Bazaar2 Monthly Report - April 2017

Added by hans 19 days ago

April was a big month for us in terms of finishing up some big parts
that are directly visible to users, and easy to demonstrate. The
biggest is the final 0.103 release of the F-Droid app which includes
the complete overhaul of the user experience, which feels simple,
friendly and modern. This is one short step from a big 1.0 release,
once we nail down the last features and get some more testing

We also launched the first alpha of the new F-Droid Repomaker, a
simple web tool for creating and managing collections of apps and
media, and delivering them to users via F-Droid repositories (aka
“repos”). Try the alpha demo!

On top of those two launches, there are many other small
accomplishments from this biggest and final development sprint for

Objective 1 Simple multi-pronged distribution

Make All Text Translatable

All texts within F-Droid and graphics associated with apps are now
translatable, including all the strings within the app itself, all app
names, summaries, descriptions, video links, recent changes, and
screenshots. With release of F-Droid client 0.103, it will use any
available language. For the F-Droid client app itself, many languages
are completely translated, and many more have reached the functional
level, thanks to the ongoing support from F-Droid community volunteers
and the Localization Lab:

  • 19 over 99%, including Belarusian, Brazilian, Persian, Russian,
    Spanish, Chinese, Turkish
  • 32 over 90%, including Arabic, French, Italian, Romanian, Shona, Ukrainian
  • 45 over 70%, including Burmese, Hungarian, Korean, Simplified Chinese,
    Thai, Vietnamese
  • see all and contribute here:

We have not received any Tibetan translations yet. We will be hiring
translators to finish the Simplified Chinese and Tibetan translations.

For the per-app materials, we are now adding all the translated
materials for all the Guardian Project apps to the Guardian Project
F-Droid Repository, which users can enable with the flip of a switch
in F-Droid. We are also helping app developers to get their
descriptive materials integrated for automatic inclusion in

Reproducible Builds

For reproducible builds, we started out by doing mass rebuilds of all
apps in, as shown by
This let us fix the most common issues without getting stuck on a few
hard issues. Now that we have reproducibly built over 300 different
apps, we’re turning to focus on reproducibly building the most
security-sensitive apps. These tend to be the most difficult since
they frequently include “native” C code, which is much harder than
Java to build reproducibly.

Handling Media

While the core tools for adding media files to F-Droid repositories
were created months ago, we turned to focus on one specific use case
in order to polish up the media file support: the F-Droid Privileged
Extension “Over-The-Air (OTA) update”. This is a ZIP file that users
“flash” to their device to install it with elevated privileges. This
file is now built, signed, and released using the full F-Droid stack,
providing a trusted download method for users of any Android ROM to
flash to their device:

That means the whole server-side deliver process is ready to handle
any file you can copy into a folder. The 1.0 release of the F-Droid
client app will fully handle installing common file types so that
media players, etc. will automatically find and play them. As part of
the Curation Tools section, RepoMaker already has some basic support
for handling media, which we are now working on completing and

Developer Support

In collaboration with Guardian Project’s Developer Square effort, we
held a workshop on the internet called GLOW2017: . The videos are archived and available
for anyone to learn from.

Google Play Integration

When the Bazaar2 project was defined, there were not well known tools
for managing all of the localized files in Google Play. Now there are
two: Fastlane Supply and Triple-T Gradle Play Publisher. Both are
free open source software, so instead of reinventing the wheel, we
instead integrated with those existing tools. fdroidserver now
automatically detects the app store support materials in the app’s
source repo if it is already setup for Fastlane or Triple-T. So there
is now one place to put all of the app store materials (descriptions,
graphics, etc) to publish them to F-Droid and Google Play. Those
descriptions can be easily added to Weblate, Transifex, etc so that
the translations can be automatically synced when they are complete.

Objective 2 Curation Tools for Organizations

RepoMaker has reached a functional level with the core features
implemented. It is currently being developed around the two basic setup
modes: as a hosted web app. Apps can be manually added or automatically
fetched from other F-Droid app repos. RepoMaker can publish the repos
in all the same ways that fdroidserver can, e.g rsync GitHub, Amazon S3,
etc. There is a alpha demo of the multi-user mode for anyone to try:

You can see demos of a number of key features in Torsten’s RepoMaker

We also began to build the foundations of the localization support.
This current implementation strategy will also allow for standalone
installations like a desktop app following the web app model like Riot,
Signal, etc.

Objective 3 Modern App Store with Built-in Circumvention

The new user experience is functionally complete and a full release,
v0.103, is now available via the normal release channels. We also
nailed down the full integrated experience using F-Droid Privileged
Extension, which allows for installs without enabling Unknown Sources
and automatic updates in background. It is now well tested and
working solidly on all Android versions. For the past month, we found
and fixed a number of issues specific to Android 7.x.

User Tests

We ran two parallel user tests in Lubbock, Texas and Vienna, Austria
of the new user experience for the F-Droid client app. Overall, we
are happy to say that they confirmed the general approach of the new
design, and users overwhelmingly found it simple to use. There were
two areas where users had difficulty: nearby app swapping and adding
new app repositories. This was not a surprise since, first and
foremost, those are totally new concepts for most mobile users, who
are used to getting everything from one source: Google Play.

The full report is available at:


The new website is ready for launch, once we complete the secure,
automated deployment procedure. The new website is generated using
Jekyll and consists entirely of flat files with no code running on the
server side. On client-side, Javascript is only required for the
search function. This makes the website work well with Tor Browser,
and makes it easy for anyone to deploy their own app store using
simple cloud file hosting services like Alibaba Cloud, GitHub Pages,
Gitlab Pages, Amazon S3, etc. as well as simple appliance devices like
LibraryBox, FreedomBox, etc. We also began the process of making the
website fully translatable. The staging server is publicly available

Automated Circumvention

The fdroidserver tools for automated “collateral freedom” distribution
are in place. The current options for automatic publishing to mirrors
are: GitHub, Gitlab, Amazon S3, and SSH/rsync for webservers and Tor
Hidden Services. The F-Droid client app is already receiving the
metadata about those mirrors, but it does not yet automatically act on
it. Users can manually subscribe to individual mirrors now. The
Guardian Project app repo is currently setup for all of these types of

As for mirrors of, we launched a third mirror for the main
repo which is in the USA. This will better cover the Americas over
the two European mirrors.

