mirror of
https://github.com/bitwarden/android.git
synced 2026-03-11 20:54:58 -05:00
F-Droid Support #6
Closed
opened 2025-11-07 08:22:08 -06:00 by GiteaMirror
·
104 comments
No Branch/Tag Specified
main
fix/PM-33394-throwable-extensions
fix/PM-33394-sync-unlock-error
sdlc/sdk-update
PM-24380/flight-recorder-redact-hostname
release/2026.3-rc48
claude/android-implementer-agent
PM-26577-app-links-support
PM-26896-autofill-fix
renovate/lock-file-maintenance
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
vvolkgang/process-release-notes-v2
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
claude-skill/creating-feature-flags
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#6
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @cwmke on GitHub (Oct 10, 2016).
Any chance of adding this to F-droid?
@kspearrin commented on GitHub (Oct 12, 2016):
I am not sure if it is possible to support f droid (never heard of it until now, im an iOS user) with Xamarin. Anyone know? I couldn't find anything on it.
@cwmke commented on GitHub (Oct 13, 2016):
Here's their developer documentation.
https://f-droid.org/wiki/page/FAQ_-_App_Developers
@kspearrin commented on GitHub (Oct 14, 2016):
I still do not really understand what you have to do to make the app work on f-droid? Is there some store I have to submit to?
@nikaro commented on GitHub (Oct 15, 2016):
Last time i looked you just needed to have a repo with reproducile build, and submit a message on the forum to say you want your app to be added.
@IzzySoft commented on GitHub (Nov 8, 2016):
@kspearrin if you'd just attach the
.apkto yourreleases/, I could pick them up and add them to my repo, which is compatible with the F-Droid client. After the initial add, my auto-updater would fetch the next releases automatically within 24h usually. If your app finally makes it into the official F-Droid repo, and you want me to remove it from mine, just drop me a note.@kspearrin commented on GitHub (Nov 8, 2016):
@IzzySoft I'll start doing that with the next release which should be very soon (maybe tonight).
@kspearrin commented on GitHub (Nov 8, 2016):
@IzzySoft When you say
releases/, are you wanting me to create areleases/directory inside the actual repo master branch root or are you wanting me to just attach the binary to the published release & tag (i.e. this page https://github.com/bitwarden/mobile/releases/tag/v1.0.0).@IzzySoft commented on GitHub (Nov 8, 2016):
@kspearrin the latter is preferrable, as described here. And thanks a lot!
@kspearrin commented on GitHub (Nov 9, 2016):
@IzzySoft https://github.com/bitwarden/mobile/releases/tag/v1.1.0
@IzzySoft commented on GitHub (Nov 9, 2016):
@kspearrin There you go: https://apt.izzysoft.de/fdroid/index/apk/com.x8bit.bitwarden
Once F-Droid itself picked up and your app made it into the main repo, just drop me a note if you want me to remove it from mine again (e.g. to avoid confusion, as F-Droid compiles from the source and signs with their own key, one cannot cross-update between the two).
PS: Please note that other than F-Droid, I don't keep an "archive" of old versions. My usual policy is to reserve about up to 20M per app – so apps with 6M or less have a history of 3 versions (aka "max history"). As the bitwarden
.apkis already 21M, my repo will just always have the latest version. But that should be fine: in those rare cases where someone might need an older version, that can be picked fromreleases/here now :)With the initial
.apkadded, updates should be picked up now within ~24h of their release (i.e. after you've created the tag and attached the file). Enjoy :)PPS: Please note the VirusTotal link. Looks like a "false alert" (just triggered by 1/56 scanners), but just in case. Not that many hits if you search for it, and always only one and the same engine reporting it. If it were real, it'd rather look like this report :)
@kspearrin commented on GitHub (Nov 9, 2016):
Great. Interesting about the virus alert. I have no idea what W32/VBNA.alxm is.
