In case of f-droid, it’s follow more the Linux distro phylosopy, where the binaries are build and offered to you not by the developer but by distro/repository maintainers people.

You can add your own repository or use your friend repository or use f-droid ones.

In case od f-droid repository, to get app published your app need to adhere to rules one of them is that the code need to be public so the repo maintainers can build the app from it.

Comparing it to play store where the app is build and sign by the developer without making the code public, in turn making it almost impossible to know and follow what the app is doing.

So its a matter of trust.

For some apps I would rather install them from f-droid as I have higher confidence that someone looked at it if the app is not harmful or leaking my private data. For other apps like Banking apps I would rather install them from Aurora store where I dont know what the app is doing but I trust more to protect my money than some random dude on internet. And if bank does something bad I will sue them or just stop using their service.

Your options are building from source, downloading dev apks, or using an app store. If you can’t trust anyone, then you need to build from source

Fdroid is the best of the app stores, they are always trying to stay ahead of the curve when it comes to privacy, security, and trust

Reproducible builds are the standard for FOSS trust, see this article for an overview. They close the gap between app stores and dev apks

Fdroid are constantly working to increase the prevalence of reproducible builds, and to enable you to verify more so you have to rely less on trust

Wrong, F-Droid is and has libre software. We control it.

Meanwhile, GrapheneOS has Accrescent spreading software which fails to include a libre software license text file, software we do not control, dangerous!

Tech talk is a confusion strategy to derail us normal people and ‘open source’ is another. With it, their scam cannot get more blatant.

Warning, Accrescent from the GrapheneOS Store tries this and so does Privacy Guide, smuggling it mixed in with good information. It is one of the few ways they have to trick us.

Can we use GrapheneOS with F-Droid and without Accrescent? Yes.

Obtainium does nothing to check apps are libre software. Aroura Store spreads anti-libre software.

Some of the technical info flew right over my head in the first article. What I took from the piece is that he has valid points so far as I can see and understand it. I would say nevertheless the author was a bit biased as well. And it’s 3 years old. It may still be accurate, IDK.

I use F-Droid and have been for a while and I’m not aware of any issues this could’ve caused me. But I’m also not using it for essential systems. Not for browsers, VPN, etc. I have downloaded games, a couple of notes apps, that sort of thing. I would never recommend you get all your apps from there. It’s an addition to Google or your usual poison.

Security experts will never be happy; that’s their job. The author is also talking about your threat model. Are you okay with certain risks? The truth is also that somebody could screw you over on Google Play. It may be less likely comparatively but not impossible. So you try to jump from rock to rock hoping no alligator catches you. So far no alligator got me.