastructure at Risk: 179 ICS Devices Exposed Online
What is F-Droid? Is it safe?
Richard Erns · 2026-04-30 · via Comparitech

What is F-Droid? Is it safe?

F-Droid is an Android app store that only hosts free and open-source software (FOSS). Most apps are built by independent developers, and the platform focuses on transparency and privacy. Anything that tracks you, shows ads, or is otherwise against FOSS principles gets flagged as such, so you know what you’re downloading.

Below, you’ll find an overview of F-Droid’s features, potential risks, and a look at its benefits and drawbacks. We’ve also included a quick setup guide, how to stay safe while using the platform, plus a list of F-Droid apps and alternatives you can check out afterward.

What is F-Droid? Overview and features

Ciaran Gultnieks started F-Droid in 2010 as an alternative to major stores that only promote closed-source apps filled with trackers, ads, and other user-hostile features. Users can install free and open-source software, while like-minded developers can share their work without giving control to large corporations like Google, Apple, or Amazon.

F-Droid is easy to navigate and doesn’t force you to sign in, so you can install and update apps without giving up your privacy. The open code also lets the community check for problems and even contribute improvements if they want.

screenshot of the F-Droid homepage

Transparency is also key on F-Droid. The platform checks apps for anything that could impact your experience, and highlights them with the aptly-named Anti-Features, including:

  • Ads: If the app isn’t ad-free
  • Known Vulnerabilities: If the app contains security issues that could be exploited
  • Non-Free Addons, Assets, or Dependencies: For apps that rely on proprietary plugins, media, or other software to function
  • No Source Since: If the app’s code is no longer publicly available
  • NSFW: For potentially inappropriate content
  • Tracking: If the app monitors or reports your activity, even if optional

Here’s what they look like, using Proton Authenticator as an example:

screenshot of F-Droid anti-features shown on the Proton Authenticator page

Best of all, F-Droid lets you hide apps with certain Anti-Features, so you don’t have to wade through ones that don’t interest you.

Is the F-Droid store safe?

F-Droid stands apart from many unofficial app stores because it only includes apps with public source code. That makes it safer than random APK sites where you might not really know what you’re installing.

Since most F-Droid apps are fully open-source, developers and users can read, test, and point out problems in the code. This community-based approach makes it easier to catch malware early, even without the infinite money Google throws towards app security.

Before an app appears in the main catalog, the maintainers review it and confirm it follows free software rules. They also label things like tracking, ads, closed-source components, and more, so you can decide for yourself which apps are trustworthy.

Common risks of F-Droid

Here are the most common risks you may be exposed to if you decide to use F-Droid:

  • Installation process: To install F-Droid, you must allow “unknown sources” on your device. Downloading the app directly from the official site is fine, but apps from other sources can put your device at risk.
  • Extra repositories: F-Droid lets you link additional repos to get more apps. Since these aren’t held to the same standards, some apps might be unsafe or improperly verified.
  • Potentially harmful updates: Even familiar apps can carry harmful code if a bad update slips through. Pay attention to new permissions and unusual app behavior just in case.

Is F-Droid safe for GrapheneOS?

F-Droid is generally safe for GrapheneOS if you stick to popular and recommended apps. Most of them are open-source, so the community can check apps for malicious code, which makes sneaking in malware harder than on closed app stores (like Google Play).

Some of the stronger warnings come from independent security research by a former F‑Droid team member. They showed that, in certain edge cases, F‑Droid’s server tools could misread who actually signed an app. F‑Droid has since released patches for some of the issues, but the GrapheneOS community felt the overall design still needs major changes.

Benefits of using F-Droid

F-Droid gives Android users an alternative way to find and install apps while keeping control over what’s on their device. It focuses on openness, transparency, and privacy, avoiding many of the restrictions and tracking found in mainstream app stores.