@IzzySoft commented on GitHub (Nov 9, 2016):
As far as my search went, it's supposed to be some worm usually shipping with Windows executables. IMHO a "false positive" caused by a too broad pattern matching on some signature. That's why I usually resubmit those
.apkfiles for a rescan a few days later. Often clears the flag as the engine's signature database had been updated meanwhile.@kspearrin commented on GitHub (Apr 25, 2017):
Submitted again here: https://gitlab.com/fdroid/rfp/issues/114
@walrus543 commented on GitHub (Apr 26, 2017):
@kspearrin bitwarden won't pass due to non-free dependencies. There are important differences between an open source app and a free/libre and open source app.
Inclusion Policy
@kspearrin commented on GitHub (Apr 26, 2017):
I'm a little confused. What non-free dependencies do we have?
@walrus543 commented on GitHub (Apr 26, 2017):
Google Analytics at least.
@IzzySoft commented on GitHub (Apr 26, 2017):
@kspearrin According to LibRadar (used with my repository to check what libraries are contained), I see e.g. Google Mobile Services. Guess that's what AppBrain's scanner reports as Google Cloud Messaging (GCM)
@Primokorn Google Analytics wasn't detected by either of the two. Are you sure?
@walrus543 commented on GitHub (Apr 26, 2017):
@IzzySoft https://github.com/bitwarden/mobile/search?utf8=%E2%9C%93&q=analytics&type=
https://f-droid.org/wiki/page/Antifeature:Tracking
And I'm not sure if HockeyApp is allowed.
@kspearrin commented on GitHub (Apr 26, 2017):
Ok. I guess I misinterpreted the definition of free here.
Google Play Services is also required for other functionality in our app like sync push notifications (GCM).
@walrus543 commented on GitHub (Apr 26, 2017):
Yes "free" doesn't mean "gratis" in this context
https://www.gnu.org/philosophy/free-sw.en.html
@kspearrin commented on GitHub (Apr 26, 2017):
Closing since this doesn't seem possible.
@IzzySoft commented on GitHub (Apr 26, 2017):
@Primokorn Oh. Beat me. I was just wondering that neither AppBrain nor LibRadar mentioned that. Thanks for the pointer, need to update that in my repo description then (adding the AntiFeature).
@cwmke commented on GitHub (May 5, 2017):
Thanks for taking the time to look into this.
@IzzySoft commented on GitHub (May 9, 2017):
@kspearrin Any reason why you stopped attaching the
.apkto the corresponding releases? Without that, I cannot keep it updated in my repo 😸@kspearrin commented on GitHub (May 9, 2017):
Just forgot. Updated now.
@IzzySoft commented on GitHub (May 9, 2017):
Thought so 😸 Thanks, should be picked up then tonight.
@mr-gosh commented on GitHub (Oct 23, 2017):
We tried that too in the past and it really just works, if the app has functionality without the presence of the play store API for example...
if some things work but not everything it still can be submitted - but will get some "anti-feature" badges - which is ok...
...its a store for people who don't want to use a playstore account - are at least they want the ability to use the app without that...
@NanoSector commented on GitHub (Nov 14, 2017):
Sorry for necrobumping this, but would it perhaps be possible to make a Libre build that goes into FDroid without the Google dependencies? I know Fasthub does this.
Especially now with Google crippling apps using accessibility features this might be something to look into...
@kspearrin commented on GitHub (Nov 23, 2017):
I'll re-open this as an option to look into for building the app without the Google library dependencies, albeit with some reduced functionality.
@walrus543 commented on GitHub (Nov 23, 2017):
@kspearrin Which features couldn't be included without Google dependencies?
@kspearrin commented on GitHub (Nov 23, 2017):
Push notifications is the main thing that will be missing.
@kspearrin commented on GitHub (Jan 10, 2018):
I have now created a build that strips all Google and HockeyApp libs from the application while still maintaining a functional app. Push notifications for instant updates are now gone so you'll have to manually keep the app in sync (it should still automatically sync periodically though).
