Bazaar2 Monthly Report - February 2017

Added by hans 10 months ago

Now that a lot of the work we have done over the past year is solidifying, we have started to do a lot more to promote it. To that end, there will be lots of activity at conferences around the world, as of February:

  • Peter represented F-Droid at FOSDEM in Brussels
  • Hans at Android Security Symposium in Vienna
  • Hans at RightsCon: “Internet Freedom App Store: we require alternatives to the two gatekeepers”
  • Hans at Iran Cyber Dialogue
  • Torsten at in Havana
  • Peter at in Ho Chi Minh City

There were also some interesting developments from people entirely unrelated to the F-Droid core developers and Bazaar2 development effort.

Objective 1 Simple multi-pronged distribution

We made progress on lots of little details over the past month, and some bigger, long running efforts. First and foremost, we know have an entire build infrastructure based on KVM that can run within a KVM guest (aka “nested KVM”). This setup is now running once a day on This will be the basis of our weekly rebuilds of the entire collection of apps to provide the feedback for working towards reproducible builds for as many apps a possible. Running the whole process from the very beginning each week gives us continuous integration testing for our whole build infrastructure.

  • we started working with libscout to detect library versions in apps. This will allow us to work with CVEs and other data sources for marking known vulnerabilities in libraries. This data is then included in app index metadata, which F-Droid can then use on the device to highlight vulnerable apps to prompt the user to update or uninstall.
  • we worked with a Cuban user group to fix the issues that arose from building an F-Droid app repository from 12,000 APK files.
  • we got our bug fixes integrated into the Debian packages needed to run the build intrastructure

Objective 2 Curation Tools for Organizations

We held a kick-off meeting in order to lay out the design issues and to set the stage for deciding the technical approach of the whole project. We decided to go with a web app over an Android app for a number of reasons, including that it was the most flexible approach. Carrie sketched the basic workflow to get the ball rolling. There is lots more information on the backstory of this work in Torsten’s blog post:

Objective 3 Modern App Store with Built-in Circumvention

The F-Droid Privileged Extension is now shipping with CopperheadOS and Replicant, so those devices no longer need to turn on “Unknown Sources” in order to use F-Droid. This also provides fully automatic background updates. Next steps are to get the Privileged Extension integrated into more devices and ROMs, and to make it easy for all the custom Android ROM developers to properly integrate F-Droid into their projects.

UX Overhaul

We have been working on wrapping up the designs for the improvements in the UX and UI that we are making after the first round of user tests. We will be doing another round of user tests in late March, this time with alpha releases of the real app, to confirm the design, and find and last glaring issues. In addition to the feedback from user tests, we have also received lots of great, unsolicited feedback from the F-Droid community via our issue tracker. While it was extra effort for us to have the design discussions on a public forum, it has paid off due to the quality of the discussions that we had there, including detailed reviews based on the Material Design Guidelines and ideas for handling some of the tricky design problems. This thread is a great of example:

The major design improvements include:

User Testing

I’ve outlined the areas that we’d like to gain feedback on in the next round of tests. The primary UX flows we want feedback on include: users’ ability to update apps, the offline experience, and the experience of searching within a category. We also are looking for feedback on users’ comprehension of the new menu icons, how much they trust F-Droid, and how likely they are to donate to developers.

Objective 4 Partner Deployments

We finalized the design of update libraries in conjunction with the Tibetan partner organization, and signed a contract for it to be implemented by Mark Murphy aka @commonsguy. These two libraries work together to provide alternate paths to app updates:

Objective 5 Usability Research on In-country Developers

The developer survey was completed and translated into Spanish, Chinese, Farsi, and Russian. It is now available at Seamus started the testing and promotion of the survey with the aim to kicking it off at Internet Freedom Festival in Valencia.