Here’s what makes it stand out:

  • Open-source app library: Every app in F-Droid is open-source, meaning anyone can inspect, audit, or modify the code. This helps users trust that apps aren’t secretly collecting data or otherwise being sketchy.
  • Privacy-focused store: F-Droid puts your privacy ahead of everything else. Apps generally avoid gathering data without a clear reason, and any tracking or ad-related features are clearly marked so you know what’s happening before you install.
  • Full app transparency: The store tells you upfront if an app has ads, tracking, or paid features. Most of them are free and don’t hide extra charges, but when an app isn’t fully open or ad-free, you’ll see them marked as having “Anti-Features.”
  • Account-free downloads: You can get apps directly without signing in or linking to external services. This removes unnecessary friction and keeps your identity separate from your app usage.
  • Apps unavailable on the Play Store: F-Droid hosts apps that Google doesn’t allow or hasn’t approved, including niche tools, developer utilities, and privacy-focused software.

Drawbacks of using F-Droid

F-Droid is built around privacy and open-source access, but it’s not perfect. Here are some of its drawbacks compared to Google Play or similar options:

  • Manual setup required: You need to adjust your Android settings to allow apps from outside the Play Store. This extra step can be confusing if you’re used to automatic installs and haven’t changed Android security settings before.
  • Fewer apps and no mainstream choices: F-Droid centers around free and open-source apps, so TikTok, Instagram, Spotify, and other favorites are unavailable. You also don’t get the same massive library Google has—though, to be fair, there are a lot of fake apps and other junk on the Play Store.
  • Some Android versions and apps require manual updates: You’ll need Android 12+ to enable automatic updates on F-Droid. Meanwhile, some apps built for older versions may not auto-update, so you’ll have to do so manually.
  • Third-party repos may be risky: Adding outside repositories can expand your app library, but their quality and security aren’t guaranteed.

How to use F-Droid: Step-by-step guide

Installing F-Droid apps on Android is easy, though you’ll have to change a couple of settings. Follow these steps:

  1. Head to your Android device’s Settings.
  2. In the search bar, type “install” or “unknown.”
  3. Tap Install unknown apps, Install from external sources, or just Unknown sources. This setting may be named differently depending on your model.
  4. Toggle on the setting for your browser.
  5. Go to f-droid.org.
  6. Tap Download F-Droid to get the F-Droid.APK file. If you get a 404 error (like I did), try scanning the QR code on the desktop site instead.
  7. Either way, open the file and tap Install.
  8. Once finished, tap Open and explore the store’s library.
  9. Press on any app you find interesting and press Install.
  10. You may receive a system prompt to allow installing unknown apps via F-Droid. Go to Settings and toggle on the permission to proceed.

How to install F-Droid on Samsung

The process is fairly straightforward on Samsung as well. Here’s what to do:

  1. Navigate to your device’s Settings.
  2. Look up “install” and tap Install unknown apps.
  3. You’ll have to tap it again when it redirects you to More security settings.
  4. Tap the toggle next to your browser to allow installation. series of screenshots showing how to allow installation of unknown apps on a Samsung phone
  5. Download the F-Droid APK file from f-droid.org, either by tapping the download button or scanning the QR code.
  6. Open the APK and tap Install in the prompt.
  7. Once it’s finished installing, tap Open and browse F-Droid’s selection of apps. screenshots showing how to download and install F-Droid on Samsung
  8. Tap any app you want, then Install.
  9. You’ll get a security prompt. Tap Settings and toggle on Allow permission to be able to install F-Droid apps. screenshots showing how to install unknown apps from F-Droid on Samsung

How to add a third-party repository on F-Droid

To get extra apps on F-Droid, you can add extra repos with these steps:

  1. See the list of third-party repositories on the F-Droid forum. Some popular examples include IzzyOnDroid and the Guardian Project.
  2. Tap and hold any of the options to copy the repo link.
  3. Open the F-Droid app, then go to Settings > Repositories. screenshots showing where to find the Repositories setting on F-Droid
  4. Tap the + button on the bottom right.
  5. Tap Enter repository URL manually, paste the link, then tap Add. screenshots showing how to add repositories on F-Droid
  6. Alternatively, press Scan QR code, go to the repo’s website, and scan the code there. Watch out for the loud beep (thanks for the jumpscare, F-Droid).
  7. Next, tap Add repository to see a list of apps on the repo. You can tap them and press Install. Some apps will offer a choice between installing from the F-Droid or third-party repo, but you’ll find a bunch of exclusives as well. screenshots showing how to add the IzzyOnDroid F-Droid repo, the list of apps found on the repo, and how to install them
  8. You can view the list of apps later by returning to Settings > Repositories, tapping on the repo, then Show apps. screenshots showing how to review added repos and their apps on F-Droid

What are some useful apps on F-Droid?

If you’re looking to “DeGoogle,” you’ll find a wide variety of apps that respect your privacy on F-Droid. Here are some options to check out:

Browsing and entertainment

Tired of Google tracking your every move, AI-generated ads on YouTube, or having to sift through endless recommendations? These apps help you browse, watch, and listen on your own terms, without unnecessary tracking or interruptions:

  • DuckDuckGo Privacy Browser: Open-source browser (except its search engine) that blocks trackers, keeps your searches private, forces encrypted HTTPS connections, and doesn’t link your activity to a Google account.
  • NewPipe: Watch YouTube without ads and avoid all the clutter. You can play videos in the background, download them for offline viewing, or even pop them out in a mini-player, all without logging in to Google. Also supports SoundCloud, Bandcamp, and others in the same app.
  • AntennaPod: Listen to podcasts without unnecessary tracking or interruptions. Subscribe, download, or stream your favorite shows on your schedule, with a simple interface that keeps everything organized.

Navigation and sync

Want to map your route, store files, or keep calendars synced without Google watching? These tools handle navigation and cloud storage so your information stays under your control:

  • OsmAnd: Get detailed offline maps and real-time navigation. Plan your routes, track your hikes, or explore new cities without sending your location to Google. Map data provided by OpenStreetMap.
  • Nextcloud: Open-source sync client, great for self-hosting files and photos across all your devices without some big tech company sneaking a peek. You can easily add extra integrations such as Calendars, Contacts, and more.

Email and two-factor authentication (2FA)

Keep your messages and accounts secure with strong encryption, multi-account support, and reliable 2FA, with apps like:

  • FairEmail: Read and manage multiple email accounts securely. Uses strong encryption, doesn’t track your messages, and gives you full control over notifications and storage.
  • K-9 Mail: Open-source client that lets you handle multiple emails and supports PGP encryption for added security.
  • Aegis Authenticator: Protect your accounts with this open-source authenticator app. Generate secure codes locally, back them up safely, and manage multiple accounts without relying on cloud services that could track you.

Termux – terminal emulator with Linux tools

Termux gives you a full Linux environment right on your phone or tablet. You can run command-line programs, write scripts, manage files, and even install packages just like on a desktop. It’s great for power users who want to tinker, automate tasks, or experiment without needing a separate computer.

Tips to use F-Droid safely

F-Droid is mostly safe, but you still need to follow some basic precautions. Knowing how to handle extra repos, app permissions, and updates can prevent headaches later on.

Be wary of third-party repositories

Adding extra repositories expands your app choices, but these sources aren’t always checked as carefully as F-Droid’s main repo. Stick to well-known options, check the F-Droid forums for community feedback, and avoid adding ones that seem sketchy to reduce the chance of installing unsafe apps.

Keep an eye on anti-features

F-Droid immediately warns you if an app has features you might not like. Always take a look at an app’s listed anti-features—whether it’s tracking, ads, NSFW content, or the inclusion of proprietary code—and you won’t be caught off-guard.

If you’re curious how common these flags are, F-Droid has a neat list of all apps with known anti-features you can check out.

We also recommend reviewing anti-features every now and then, as you never know when a trusted app suddenly changes ownership. Nothing like waking up one day and realizing your minimalist notes app has ads now.