Malware Tools

We added support for two sources of metadata about apps. Fdroidserver
can now automatically upload all new release to and These both
provide rich sources of metadata about apps and malware, viewable via
web pages or accessible via an API. They both are based on the SHA256
hash sum as a unique ID, so it is easy to link an APK on a device to
the data on those services. This data will be used to alert the user
to known malware in the new “Updates” tab of F-Droid client.

Objective 4 Partner Deployments

We have two prototype libraries for ensuring that apps have a
reliable, trusted update channel no matter where they were downloaded
from. There are lots of custom versions of this, from Firefox to
Signal. The libraries that we are creating are standardized, free
software libraries. They also integrate with the whole F-Droid
eco-system, using the same tools to manage the server-side as are used
for F-Droid “repos”. This provides the flexibility for app developers
to mix and match the features they need, like direct app updates via a
dedicated app repo, updates via, confirmed
reproducible builds of releases, “collatoral freedom” mirrors, etc.

Our first test implementations for these new libraries will be Zom for
the direct updates, and Ripple and Location Privacy for the F-Droid
update channel.

Objective 5 Usability Research on In-country Developers

The results of the survey have been compiled, and the public report is
nearing completion. We ran user tests of the fdroidserver tools in a
handful of locations. We were unable to run the tests in Eastern
Europe as we had hoped.

Bazaar2 Monthly Report - March 2017

Added by hans about 1 month ago

Finally, after many months of doing behind the scenes plumbing, we now have a steady stream of very visible progress. The big news is that we launched our first client app alpha of the totally new user experience, after an intense development sprint. You can get it now in F-Droid by finding F-Droid in installed apps, and then selecting version 0.103-alpha from the list.

+ Implemented totally new designs for the Categories/Main/Updates screens
+ Better support for offline usage of F-Droid
+ Drastically improved workflow for bulk downloads + updates
+ New support for screenshots, feature graphics, and localized descriptions

We had a good meeting with Fairphone at their lovely Amsterdam office, and nailed down a plan to get F-Droid integrated in Fairphone Open OS, which can be installed on any Fairphone2. They are also working on shipping Fairphone OS devices directly. From Fairphone, we learned about which already includes F-Droid as its app store. Uhuru provides an open source “Mobile Device Manager” service which will integrate nicely with the F-Droid Repomaker service being developed from the “2 Curation Tools” effort.

There was also a lot of presentation activity in March. Torsten and Seamus attended the Internet Freedom Festival. Hans presented F-Droid at the Android Security Symposium ( and RightsCon, and attended Tor Dev Meeting and Iran Cyber Dialogue, where F-Droid was a topic of discussion. Seamus was also at Iran Cyber Dialogue and RightsCon.

At the Android Security Symposium (, there were lots of related discussions at the various private meals for the speakers, which included key security people from Google, AT&T, universities and private security research companies. There was agreement that the most effective single security measure is limiting access to what apps can be installed on the device. We agree, and are working to support this kind of setup, since it will be very useful for lots of high risk users. This is the same model used by Copperhead, Uhuru Mobile, Fairphone Open, and many DIY projects. To make this possible, the essential part is giving organizations control over the apps that they make available, and making this as easy as possible to manage.

Also, Nico Alt has joined us working on F-Droid as part of the Bazaar2 funding. He's a long time F-Droid contributor, working on the client, leading up the new forum, and the new website design.

Objective 1 Simple multi-pronged distribution

The new “binary transparency log” feature is now available. The idea is to publish an append-only log of all the binaries that an update system has published. Then anyone can check that the binary that they received on their device matches the official list based on hash. This feature has two parts:

1. Any F-Droid repository can make its own binary transparency log directly when `fdroid update` runs. This first example of this can be seen here:
2. Anyone can point the new `fdroid btlog`command at any F-Droid repository to make their own local log. This is designed to be run often so it will stay updated. Here is the first public version of a version we had running privately since 2014 that was pointed at

Other interesting tidbits:
  • Reproducible builds bug in the Android SDK bug reported by us was officially confirmed Google is interested in reproducible builds these days, and seems to be fixing them.
  • The F-Droid server tools now support fully localized app metadata, including screenshots, feature graphics, and descriptions.
  • A full Android SDK is now included in Debian Stretch, so you can `apt install android-sdk`
  • We have preliminary free software Android emulator images that we aim to ship, since Google now only ships proprietary Google Play images. This makes it easy for people to develop using only the F-Droid stack:
  • F-Droid server tools can now automatically upload releases to Android Observatory and VirusTotal. These services generate lots of useful indexes for discovering and tracking malware.