A special
apkfor F-Droid is now generated by our CI system and attached as artifacts to each build here:https://ci.appveyor.com/project/bitwarden/mobile/build/artifacts
Anyone know of a tool (apk scanner?) I can use to verify that no Google or HockeyApp bits are still present in the F-Droid apk? Is there something the F-Droid people uses to verify all of this?
Then I guess we can now open the F-Droid repository request again.
@IzzySoft commented on GitHub (Jan 10, 2018):
@kspearrin As soon as those changes reflected in the APK on the
releases/that go to my repo, you could check this here (might not be complete – but it showed those libraries for previous builds). Unfortunately, current builds failapkchecker:which might be a show-stopper if you plan to go for "reproducible builds" (
KnownVuln). In my repo I've configured to permit for MD5 and only have fdroidserver place the corresponding AntiFeature (it does that automatically then).@kspearrin commented on GitHub (Jan 10, 2018):
@IzzySoft any way I can easily run your tool without doing an official release?
@IzzySoft commented on GitHub (Jan 10, 2018):
@kspearrin Guess it will take a little to set that up. I use a combination of multiple tools to make sure I catch as many libraries as possible. LibRadar does the main part, but I further evaluate Smali output captured from ApkTool. Nothing you'd be likely to finish before your coffee gets very cold, sorry.
@IzzySoft commented on GitHub (Jan 10, 2018):
PS: thinking aloud, @kspearrin – if I had the file, I could run the check manually and just skip the "publish" step. Your app is in my repo anyhow, so everything is set up for it 😉
@kspearrin commented on GitHub (Jan 10, 2018):
@IzzySoft You can download the fdroid apk from here: https://ci.appveyor.com/project/bitwarden/mobile/build/artifacts
@IzzySoft commented on GitHub (Jan 10, 2018):
@kspearrin I've picked
com.x8bit.bitwarden-fdroid-1270.apk. It still shows all those libs (Firebase, GMS, GA). Did you remove the components, or replace them by "stubs"?@kspearrin commented on GitHub (Jan 10, 2018):
They are suppose to be removed completely. Hmm...
@IzzySoft commented on GitHub (Jan 10, 2018):
Not according to the Smali output. Small excerpt:
@kspearrin commented on GitHub (Jan 10, 2018):
Does HockeyApp show?
@kspearrin commented on GitHub (Jan 10, 2018):
@IzzySoft I see the problem. Thanks.
@IzzySoft commented on GitHub (Jan 10, 2018):
Let me know then when I should do another run, @kspearrin 😉
@kspearrin commented on GitHub (Jan 11, 2018):
@IzzySoft Can you please try the latest CI build now? https://ci.appveyor.com/project/bitwarden/mobile/build/artifacts
@IzzySoft commented on GitHub (Jan 11, 2018):
If size is an indicator, this already looks promising (lost some "weight"). Smali looks good, cannot see those dependencies anymore (any reason for those obfuscated md5 hashed library paths like
smali/md500032558e65d65a9fc0bf95666812307?). Just one candidate is left according to my scanner bundle: GMS. As I cannot see that in the Smali output, it must be the call analysis done by LibRadar (those MD5-Paths could be obsuced GMS libs) – or a false positive.TL;DR: I'd say you could approach an F-Droid maintainer now (at least if you know what those obscured paths are and they are not GMS). If there's really "a trace left", they are likely to find it. Or confirm it's clean.
@kspearrin commented on GitHub (Jan 11, 2018):
@IzzySoft I'm not sure what all those md5 hashes are honestly. Not sure where the "GMS" flag is coming from. Can't locate anything myself in the APK.
Thanks.
@IzzySoft commented on GitHub (Jan 11, 2018):
Glad to read it was not you intentionally then 😉 Maybe you could compare the list of libraries my scanner detected to the ones you know you're using – so we might guess the culprit? Such obfuscations often rise suspicions, so they are best avoided especially if one cannot explain them.
Must be something inside those obfuscated parts, or we'd see it in the Smali output. Unfortunately you're not using Gradle, or I'd cross-check that myself (I'm not an Android dev, so I'm not familiar with all aspects of programming there). What my scanner-collection detects you can see in the "Libraries detected" section here. If there's anything you use that's not listed there, that might be the obfuscated part / the part where GMS is "suspected".