Manage app permissions carefully

Review the permissions an app asks for and only allow what makes sense. Limiting access to location, contacts, or storage reduces the risk of apps collecting unnecessary data. Permissions can change with updates or if an app gets compromised, so pause for a second before agreeing to share your location with your podcast app.

Related:

Check app sources

Verify that you’re downloading apps from official F-Droid repositories or trusted developers. Avoid APKs from unknown sites, as they may contain malware or modified code. Even popular apps can be faked on unofficial sites.

Double-check the URL on official websites and GitHub pages, developer names, and cryptographic signatures when possible to ensure the app is authentic.

Update Android and F-Droid apps

Running the latest versions of Android and F-Droid reduces vulnerabilities. Updates often patch security issues and fix bugs that attackers could exploit. If you’re running Android 12+ go to F-Droid’s Settings and toggle on Automatically install updates. On older phones or with older apps you’ll need to check for updates manually once in a while.

Enable Play Protect

Even if you mostly use F-Droid, Play Protect can provide a safety net for any apps installed from other sources. It scans for malware and warns you if something looks suspicious. You can check if it’s enabled by going to your Android settings and typing in “Play Protect” in the search bar. When you tap on the option, it should have a green checkmark next to it.

What are some F-Droid alternatives?

There are several ways to get Android apps outside F-Droid, depending on whether you want mainstream apps, open-source software, or more control over your downloads:

  • APKMirror: Offers official APKs, including older versions and region-restricted releases, though it’s not focused on open-source software.
  • Aurora Store: Lets you download Play Store apps without a Google account, which is great for privacy.
  • GitHub: Many open-source developers host APKs here. You can download them directly, but you’ll need to confirm the source is legitimate yourself.
  • Aptoide: Decentralized stores created and managed by users. Naturally, this means app quality and safety can vary wildly, so be on the lookout for potential malware.
  • Amazon Appstore: Runs its own app catalog with common titles and some exclusives.

In the end, F-Droid is still your best bet if you want fully open-source apps and clear build transparency. Regardless, other platforms may have smaller or niche apps that you won’t find on F-Droid.

Is F-Droid going away?

F-Droid itself isn’t going away (yet), but changes to Android could make it much harder to use freely. That’s because Google plans to require developer ID verification if they want their apps to run on certified Android devices. This affects apps from any source, including F-Droid, direct downloads, or other app stores.

F-Droid, the Electronic Frontier Foundation (EFF), Proton, and dozens of software freedom advocates have argued that this centralizes control over who gets to publish apps, which goes against Android’s whole open platform model.

Basically, if every developer has to register with Google, third-party app stores will lose their independence. Meanwhile, small developers will have to deal with fees (yep, paid registration), ID checks, and ongoing terms they can’t negotiate.

Now, Google says that developers will still be free to share apps directly or through any store they choose. However, F-Droid’s open letter mentions that if unverified apps can’t run on most devices, “sideloading” is essentially over.

What is F-Droid? FAQs

Is F-Droid free?

F-Droid is completely free. There are no hidden fees or subscriptions, and you don’t even need to create an account. Most apps you’ll see are open-source, so you can download, install, and modify them without spending a cent. Any titles that include ads, tracking, or monetization are marked as having Anti-Features.

How does F-Droid make money?

F-Droid makes money through donations and community support. The project runs as a nonprofit effort, so it doesn’t rely on ads or paid placements inside the app. You can donate if you want to help cover hosting and development costs, but using the store costs you nothing.

Is F-Droid illegal?

F-Droid is legal in most countries because it distributes open-source apps with proper licenses. Still, local laws vary, so you’re responsible for how you use the apps once they’re on your device. Always check whether an app’s functionality goes against local regulations.

What is a repo?

A repo is short for repository, and on F-Droid, it’s basically a source of apps you can browse and install. The main F-Droid repo has most apps, but you can add others to get extra choices. Each repo is like its own little app library, though not all of them have the same safety standards as F-Droid.