Objective 2 Curation Tools for Organizations

The first functional prototype of Repomaker (, the current name for the web tool building built to make it easy for anyone to build and manage F-Droid repositories. Here is a video of the prototype in action: There is also a video of the design prototype:

We are also looking at the Flyve Mobile Device Management software since it provides some complementary and some overlapping functionality. It looks like the full source is available. It is also a web app, but written with PHP rather than Repomaker’s Python. The source is here: and a free demo is available here:

Objective 3 Modern App Store with Built-in Circumvention

In March, the new user experience was mostly completed and is now available as an alpha release: 0.103-alpha. In addition, there were some additions to the UI which were implemented in response to the two user tests that we ran, one in Texas and the other in Vienna. F-Droid client now has much better support for the following, long awaited features:

  • Bulk Download: The previous stable release of F-Droid had rudimentary support for downloading multiple apps at once. However the feedback to the user was incomplete and it was prone to forgetting that a user had downloaded some apps (e.g. if they close F-Droid and come back later).
  • Now there is first class support for viewing the status of each download in one location, the "Updates" tab. This also includes all of the apps which
    can be updated, and will make it easier in the future to show other important information about each app (e.g. if security vulnerabilities are found, or if an app has to be removed from the repo).
  • Offline queue for download: One thing F-Droid can do that other stores cannot, is to let the user browse through apps while offline. Now, users are notified that they are using F-Droid without internet access. As they view apps, they are prompted to "Download later" which puts apps in a queue, to be shown in the "Updates" tab. This queue is automatically downloaded when they next come online. This feature is completed, but not yet merged into master.
  • The totally overhauled website is nearing launch. We have the full website built now using the Jekyll static site generator. We just need to nail down a secure and automated deploy process. This whole setup makes it much easier to run the F-Droid infrastructure since there will be almost no server-side code running. And it can be flexibly reused in custom app stores based on F-Droid.
  • We polished up the “F-Droid Privileged Extension”, which allows F-Droid to work without Unknown Sources, and do fully automated background updates. We worked with CopperheadOS to make sure that this system works well in the latest Android release, 7.1.1.
  • We submitted a complete patch to FairphoneOS to build and include the F-Droid Privileged Extension into their Fairphone Open builds as the core of the F-Droid integration:
  • We worked with security researchers who work on the CVE system and prototyped a way to support Android/Java libraries in the CVE system so that the automated scanners that we have implemented can use the CVE system as a source of data about known vulnerabilities. This data can then be used downloaded by the F-Droid client app to report known issues with any apps that are installed.

Bazaar2 Monthly Report - February 2017

Added by hans 2 months ago

Now that a lot of the work we have done over the past year is solidifying, we have started to do a lot more to promote it. To that end, there will be lots of activity at conferences around the world, as of February:

  • Peter represented F-Droid at FOSDEM in Brussels
  • Hans at Android Security Symposium in Vienna
  • Hans at RightsCon: “Internet Freedom App Store: we require alternatives to the two gatekeepers”
  • Hans at Iran Cyber Dialogue
  • Torsten at in Havana
  • Peter at in Ho Chi Minh City

There were also some interesting developments from people entirely unrelated to the F-Droid core developers and Bazaar2 development effort.

Objective 1 Simple multi-pronged distribution

We made progress on lots of little details over the past month, and some bigger, long running efforts. First and foremost, we know have an entire build infrastructure based on KVM that can run within a KVM guest (aka “nested KVM”). This setup is now running once a day on This will be the basis of our weekly rebuilds of the entire collection of apps to provide the feedback for working towards reproducible builds for as many apps a possible. Running the whole process from the very beginning each week gives us continuous integration testing for our whole build infrastructure.

  • we started working with libscout to detect library versions in apps. This will allow us to work with CVEs and other data sources for marking known vulnerabilities in libraries. This data is then included in app index metadata, which F-Droid can then use on the device to highlight vulnerable apps to prompt the user to update or uninstall.
  • we worked with a Cuban user group to fix the issues that arose from building an F-Droid app repository from 12,000 APK files.
  • we got our bug fixes integrated into the Debian packages needed to run the build intrastructure

Objective 2 Curation Tools for Organizations

We held a kick-off meeting in order to lay out the design issues and to set the stage for deciding the technical approach of the whole project. We decided to go with a web app over an Android app for a number of reasons, including that it was the most flexible approach. Carrie sketched the basic workflow to get the ball rolling. There is lots more information on the backstory of this work in Torsten’s blog post:

Objective 3 Modern App Store with Built-in Circumvention

The F-Droid Privileged Extension is now shipping with CopperheadOS and Replicant, so those devices no longer need to turn on “Unknown Sources” in order to use F-Droid. This also provides fully automatic background updates. Next steps are to get the Privileged Extension integrated into more devices and ROMs, and to make it easy for all the custom Android ROM developers to properly integrate F-Droid into their projects.

UX Overhaul

We have been working on wrapping up the designs for the improvements in the UX and UI that we are making after the first round of user tests. We will be doing another round of user tests in late March, this time with alpha releases of the real app, to confirm the design, and find and last glaring issues. In addition to the feedback from user tests, we have also received lots of great, unsolicited feedback from the F-Droid community via our issue tracker. While it was extra effort for us to have the design discussions on a public forum, it has paid off due to the quality of the discussions that we had there, including detailed reviews based on the Material Design Guidelines and ideas for handling some of the tricky design problems. This thread is a great of example:

The major design improvements include:

User Testing

I’ve outlined the areas that we’d like to gain feedback on in the next round of tests. The primary UX flows we want feedback on include: users’ ability to update apps, the offline experience, and the experience of searching within a category. We also are looking for feedback on users’ comprehension of the new menu icons, how much they trust F-Droid, and how likely they are to donate to developers.

Objective 4 Partner Deployments

We finalized the design of update libraries in conjunction with the Tibetan partner organization, and signed a contract for it to be implemented by Mark Murphy aka @commonsguy. These two libraries work together to provide alternate paths to app updates:

Objective 5 Usability Research on In-country Developers

The developer survey was completed and translated into Spanish, Chinese, Farsi, and Russian. It is now available at Seamus started the testing and promotion of the survey with the aim to kicking it off at Internet Freedom Festival in Valencia.

Bazaar2 Monthly Report - January 2017

Added by hans 4 months ago

This past month was dominated by organizing the upcoming large development sprint starting in February. This means hiring a number of people to do all the work. We had 20+ applications, lots of email, and 5 interviews. We hired two experienced developers, and 4 part time junior developers.