@kspearrin commented on GitHub (Jan 11, 2018):
We're not intentionally doing any kind of obfuscation here so I am not sure where it could be hidden.
@IzzySoft commented on GitHub (Jan 11, 2018):
No, that was my conclusion, too. That's why I suggested if you might check the list of libraries shown in my repo and see which one is missing (i.e. not detected by my scanners), so we might get an idea what that could be. If only for curiosity.
@kspearrin commented on GitHub (Jan 11, 2018):
Known, still there:
Unknown, presumed still there:
Removed (or at least should be):
No idea what those three unknown libs are or why they show up in your scanner.
@IzzySoft commented on GitHub (Jan 11, 2018):
Thanks! Those are the ones listed at my site, so that partly confirmes the detector did right. But did it miss any library you know to use?
@jtrees commented on GitHub (Jan 26, 2018):
Is there a update on this? What's the current status?
@kspearrin commented on GitHub (Jan 26, 2018):
@jtrees Waiting for Visual Studio v15.6 which will include the needed updates to fix the key issue mentioned by @IzzySoft . Once that is resolved we will re-open our submission for F-Droid. Likely sometime in the next month or two.
@IzzySoft commented on GitHub (Jan 26, 2018):
True: makes no sense to reopen without that being solved first. Good plan thus 😉
@kspearrin commented on GitHub (Mar 15, 2018):
15.6 is now available, so we're past that hurdle. We can look into submitting to F-Droid again soon.
@kspearrin commented on GitHub (Mar 21, 2018):
Anyone want to test the new F-Droid release candidate? https://github.com/bitwarden/mobile/releases/latest
Let me know if any issues.
@Sortova commented on GitHub (Mar 21, 2018):
Just found this thread. We're installing Bitwarden today so I'd be happy to test the client on my CopperheadOS phone once we get it up and running.
@IOI-655321 commented on GitHub (Mar 21, 2018):
Just downloaded will be testing this and let you know any issues.
Logged in, set and used PIN, set and used quick tile, set Oreo autofill and tested in duckduckgo privacy browser all fine so far.
@jtrees commented on GitHub (Mar 22, 2018):
I tried it out and didn't really do anything advanced (except for unlocking via fingerprint, which works 👍) but at first glance everything appears to be working.
I'm really impressed at how quickly you took care of this. Look forward to downloading this from F-Droid.
@kspearrin commented on GitHub (Mar 29, 2018):
I have re-opened the request on F-Droid's issue tracker here: https://gitlab.com/fdroid/rfp/issues/114
I am not sure if there is some kind of voting that occurs to get attention to these type of requests, but you can find it there now.
@IzzySoft commented on GitHub (May 29, 2018):
I've noticed you include an
*fdroid*apkin the releases section now. How is that different to the other? Analyzing it, it still yells "GMS, GA, Firebase". No way to get it into the main repo that way.Ooops: See the F-Droid bot just scanned your repo 4 minutes ago and found "0 problems" – hey, null problemo sounds good to me! So how does your
*fdroid*build differ from that? 😕@kspearrin commented on GitHub (May 29, 2018):
The fdroid builds in the releases page are the result of all the past discussion and tests that were part of this issue, which included removing Google and Hockeyapp libraries.
@pgera commented on GitHub (Oct 1, 2018):
@IzzySoft , I see that your f-droid repository packages the regular apk (which would be the same as the play store/yalp version), and not the f-droid variant. Any reason for that ?
@IzzySoft commented on GitHub (Oct 1, 2018):
@pgera Yes. I have no build environment (nor experience), so I just take the APK files provided by the projects. Main intention is to make it easier for end-users to find, install and keep them up-to-date. And in many cases, to have them available that way until they found their way into the official F-Droid repo.
