I have switched everything to privacy alternatives is it safe to delete my Google account or is it needed for some android features also if I delete my account does Google delete all my data if not, can I request the deletion of my data under the GDPR


“Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards.” This is what PrivacyGuides says. Also you have Appverifier integration in Obtainium which verifies signatures or smth, I know it’s a lot better than comparing hashes
there were several statements in that article that lead me to believe it wasn’t revised in many years. yes, they had some difficulties just a few weeks ago, but otherwise that doesn’t occure often anymore. also they are working on replacing the build system with something better, if google does not kill them first
trust is not in package IDs, should never be. packge IDs can be easily “faked”. trust should be in the apk signature. sometimes not even that, like with google play, where the keys are handled not by the developer but by google.
but yes, they do reuse package IDs, because they cannot patch every app that does not provide an fdroid build variant, doing so could break apps. what it causes today is that you can’t have installed the fdroid version and a different version of the app.
and since f-droid focuses increasingly on reproducible builds, as they have been doing for the past few years, apps that are built that way are not even affected by this, because users get the file that was built by the original developers.
I disagree. the play store allows and recommends lots of malicious apps.
so those apps must be made inaccessible to all users, right? NO! these apps should have a warning, not being deleted!
this?
contrary to f-droid’s build system it does not look for fishy things in the APK, it just checks whether the app was built by its expected developer. that’s what the apk signature can be used for.
sometimes it’s useful, like if you get the apk file from wherever, except when the developer’s signing keys are handled by google, because then google can release altered versions that still pass the verification. but it does nothing to check whether it has tracking components that would be rejected by f-droid.
thats what appverifier exactly does. it compares the hashes of the apk’s public signing key with a known good value.
I see, I’ll admit I’m not very knowledgeable on this, I thought appverifier was better than normal hash comparison
no worries, everyone must start somewhere, and not everyone has the time to look up these things.
Thanks, your previous response was very well put