There were also a few notable achievements in the development work:
  • Completed an automated system for mass-verifying reproducible builds
  • Finalized possible technical approaches for curation tools
  • F-Droid website converted into a app store website toolkit
  • Designed multi-language survey about developer challenges
  • Designed user test of the developer tools and documentation

The first results from the user research into developers have been published:

Objective 1 Simple multi-pronged distribution

We now have automatically building the latest apps and testing whether they are reproducible. We are up to 59 apps that can be built reproducibly using the F-Droid tools. To see which apps, search for “verified” on Now that we have a mass rebuild process running automatically, the next step is to focus on some more important apps in order to fix the issues preventing them from being rebuilt reproducibly.

Objective 2 Curation Tools for Organizations

We hired Torsten Grote, who has worked with Briar Project among many other things, to lead up the development of the Curation Tools. We hammered out all of the technical possibilities and interviewed a number of people with key experience with the target use cases to figure out which is going to be the most useful approach. Since this project is addressing new uses cases for the F-Droid tools, the aim is to figure out which of the more popular use cases that we can address the easiest. This provides us the quickest path to figuring out whether this is a fruitful direction to pursue more after this initial project is complete. With that in mind, we nailed down these key points to guide us:

  • web v. mobile app
  • multi-user support v. ease of maintenance
  • Mobile is better aligned with our technical infrastructure but might not be nearly as useful to the target audience as a multi-user web app that’s easy to deploy

If any of you have ideas about this topic, and what to offer your feedback to help figure out the best direction, please do get in contact with us!

Ultimately, whether the curation tool is a web or mobile app, both will be deploying to web infrastructure like Amazon S3, GitHub, or even a standard web server. So for that, the work going into the website overhaul will provide building blocks for what the curation tools publish. For example, there is now an F-Droid plugin for Jekyll, which makes it easy to include all the data from an F-Droid app/media repository into a custom website. All of these bits got us thinking: in a sense, we are building a toolkit for anyone to build their own Paskoocheh, ASL19’s custom curated “app store” that has taken off recently in Iran.

Objective 3 Modern App Store with Built-in Circumvention

UX Overhaul

There new website is now usable in its prototype form, including listing all apps and a big overhaul of all the documentation. The old manual and wiki were merged into a new “Docs” section, and many pages there were edited and updated. We now have a single overview of the documentation needed for all the various parts of F-Droid.

We will be using this prototype version of the website for the upcoming developer survey and developer tools user test. The feedback from both of those will then guide us in finishing the overhaul of the website.

The new website is now based on a custom Jekyll plugin for working with F-Droid app/media indexes: This plugin allows any Jekyll website to easily use F-Droid app index data, including available apps and media files, all available versions, all descriptive text and graphics, etc.

User Testing

We have been working through all of the feedback from the user tests, and updating the UX designs based on that.

Peter Serwylo was on a well deserved vacation all of January, after finished his Ph.D. Once he returns, he will be increasing his work time on this project to 3 days a week until the end of Spring. Since he’s the main client dev, implementation progress there was slow in January.

Objective 4 Partner Deployments

In China, where there is no single de facto Android app store, it is quite common to directly download apps to install them. The problem there is then there is no automatic update channel. A number of apps that care more about security include automatic updating directly in the app. But this is in conflict with the Google Play Terms of Service. From the feedback that we received from Tibetan partner, we are putting together two libraries to help with this problem. First, the F-Droid tools provide the essential architecture, then we just need to rebundle this to work as a standalone updater. This design is also based on feedback from people at Google to make sure that the library’s updating process complies with Google Play’s Terms of Service so that projects can embed it in their apps without worrying about whether their apps will be kicked out of Google Play for including self-update capabilities. A parallel library directs users towards installing the F-Droid client app to provide the update channel rather than self-updating. Using the F-Droid client app provides central update management as well as a more fine tuned update procedure that includes all of the working circumvention techniques (nearby swap, “collateral freedom” mirrors, Tor support, etc.).

Follow the implementation progress here:

Objective 5 Usability Research on In-country Developers

We began coding and analysis of interviews for the final report, continued work on the design of user tests of the F-Droid developer tools, and completed the design of the developer survey.

Research Report / (Interview Coding)

We began transcribing and coding the developer interviews conducted during this activity. Transcription is nearly complete, and coding has been completed for one third of the interviews. The interviews are being coded to identify similarities and differences between international developer:

• Goals: Why they develop software;
• Needs: What they need to meet those goals;
• Challenges: The things that get in their way of meeting those needs;
• Strategies: The tools and techniques they engage in to overcome those challenges; and
• Networks: The people they interact with who support, or thwart, the above.

Analysis of the interviews will be completed in the early half of February. Writing will begin upon the completion of analysis. Once survey data has been collected (middle of march) that data will be Incorporated into the final research output.

User Testing

We completed scoping the activities for UX testing during the last month. UX testing will focus on the F-Droid developer documentation, setup of an F-Droid binary application repository, and updating an application within an existing F-Droid repository. Fortuitously, there have been recent contributions to the F-Droid website that have provided an opportunity for a restructuring of the documentation. UX testing will be able to test this new documentation before it goes live. The UX testing documentation and technical setup will be completed in the early half of February and testing will be completed by the end of the month.


While survey design was completed in December, unforeseen complications led to delays in translation. Translation is expected to begin in the first week of February. We have also begun collecting quotes from professional translation services in case the current provider is unable to begin the translation process.

Bazaar2 Monthly Report - December 2016

Added by hans 5 months ago

There was some solid progress on the existing efforts, as well as some groundwork laid for the final big development sprint of this project funding. We nailed down the v0.102 stable release of the F-Droid client app, which includes a lot of core improvements. This stable release sets us up for a longer alpha cycle for the next round to support the major overhaul of the client app.

We also started the hiring process to find more contributors to take on more subprojects for the final sprint. This and other Guardian Project job descriptions here:

Objective 1 Simple multi-pronged distribution

The F-Droid package index metadata format was redesigned from scratch in order to support lots of essential new functionality: media and other non-app packages, screenshots, store graphics, and full localization of text and graphics. This is currently implemented, and is very alpha functional prototype.