@pgera commented on GitHub (Oct 1, 2018):
I meant preferring com.x8bit.bitwarden.apk over com.x8bit.bitwarden-fdroid.apk, both of which are included under releases in this repo. So I thought the *-fdroid.apk would be more in line with your goals.
@IzzySoft commented on GitHub (Oct 1, 2018):
Funny. My script explicitly specifies the fdroid file. Are you sure it's the wrong one in my repo? Don't get confused by the file names: APK files are always renamed here to
<package_name>_<version>.apk. Replacing it manually now; please let me know if the same happens on the next update, then I'll have to investigate deeper.Though I wonder what difference it makes: even the
-fdroidone comes with GA, Firebase and other trackers. @kspearrin ? That way it never makes its way to the official repo. And honestly, the package size is at 150% of the limit I usually set. That together with the trackers makes me think whether I shall keep it in my repo or not. When I added it about 2 years ago it was exactly on the limit, and only had 1 tracker. Now my scanner shows 3+.@kspearrin commented on GitHub (Oct 1, 2018):
Fdroid build has GA, Firebase, and HockeyApp removed. Nto sure what other "trackers" you are seeing.
@IzzySoft commented on GitHub (Oct 1, 2018):
Strange. Smali says:
Sure you mean "removed" – and not just "disabled", @kspearrin? Just asking, no accusations 😇
@kspearrin commented on GitHub (Oct 1, 2018):
Well, I attempted to remove them completely. Maybe it didn't work. They are definitely disabled though. How do you get that output?
@IzzySoft commented on GitHub (Oct 2, 2018):
It's a by-product of LibRadar (I'm using the V1 branch), which uses Apktool for this. From the code, the command seems to be
Above list basically is an excerpt of the recursive
lsof the output directory.@walkafwalka commented on GitHub (Dec 18, 2018):
What else needs to be done for this?
@Gigadoc2 commented on GitHub (Jan 23, 2019):
It seems that the F-Droid build servers can't build Xamarin Apps yet, so that probably needs to happen first.
@rakshazi commented on GitHub (May 22, 2019):
@izzySoft could you add bitwarden to your repo, please? Seems it missing right now.
@IzzySoft commented on GitHub (Jun 6, 2019):
@rakshazi Nope: I've had it there and explicitly removed it. No bad feelings: but a password manager that comes with (proprietary) trackers is a no-go. And Bitwarden comes with more than one, unfortunately (when I last checked it were at least 4, see above). Though @kspearrin wrote they are disabled, the libraries are still present and thus show up in the details. With them being proprietary it's impossible to ensure nothing of their functionality remained active (and no, I don't suspect "bad intentions" from Bitwarden devs – I just don't trust the proprietary remains).
Further, apart from exceeding the size limit of my repo (20M per app – Bitwarden has 30M+), there're no longer APK files attached to the latest release, so I could not even fetch them would all else fit.
@kspearrin commented on GitHub (Jun 6, 2019):
We include HockeyApp (for crash reporting) and Firebase Messaging (for live sync push notifications) libraries in the apps. HockeyApp is open source: https://github.com/bitstadium/HockeySDK-Xamarin . Parts of Firebase are open source, but I am not sure if their messaging SDK is. I am not sure what other alternatives exist to handle push notifications to the app, which is a critical function for keeping vaults in sync.
As for the app size, v2.0, which is in beta is reporting at about 28MB now. When distributed on Google Play, it is about 14MB.
@rakshazi commented on GitHub (Jun 6, 2019):
Well, f-droid main repo has very strict requirements about such things, but you can create your own repo (like bromite, nanodroid, etc) and serve apks from github pages.
About push notifications - you can create your own push server, like guys from Telegram FOSS Team did - they used non-google server and it does not require any gms components for really smooth work (I use telegram foss as main messenger without gapps at all).
@kspearrin commented on GitHub (Jun 6, 2019):
If someone is familiar with how to host your own FDroid server, I'd be happy to look into setting one up.
@rakshazi commented on GitHub (Jun 6, 2019):
Sorry, never did it before, but found some docs and examples.
