Core Apps » Bazaar

For May, we focused on a major rearchitecting of the F-Droid Android app to allow for flexible, modern user interaction. This work also makes it easier for volunteer contributors to take on smaller chunks of work since the source code and app structure are a lot cleaner and more consistent. We also continued research on usability in places with low internet access.
Lastly, we kicked off another round of work for getting the Android SDK into Debian with three students working this summer funded by Google’s Summer of Code.

For an overview about how we are currently thinking about this work, see the latest blog post:
https://guardianproject.info/2016/06/02/building-the-most-private-app-store/

Objective 1 Simple multi-pronged distribution

We are always happy to see others build upon our work and so we are excited to see the Android Tamer project using our Debian packages of the Android SDK and related tools. Android Tamer is a pre-built system for malware analysis, penetration testing, and reverse engineering of Android apps, shipped in the form of a “Live CD” and virtual machine image. We are also kicking off a continuation of that effort as part of Debian’s participation in Google Summer of Code. Three students from India, Taiwan, and France are joining us as part of the Debian Android Tools team to get the whole Android SDK included in Debian via a reproducible build process.

Objective 2 Curation Tools for Organizations

We researched ownCloud, a free software cloud services platform, as a potential platform for curation tools. It provides lots of useful, web-based tools like file sync, music and media handling, authentication, and more. The big downside is that it has a history of relatively poor security practices, and it could be difficult to create a reasonably secure pipeline for working with Android apps within the way ownCloud works. However, it is still promising as a place for curating media collections and publishing them to F-Droid.

Objective 3 Modern App Store with Built-in Circumvention

This month we focused on a major re-architecting of the core of the Android app to provide a solid platform to build an extended and improved user experience, covering:

• Media handling
• Parallel, background operation
• A less linear and more intuitive swap user experience
• Seamless integration into Android ROMs like Copperhead, Replicant, etc.
• Multi-tasking

The big ticket item already included in the 0.100 release of F-Droid is the ability to download multiple apps at once. Although we started and released this feature in alpha releases in April, many of the stability and architectural changes were implemented in May. Another big round of core changes is going into 0.101, preparing us for the big user experience overhaul (UX overhaul) starting in mid-June. While these core changes are improving the existing user experience, they will leave some things in an odd state until the UX overhaul is complete.

• Notifications being able to be cancelled correctly, whether the app is in a queue waiting to be downloaded or actively being downloaded.
• Proper management of “Tap To Install”. Previously (back in April) it would put the item back in the queue to wait for all other downloads to complete before directing the user to the screen where they can install. Now it takes you there straight away despite other downloads occurring.
• Correctly showing progress for all types of downloads, whether for apps or repos, notifications or the “App Details” screen.

We also nailed down the architecture for a fully privileged F-Droid that has the same abilities as Google Play in terms of being able to securely and transparently install and update apps (i.e. operate without “Unknown Sources”). This functionality can be included by ROMs, flashed onto phones, or installed via root access. We worked with Copperhead and Fairphone to design the F-Droid integration with ROMs to be both secure and flexible.

We discovered a bug in the app installation process of the upcoming Android release, codenamed “N”, as well as a different issue related to the handling of file/content URIs. We reported the bugs to Google and both should be fixed in the upcoming Android “N preview 4”.

In order to improve the Tor integration in F-Droid, we are working on the NetCipher library to make it very easy for apps to integrate with Orbot, including automatically starting Tor when needed, and providing apps feedback on the status of Tor. NetCipher is then used in F-Droid, and is freely available to any Android project that wants to include simple Tor support. To that end, we are expanding the number of networking libraries that NetCipher integrates with, it now works with:

• the built-in URLConnection API
• Square OkHTTP
• Google Volley
• Apache HttpClient for Android
• ch.boye HttpClient

Objective 4 Partner Deployments

No notable activity here, we are waiting to finish some of the core improvements before proceeding further with partners.

Objective 5 Usability Research on In-country Developers

We discussed strategies for reaching in-country developers with a potential UX research lead.

We are starting to work with researchers in Afghanistan on user research in areas where internet access is very limited, both for people looking to get apps and media, as well as people distributing them.