One of the key issues of this whole project is how to build an app store ecosystem that is as difficult as possible to abuse, even for the people operating the app store or attackers who have gained full control of the app store’s binary repository. Reproducible builds allow anyone to reproduce the binaries served by, and binary transparency makes it possible to track the history of all binaries released. In support of this effort, we attended the Reproducible Builds Summit in Berlin, where we worked with most of the major GNU/Linux and BSD distros, the Google Bazel team, as well as a handful of other projects.

The first public instance of an F-Droid Verification Server,, is now up and running. This is wholly separate build infrastructure that automatically rebuilds all apps published to and then checks whether they match the official release. If they do not match, then it publishes the differences using

Good software update systems should release reproducible binaries, then have an unchangeable record of all releases made. This makes it possible to verify that an app that a device is using is the actual file that was by the update system, and is not an impersonator. At the Reproducible Builds Summit, we also we worked with a couple people who are focused on designing binary transparency systems to put together a prototype of a “Binary Transparency Log” for F-Droid. This is implemented as part of the fdroidserver app store kit, and it will eventually be deployed to, once it is proven stable.

Objective 2 Curation Tools for Organizations

No notable progress on this.

Objective 3 Modern App Store with Built-in Circumvention

The overhaul of the website has begun, led by NicoAlt, a long time volunteer contributor, and fxedel, a new contributor. The core of this work is converting almost the whole site to use Jekyll, a static website generator used by GitHub Pages and many other projects. This also generalized the website so that it can be easily reused for other people setting up their own app stores. This work will make it much easier to update the website’s user experience to match the new client app user experience.

UX Overhaul

There was a major push to get the entire base level of the new UX design implemented at a basically usable level. There is now a very raw but functional alpha of almost the whole new user experience.

User Testing

We reviewed the user testing results from the field tests, and put together a snapshot document with the primary takeaways from all tests conducted in 2016.

Objective 4 Partner Deployments

As part of the new app/package index metadata format, the code for parsing the index metadata on the client side was modularized. This is the groundwork work for a library to allow apps to directly update themselves from the same index file that is used within the F-Droid client app itself. This expands the F-Droid toolset so that it can be used for both of the two major update approaches: an “package manager” which updates all installed apps; and apps that now how to update themselves. This approach also means that apps can seamless use both approaches without having different server-side setups.

Objective 5 Usability Research on In-country Developers

We started designing a user test based on some of the F-Droid server-side tools in order to test the whole process of figuring out issues that arise in developers’ workflows while finding, learning, and using tools for the app development process. This user test is slated to begin in late January.

Bazaar2 Monthly Report - November 2016

Added by hans 5 months ago

In November, we started in earnest implementing the big overhaul of the user experience of the F-Droid client app. That also lead to the beginning of overhauling the server side to provide an updated app index format that supports localization, screenshots and other graphics, as well as synchronizing all the data formats from where apps are initially submitted to (aka fdroiddata) to where they are parsed and included into the index (aka fdroidserver), to finally, the index that the Android app receives and displays to the user (aka fdroidclient).
Objective 1 Simple multi-pronged distribution

Finished development work to support building and distributing “Over-The-Air” (OTA) update ZIP files as part of the whole F-Droid system. This is useful for distributing not only the F-Droid Privileged Extension, which lets F-Droid operate like Google Play, but also other apps that need to run with system privileges, like the MicroG Project’s Free Software replacements for the proprietary Google components of Android. This new build process is already live and working, we are just waiting on the final integration of the publishing procedure:

Media files can be included into F-Droid repos now, the client does not yet install them. The client will fully support downloading media as part of the full UX Overhaul.

Objective 2 Curation Tools for Organizations
No notable progress on this.

Objective 3 Modern App Store with Built-in Circumvention
UX Overhaul

We posted the first alpha version of the new UX as a preview of the overall architecture. The design files were finalized and handed over to the developers. One last piece was added to the designs: a flow for installing an alpha version or older version of an app from the app details view.

The totally new index format to support localization and graphics was fully prototyped and is functional. It will be integrated as soon as the final kinks are worked out.
User Testing
We reviewed the results from the tests executed in Vienna
Prepared the testing plan for Zimbabwe
Made improvements to the nearby design in the prototype
Reviewed screen records from the field tests deployed in Zimbabwe
Objective 4 Partner Deployments
We discussed specific distribution approaches with two potential partners for environments with very limited internet access.

Objective 5 Usability Research on In-country Developers
1.1 Interviews
Mr. Tuohy conducted in-depth remote interviews with eight software developers and technologists from seven different regions where the internet is heavily monitored and filtered. This will make up a majority of the interviews that will be conducted. In total we have interviewed 11 developers/technologists from closed and closing spaces and anticipate one or two additional Interviews before the end of the interview period. While analysis of the interviews will occur over the next month there are some initial findings.

Culture has a deep impact on how developers perceive and respond to the challenges that they face.
In areas where the cost, speed, availability, or censorship of the Internet is a challenge local developers have strategies and technical systems in place for sharing software libraries and documentation among themselves.
Pseudonyms and operational security are the primary strategy used by developers who fear that they will be targeted for the software that they develop.
The lack of localized/translated guidance on software development and developer documentation for security/circumvention libraries are some of the greatest barriers to the development of security and circumvention software in repressive environments.
Local developer access to, and interactions with, members of the international security and circumvention technology communities was commonly referenced as highly valuable by many of the developers spoken to.

1.2 Surveys
Mr. Tuohy is in the process of building a developer survey based upon the initial findings from the interviews. This survey will be short (consisting of at most 25 questions) to increase the likelihood of developers spending their time to fill it out. This survey aims to reach a larger audience of local developers to test if the findings from the survey are broadly applicable. With support from localization lab this survey will be localized to ask about the impacts of censorship and surveillance on developers in a way that is culturally appropriate for a ”non-radical” developer audience and in their local language.

