Bazaar2 Monthly Report - February 2017
Now that a lot of the work we have done over the past year is solidifying, we have started to do a lot more to promote it. To that end, there will be lots of activity at conferences around the world, as of February:
- Peter represented F-Droid at FOSDEM in Brussels
- Hans at Android Security Symposium in Vienna
- Hans at RightsCon: “Internet Freedom App Store: we require alternatives to the two gatekeepers”
- Hans at Iran Cyber Dialogue
- Torsten at http://www.cubaconf.org in Havana
- Peter at http://droidcon.vn in Ho Chi Minh City
There were also some interesting developments from people entirely unrelated to the F-Droid core developers and Bazaar2 development effort.
- An Iran-focused app store based on F-Droid launched: https://belmarket.ir
- Effectively using Android without Google HOWTO, based on F-Droid, got lots of attention on reddit: https://fxaguessy.fr/en/articles/2017/02/11/effectively-using-android-without-google-play-services-gplayweb-in-docker
- Turns out that some Cubans have been using F-Droid for a couple of years now, according to someone who came to us in public forums with some technical questions. They have been running F-Droid repos on the local Cuban nets since 2014! The main app store is currently up to 12,000 APKs that have been gathered from people and the weekly packet. They pointed to this article about the first setup. Unfortunately, it does not mention F-Droid by name: http://www.escambray.cu/2015/wifi-fuera-de-zona/
Objective 1 Simple multi-pronged distribution¶
We made progress on lots of little details over the past month, and some bigger, long running efforts. First and foremost, we know have an entire build infrastructure based on KVM that can run within a KVM guest (aka “nested KVM”). This setup is now running once a day on https://jenkins.debian.net. This will be the basis of our weekly rebuilds of the entire f-droid.org collection of apps to provide the feedback for working towards reproducible builds for as many apps a possible. Running the whole process from the very beginning each week gives us continuous integration testing for our whole build infrastructure.
- we started working with libscout to detect library versions in apps. This will allow us to work with CVEs and other data sources for marking known vulnerabilities in libraries. This data is then included in app index metadata, which F-Droid can then use on the device to highlight vulnerable apps to prompt the user to update or uninstall.
- we worked with a Cuban user group to fix the issues that arose from building an F-Droid app repository from 12,000 APK files.
- we got our bug fixes integrated into the Debian packages needed to run the build intrastructure
Objective 2 Curation Tools for Organizations¶
We held a kick-off meeting in order to lay out the design issues and to set the stage for deciding the technical approach of the whole project. We decided to go with a web app over an Android app for a number of reasons, including that it was the most flexible approach. Carrie sketched the basic workflow to get the ball rolling. There is lots more information on the backstory of this work in Torsten’s blog post:
https://guardianproject.info/2017/02/22/build-your-own-app-store-android-media-distribution-for-everyone/
Objective 3 Modern App Store with Built-in Circumvention¶
The F-Droid Privileged Extension is now shipping with CopperheadOS and Replicant, so those devices no longer need to turn on “Unknown Sources” in order to use F-Droid. This also provides fully automatic background updates. Next steps are to get the Privileged Extension integrated into more devices and ROMs, and to make it easy for all the custom Android ROM developers to properly integrate F-Droid into their projects.
UX Overhaul¶
We have been working on wrapping up the designs for the improvements in the UX and UI that we are making after the first round of user tests. We will be doing another round of user tests in late March, this time with alpha releases of the real app, to confirm the design, and find and last glaring issues. In addition to the feedback from user tests, we have also received lots of great, unsolicited feedback from the F-Droid community via our issue tracker. While it was extra effort for us to have the design discussions on a public forum, it has paid off due to the quality of the discussions that we had there, including detailed reviews based on the Material Design Guidelines and ideas for handling some of the tricky design problems. This thread is a great of example:
https://gitlab.com/fdroid/fdroidclient/issues/709
- Redesign of the Updates view, which was previously known as My Apps https://gitlab.com/fdroid/fdroidclient/issues/840
- Update to the categories view https://gitlab.com/fdroid/fdroidclient/issues/851
- Updated icons for the main menu https://gitlab.com/fdroid/fdroidclient/issues/838
- creating illustrations to integrate into F-Droid, giving it a much more fun and human feel
User Testing¶
I’ve outlined the areas that we’d like to gain feedback on in the next round of tests. The primary UX flows we want feedback on include: users’ ability to update apps, the offline experience, and the experience of searching within a category. We also are looking for feedback on users’ comprehension of the new menu icons, how much they trust F-Droid, and how likely they are to donate to developers.
Objective 4 Partner Deployments¶
We finalized the design of update libraries in conjunction with the Tibetan partner organization, and signed a contract for it to be implemented by Mark Murphy aka @commonsguy. These two libraries work together to provide alternate paths to app updates:
- Apps can update themselves using the same server-side as an F-Droid repository https://gitlab.com/fdroid/fdroidclient/issues/852
- Apps can prompt users to securely download F-Droid to provide the update channel https://gitlab.com/fdroid/fdroidclient/issues/714
Objective 5 Usability Research on In-country Developers¶
The developer survey was completed and translated into Spanish, Chinese, Farsi, and Russian. It is now available at https://challenges.tech/ Seamus started the testing and promotion of the survey with the aim to kicking it off at Internet Freedom Festival in Valencia.
Comments