Every app on Google Play is screened for malware — in theory — but Google also uses the Play Store as a data collection platform. Every app installation, every rating, every search query is logged under your Google account. Many Play Store apps include proprietary SDKs for analytics, advertising, and crash reporting that send data to third parties without your meaningful consent.
F-Droid is a free and open-source app repository for Android that only hosts apps with fully auditable source code. No account required, no tracking, no closed-source SDKs. If an app is in F-Droid’s main repository, every line of its code is publicly available for inspection.
What Is F-Droid?
F-Droid is both a repository of free and open-source Android applications and a client app that manages installation and updates. Unlike Google Play, F-Droid:
- Requires no account or login
- Builds apps from source code itself (reproducible builds where possible)
- Flags apps that contain anti-features: ads, tracking, non-free dependencies, proprietary assets
- Applies no tracking to your app usage or installation history
- Lets you add third-party repositories (repos) from other trusted sources
The trade-off is that app updates arrive more slowly than on Google Play — F-Droid must receive, build, and sign each version, which can take days or weeks after a developer publishes a new release.
How to Install F-Droid
F-Droid is not on Google Play (naturally). You install it as an APK directly from the official source.
- On your Android device, open a browser and navigate to f-droid.org
- Tap Download F-Droid
- When prompted, allow installation from this browser (Settings → Special app access → Install unknown apps)
- Install the APK
- Open F-Droid — it will update its repository index on first launch
Verify the APK (recommended): F-Droid’s APK is signed with a known key. The fingerprint of the F-Droid signing certificate is published at f-droid.org/en/about/. On a desktop, you can verify:
apksigner verify --print-certs fdroid.apkCompare the SHA-256 certificate fingerprint to what is published on the site.
Adding the IzzyOnDroid Repository
The official F-Droid repository is conservative — apps must meet strict criteria before inclusion, so many newer or less-mainstream apps are not there. IzzyOnDroid is a well-respected third-party repository maintained by a trusted community member (Izzy) that hosts a much wider selection of FOSS apps, often with faster update cycles.
Add IzzyOnDroid to F-Droid:
- Open F-Droid
- Go to Settings → Repositories
- Tap the + button
- Enter the repository URL:
https://apt.izzysoft.de/fdroid/repo - Enter the fingerprint:
3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A - Tap Add and then update the repository index
With IzzyOnDroid added, you have access to hundreds of additional FOSS apps.
Best Privacy Apps Available on F-Droid
Communication
- Signal — end-to-end encrypted messaging (available via Signal’s own repo, not main F-Droid)
- Briar — encrypted mesh messaging without central servers
- SimpleX Chat — no user IDs, strong metadata protection
- Session — decentralized, no phone number required
- Element — Matrix client for federated, encrypted chat
Browsers
- Mull — hardened Firefox fork, privacy settings pre-applied
- Fennec F-Droid — standard Firefox without proprietary bits
- Tor Browser — available via Guardian Project repo
System and Utilities
- Shelter — create an isolated work profile for untrusted apps
- RethinkDNS — DNS filtering, firewall, and VPN combined
- NetGuard — per-app firewall using Android’s VPN slot
- TrackerControl — block trackers in apps network-wide
- Warden — detect and opt out of tracking libraries in installed apps
- K-9 Mail — powerful open-source email client (now the basis for Thunderbird on Android)
- FairEmail — feature-rich, privacy-aware email app
Privacy and Security
- Aegis Authenticator — open-source TOTP 2FA app with encrypted backup
- KeePassDX — local password manager (no cloud sync by default)
- Bitwarden — open-source password manager (available in F-Droid via their repo)
- OpenKeychain — PGP key management for Android
Productivity
- Nextcloud — client for self-hosted cloud storage and collaboration
- Joplin — open-source note-taking with end-to-end encryption
- Orgzly — Org-mode notes for Android
F-Droid vs. Google Play: An Honest Comparison
| Feature | F-Droid | Google Play |
|---|---|---|
| Account required | No | Yes (Google account) |
| Source code required | Yes | No |
| Tracking of installs | None | Extensive |
| App anti-feature labels | Yes | No |
| Update speed | Slower | Fast |
| App selection | ~4,000+ apps | Millions |
| Paid apps | No | Yes |
| Build reproducibility | Improving | No |
| Malware screening | Source-level review | Binary scanning |
For privacy apps specifically, F-Droid’s selection is excellent. The main gap is popular mainstream apps (banking apps, major social media, games) that simply do not exist in FOSS form.
Aurora Store: Access Google Play Without a Google Account
F-Droid bundles a link to Aurora Store, which is also available directly in F-Droid. Aurora Store is an unofficial Google Play client that lets you download free apps anonymously using shared throwaway Google accounts (maintained by Aurora Store’s servers) or your own account.
This means you can get apps that only exist on Google Play — like banking apps or certain games — without signing into a personal Google account on your phone.
Install Aurora Store from F-Droid, then use Anonymous session to browse and install Play Store apps.
Configuring Automatic Updates
F-Droid can automatically download and optionally install updates.
- Open F-Droid → Settings
- Under Updates:
- Enable Automatic update check — set to daily or weekly
- Enable Download updates automatically — downloads updates in background on Wi-Fi
- Enable Automatically install updates — installs them without your manual confirmation (optional)
- Under Network:
- Check Only update over Wi-Fi to avoid mobile data usage
For apps with privileged extension (F-Droid installed as a privileged system app, as on CalyxOS), updates install silently in the background like Play Store updates.
Using F-Droid Over Tor
F-Droid’s HTTP traffic (repository metadata and APK downloads) can be routed through Tor using Orbot:
- Install Orbot from F-Droid (Guardian Project repo)
- Enable VPN mode in Orbot
- Add F-Droid to apps routed through Tor in Orbot settings
This prevents your network-level observer from knowing which apps you install.
F-Droid is the foundation of a genuinely private Android app ecosystem. Start with F-Droid, add IzzyOnDroid, install the apps listed above, and you have a phone that works hard for you without working against you.