1.3 User Testing
One of the key findings from the interviews was how important it was for software documentation to be easy to navigate and read. Developers around the world often have learned to read technical English as a second language. This language barrier means that developers often can only read english, and do not actively engage in English language development communities. As such, documentation is often the only avenue for these developers to understand if the software meets their needs, and is worth investing time into. Sadly, documentation is often sub-par in the open-source security and circumvention software space.

In response to this we are developing one of the two components of the upcoming user testing to test the ease of navigation and understanding of the F-Droid documentation. The other component of the user testing will explore the process of setting up and using an F-Droid app repository to publish and update existing applications. This testing will be done with technologists who speak English as a second language.

Conducted in-depth remote interviews with 8 software developers and technologists from seven different regions where the internet is heavily monitored and filtered.
The Localization Lab is working with the project to localize survey questions to be appropriate for a broad developer audience in the targeted regions.

Bazaar2 Monthly Report - October 2016

Added by hans 7 months ago

This past month, we ran a bunch of user tests to confirm that existing
parts were working, and to get feedback about the new UX overhaul of the
client app. Overall, we received solid feedback that things are
working, while the studies did point out areas where we have work to do.
At the OTF Summit, Seamus Tuohy kicked off the developer user research
portion of the project. We also had a number of good discussions on
various issues and challenges related to this project.

One realization that came out of the OTF Summit is that the differences
in the various context around the world mean that F-Droid needs to be
portrayed quite differently in each context. For example, in Zimbabwe,
the private local app/media swapping is the most valuable feature since
many parts of the country the internet is unreliable or expensive, but
otherwise people use Google Play and not much else. In China, the
internet is affordable and widely available and most people already use
multiple app stores, but it is often heavily filtered, with specific
sites and services totally blocked. So in Cuba, the local app swapping
is far and away the dominant feature while in China, the circumvention
is the key feature. When all of this is included in a single app, then
communicating what exactly this app is must be strongly tied to the
local context in order for people to effectively understand how it can
be useful to them.

Objective 1 Simple multi-pronged distribution

Media Support

The core “fdroidserver” tools now support adding any arbitrary file to a
repository. This was first done to support videos, e-books, audio,
etc., but it became rapidly clear that there wasn’t a need to limit what
kinds of files are supported. This opens things up for experimentation.
For example, perhaps it would be useful to also distribute desktop apps
via F-Droid.

One clear use case that has developed since this was implemented is for
distributing “Over-The-Air” (OTA) update files. This is the standard
format used to update the core Android OS. Then system updates and
additions can be safely distributed via F-Droid. Currently, there are
lots of lots of people who are downloading additions like “gapps”
(Google Apps) to add on to custom Android OS distributions like
CyanogenMod. These are usually just downloaded from random, insecure
places on the internet. With F-Droid’s new file support, these can now
easily be safely distributed via the F-Droid ecosystem. Follow the
progress of this via F-Droid’s own OTA update, the “F-Droid Privileged

Another potential use for OTA files in F-Droid is for securely
distributing optional system-level software packages comes from Mike
Perry’s “Mission Improbable” project for customizing the Copperhead
Android ROM distribution. Additions that Copperhead do not support like’s free replacements for Google Apps, or even Google
Apps itself, can be included in an F-Droid repository for easy
installation when the user wants. The Android method for managing these
files is based entirely around software updates, so it is not meant for
browsing and selectively applying OTA files.

Reproducible Builds

Finally, the completion of the fully reproducible build process is
within reach. This has been stymied by the difficulties of running a VM
in a VM. We are now quite close to getting fully automated, ground up
build server process that then in turn runs reproducible builds of
Android apps. We set up a new server to serve as the “verification
server” test platform on That will serve as a place to
polish up the verification server so that it is easy for anyone to
deploy to verify any app they are interested in. Follow that work here:

Objective 2 Curation Tools for Organizations

No notable progress on this.

Objective 3 Modern App Store with Built-in Circumvention

UX Overhaul

We ran a couple user tests using a mockup of the new F-Droid client app
UX designs. The tests were run in two southern African countries and
Vienna, Austria. Overall, the new designs were quite well accepted.
Testers navigated the app easily. There were no major issues with
completing the tasks that were given to the testers, including with
nearby app swapping. This points us to the need for getting the nearby
features very solidly implemented so the reality can match these user tests.

In the real world test of nearby app swapping in southern Africa, over
90% were able to successfully swap apps, with WiFi having a much higher
success rate over Bluetooth. The downside is that conceptually WiFi was
more difficult than Bluetooth, since all of the participants thought of
the word WiFi as interchangeable with the word Internet. Bluetooth was
generally understood as only local.

Additionally, we are working on a partnership with Svenja Schroeder of
University of Vienna’s Usable Security lab to run user studies that
highlight the usability issues of software that aims to protect privacy.

Here is the full report and raw materials from the Vienna test:

Final Report:

Task Success Rates/Survey Results:

F-Droid Overhaul User Test Script:

User Test Printout materials:

Implementation Begins

The implementation of the new UX overhaul designs has begun. The plan
is to get the basic user experience working as per the designs, before
moving onto more minute details such as exact
colours/fonts/paddings/etc. The basic UX is now in place for the main
featured apps screen, the categories overview screen, the list of apps
for a single category, which doubles as a general purpose search
interface, and the settings view (which I ported directly from the
current settings view in the old UI).

There are still many things missing which need to be added, most
prominently: * The "My Apps" screen where users can see updates to their installed apps * The "Nearby" screen, which will be a port of the current "Swap" interface * Integrating feedback from the app download process into the app list
screen (e.g. "This app is downloading", "This app can be updated").
Right now it either has an install button or it doesn't.

Some of these will wait until further feedback from usability studies
that we are working on. Some videos of the current implementation are
available here:

New Approaches for Security Scans

We discussed new security scanning approaches with academic security
researchers as part of the ACM CCS conference. In the academic world,
there is a chunk of work going on for doing automatic scans of software
for finding libraries and even specific versions. We plan to use this
information in combination with standardized vulnerability reports like
CVEs to notify users that the specific apps that they have installed or
are seeking to install have known security issues.

We planned out the implementation using some upcoming free software
libraries like LibScout and Alterdroid:

Objective 4 Partner Deployments

We discussed specific distribution approaches with two potential
partners for environments with very limited internet access.

Objective 5 Usability Research on In-country Developers

We kicked off at the OTF Summit with a series of interviews and a survey
to help establish the scope of the research. Over the next two months,
Seamus Tuohy will be conducting interviews with internet freedom
developers from a variety of closed and closing spaces on their
development processes and the challenges they face. This study will
produce guidance, user stories, and/or other information that can be
shared with organizations working on internet freedom issues. It aims to
help them better support developers in closed and closing spaces.

Here are the results of the survey:

We are currently looking to interview individuals with insights into the
challenges of technologists and software developers in places where the
internet is heavily monitored and filtered and/or where developers could
be at-risk because of their work. If you, or someone you know, fits this
description and are willing to participate in a face-to-face, phone or
video conference interview please feel free to reach out to me.

Bazaar2 Monthly Report - September 2016

Added by hans 8 months ago

In September, we completed the redesign of the user experience of the Android client app as well as most of the underlying architectural changes needed. We also worked on some new features in the client as well as more underlying architectural changes on the server side. We started intensive user testing of the new client app design, with more user testing slated for October.

Also, I presented our new, work in the NetCipher library on making Orbot integration easier at Droidcon Vienna, an Android developer conference:

Objective 1 Simple multi-pronged distribution

We have been discussing with developers at Twitter about integrating the F-Droid tools into Twitter’s fastlane, an open source automation suite for mobile developers. Fastlane managing many aspects of deployment including translations, screenshots, release builds, etc. It does not currently provide good signing key management, hardened build processes, or reproducible builds. Since the F-Droid tools do provide those, integrating F-Droid with fastlane makes a lot of sense.

The drozer automatic, dynamic exploit scanning is and running on infrastructure. The final dedicated hardware is in place as part of, and the production setup is almost complete.

We made more progress on generalizing the buildserver, which is a automated sandbox for running the app builds. The buildserver now runs on VirtualBox and KVM, with Docker support sketched out. This provides a key piece of both the reproducible builds, as well as a relatively easy way to run secure release builds. Once this work is complete, we will then be able to run verification builds of all apps on on in order to provide separate confirmation of the official releases on

We still need advice on how best to structure and manage all of the various virtualization approaches, so we’d love to talk to anyone who is an expert on this stuff to give us advice.

Objective 2 Curation Tools for Organizations

No notable progress on this.

Objective 3 Modern App Store with Built-in Circumvention

UX Overhaul

We finalized the client design for the first round, and prepared prototypes for user testing. One thing we’ve learned is that there is some confusion about what F-Droid is among novice users. When preparing the prototype for testing, we considered a simple onboarding experience that will help overcome this issue. As part of that, we also considered the first use of Nearby, and segmented the main view into 2 different views to help people understand what the feature does.

These design updates can be viewed in the prototype. The feedback will help determine what we implement.

F-Droid Tutorials

We’ve created concepts for the tutorial experience and an initial prototype.
- Initial concept:
- Prototype:

User Testing

We are doing user testing in two locations: Zimbabwe and Vienna. In Zimbabwe, the tests were a part of digital security trainings. In Vienna, we are aiming for a general audience for comparison.

Our partners in Zimbabwe did user testing at a trainer’s workshop with the design prototype. We hoped to test the comprehension of the new UI among this population. We are also preparing to do user testing with the same prototype in October in Vienna.

The preparation for these user tests has included:
- Determining a test method and plan
- Creating a survey to gather contextual information from the participants
- Creating and testing the prototype

Objective 4 Partner Deployments

No notable progress on this.

Objective 5 Usability Research on In-country Developers

We have hired Seamus Tuohy to work on the usability research on developers. He will be producing the final published report as well and leading up the research. That work will start at the OTF Summit, where we will be asking for discussions and interviews to help guide the direction of this research.

Bazaar2 Monthly Report - August 2016

Added by hans 8 months ago

The main focus of development efforts in August was on designing the new user experience for the Android client app. We have the design pretty much finalized, and the re-architecture of the software need to support the new user experience has been laid out to be fully implemented in September.

Based on our surveys of Android app stores around the world, as well as feedback from Digital Society of Zimbabwe, we have decided to emphasize some of the aspects of F-Droid that work well when the device is offline. The whole app collection can be browsed and searched without an internet connection. To improve the offline experience, we need to handle offline install requests gracefully.

Objective 1 Simple multi-pronged distribution

Adding dynamic malware scanning to the whole fdroidserver build process is functional and almost complete. It is working on the prototype setup, and we have new server infrastructure run by that will run the dynamic scanning as part of the regular build process for apps that are included in

The fdroidserver tool suite is now available in Windows 10 Subsystem for Linux (aka Bash for Windows):

Objective 2 Curation Tools for Organizations

We started designing some user tests around trainers working with Digital Society of Zimbabwe. They are also helping to run user tests on other F-Droid tools.

Objective 3 Modern App Store with Built-in Circumvention

We finalized the new designs of the main screen and overall navigation through app listing, browsing by categories, searching, etc. We also finalized the design of the notifications related to installs, uninstalls, and background downloads. We decided on a core design pattern of a bottom navigation bar because it provides simple usability with one hand, is compatible with Google’s Material Design guidelines, and matches the navigation design pattern that is dominant in Chinese design.

We determined what recently updated and recently added apps would be displayed, and how to display them based on the artwork they provide (featured image, size of launcher icon), and tested concepts for a default background artwork to use for apps if no featured image is provided.

Layout designs are posted here:
Notifications Design

Field Testing

We worked with Digital Society of Zimbabwe to incorporate user/field testing as part of their regular trainings. We discussed the feedback gained from the first user test in a Zimbabwe trainings and brainstormed ideas for gathering and documenting learnings from the field more effectively.


We hired Hailey Still as a UX Intern to help with user testing and tutorial design. We kicked off work on click through tutorials for installing F-Droid and swapping apps with nearby devices with a discussion of the goals and challenges.

Re-architecting F-Droid client app

The internal database structure of F-Droid client was overhauled to fully support all of the possible states of apps, including multiple source repos, multiple builds, and multiple APK signing keys. The database structure will now allow repositories of varying "priorities" to provide metadata from the same apps. This work will also make it possible to transition apps away from the F-Droid signing key to developer’s own signing key. All together, this means that the F-Droid client app will be able to make better decisions about what to show the user, leading to more useful security alerts.

Objective 4 Partner Deployments

We designed a set of tools based on the F-Droid infrastructure that allows apps to have miniature, embedded “featured app” collection that also allow direct installation. One key example of this idea in action is the Tibetan keyboard for Android, which recommends other apps that also support Tibetan well. The library that we will build to support this will also work well for creating apps that can directly update themselves, with or without the F-Droid client app installed.

Objective 5 Usability Research on In-country Developers

We worked out how much of a physical presence we need in order to effectively gather information on developers who feel targeted. We started work on a plan for which countries would be most useful and most feasible to visit in order to conduct user research on developers.

Bazaar2 Monthly Report - July 2016

Added by hans 10 months ago

July was a busy month for new partnerships and people. The partnerships spread F-Droid to more users and use cases, while building a community that relies on F-Droid and is invested in its maintenance. The new people expand the work we are currently doing: now that we are nearly complete with the large architectural changes, we are starting the big overhaul of the user experience.

  • F-Droid was chosen as the app store for new partnership deal between Copperhead and SaltDNA, a startup to build a secure messaging platform.
  • We signed a contract with Blue Jay Wireless, a small telecom in the US, to develop two new core features.
  • Carrie Winfrey joins us again to lead up the user experience work on the F-Droid client app. She previously lead the UX for the app swapping work.
  • Brennan Novak to lead up the usability research and work around the user experience for Android developers.

Objective 1 Simple multi-pronged distribution

We now have the drozer setup automated and triggering based on the fdroidserver build process. Drozer actually runs the app in an emulator and probes it for vulnerabilities. Drozer can run pre and post build for F-Droid. Depending on how you'd like to proceed with reports (if an app fails the scan, should it be allowed to be built etc?) we can switch the workflow on the fly - that's the beauty of using Docker for this. Once we get it all integrated, we can start scanning all apps distributed by To start with, the Drozer reports will be shared privately, so we can manage when found exploits get divulged. Ultimately, we aim to have this information fully public.

Blue Jay Wireless has setup their own custom app store based on the F-Droid client app and developer tools. They have hired us to develop two chunks of functionality they need, which also help us with the Bazaar2 goals of developing tools for trainers and organizations to deploy apps, as well as to get app usage data in a privacy preserving way so that F-Droid can show how popular apps are without privacy concerns. The first is end user controllable “push” install/uninstall of apps, which can be used in trainings to easily setup people’s devices. The second is an opt-in “popularity contest” that provide counts of installs, uninstalls, and install failures without linking the data to the user. The provides user generated app ratings.

Objective 2 Curation Tools for Organizations

  • DigiSoc ran a training in rural Zimbabwe where they were user-testing F-Droid app swapping to get apps to trainees in places where the internet is constrained.
  • Now that Blue Jay Wireless is funding the development of push installs and user-generated popularity data, we have shifted the design goals of these tools around what those features can provide. For example: a trainer can setup a custom collection of apps and media, then enable the push installs. She copies the collection to a portable device, like a phone or a LibraryBox. The trainees connect and accept the push install opt-in. The trainer’s apps and media are automatically installed on the trainees’ phones. The trainer can track progress by seeing if the successful install count matches the number of trainees.

Objective 3 Modern App Store with Built-in Circumvention

Data Model Overhaul

This month the focus of development was on overhauling how all of the app store data is represented in the client app’s database. In addition to adding support to media, the new data model lets F-Droid represent lots of various edge cases in a much clearer and usable way. For example, it will now handle when an app has updates available that are signed by different keys. These changes to the database are nearing completion, many of them have been merged into production, and the last few should be merged in over the coming month.

UX Overhaul

We also have been focused on the UX overhaul of the main app store experience. The UI related meetings have taken place with Carrie, Hans, Mark, and sometimes others. In addition, other regular F-Droid contributors have provided valuable feedback on the issue tracker in response to these meetings. As such, the UI design from Carrie is now approaching something which is ready to implement. It is looking like we will be able to start working on implementing this UI in August. You can join in the conversations here:

Streamlined Install Process

The new install process has been incorporated in v0.101 alpha builds, and we have been receiving feedback and bug reports from testers. This install process covers both scenarios how F-Droid is installed: as a third-party app store installed like an app, or like a built-in app store that is included in a device or Android ROM by default (for example, you can buy a device from Copperhead now with F-Droid built-in In addition to fixing bugs, we added automated tests of the install process.

Objective 4 Partner Deployments

We had more conversations with Storymaker about their needs.

Objective 5 Usability Research on In-country Developers

We have hired Brennan Novak to lead up this research and to work on developer user experience in general for this project. Brennan has worked on Mailpile, Qubes, Transparency Toolkit and more as both a UX Designer and a developer, so we think he’s uniquely qualified to do this research.

1 2 3 ... 5 (1-10/49)

Also available in: Atom