@rakshazi commented on GitHub (Jun 6, 2019):
@kspearrin added MR to rfc2822: https://gitlab.com/rfc2822/fdroid-firefox/merge_requests/8
Please, attach fdroid version of bitwarden to latest release, because ci job failed: https://gitlab.com/rakshazi/fdroid-firefox/-/jobs/226804803
@kspearrin commented on GitHub (Jun 6, 2019):
@rakshazi Done.
@rakshazi commented on GitHub (Jun 6, 2019):
ok, it downloaded correctly in last job, so we need to wait for repo owner to merge it.
@IzzySoft commented on GitHub (Jun 6, 2019):
@kspearrin if you prefer GUI, see my article Your own F-Droid Repository with Repomaker. I do not (yet) have one for setting up your own F-Droid Server in the "traditional way", though there should be one in F-Droid docs. That one could be integrated with CI as it can be controlled by command line. Basically, Repomaker includes the required binaries etc. as well (as it uses them as backend). @rakshazi Repomaker is not the "official F-Droid tool" (that would be fdroidserver) – and it does not require setting up a web server (it uses other means for hosting the repo, e.g. Github/GitLab).
As for the dependencies: Firebase Messaging is not open source (or it would be allowed by F-Droid main repo), AFAIK it requires (parts of) GMS. Crash reporting: So what for is GA included? And Google Ads? HockeyApp IMHO is still considered "Tracking", which I do not accept in my repo if it applies to an app dealing with sensitive information (not sure if F-Droid itself would permit it and just label it with the Tracking AntiFeature). Concerning the size: I make exceptions for that, and would make them for Bitwarden if the other issues can be considered "solved".
@kspearrin commented on GitHub (Jun 6, 2019):
We don't use Google Analytics or Google Ads. Google Analytics was removed from the app earlier this year. Google Ads has never been used.
@kspearrin commented on GitHub (Jun 7, 2019):
@rakshazi I had a go at running our own FDroid server via GitHub pages this evening. I was able to get something working as a test. See https://github.com/bitwarden/fdroid
https://bitwarden.github.io/fdroid/fdroid/repo?fingerprint=BC54EA6FD1CD5175BCCCC47C561C5726E1C3ED7E686B6DB4B18BAC843A3EFE6C
Seems to work in my test.
@rakshazi commented on GitHub (Jun 7, 2019):
@izzySoft thank you for explanation
@kspearrin yep, it works like a charm, thank you!
Could you update readme and website with this repo information, please? You can use repo URL with fingerprint for button "Get it on F-Droid"
@kspearrin commented on GitHub (Jun 7, 2019):
This repo is just for testing. I’ll work on getting something together for production now.
@rakshazi commented on GitHub (Jun 7, 2019):
OK, waiting for it :)
Please, update that issue with new information when it will be available
@kspearrin commented on GitHub (Jun 13, 2019):
@IzzySoft Would you mind running your scanning tool on the latest 2.0.x releases to see if they still pick up any traces of Google of HockeyApp libraries on the fdroid apks? I tried implementing some more cleanup operations when building for FDroid and I think I might have resolved the issue.
@IzzySoft commented on GitHub (Jun 13, 2019):
Looks good:
Re-established it in my repo, taking effect with the next sync tomorrow. As before, I'll just keep one version (as usually the per-app limit is 20M and Bitwarden already exceeds that with a single APK). Shall I link to your repo (e.g. for "older versions")?
If you have some more (non-framed) screenshots you wish to have added, please let me know (or if someone else wants to provide them). Considering the minimal screen estate on mobile devices, in my repo I don't want to waste it by "framings" but rather give users a chance to see details 😉
Thanks a lot, @kspearrin!
@kspearrin commented on GitHub (Jun 13, 2019):
@IzzySoft You can download framed and unframed screenshots from here: https://github.com/bitwarden/brand/tree/master/screenshots
Closing this issue now.
Users can get Bitwarden on F-Droid through our F-Droid repo here: https://mobileapp.bitwarden.com/fdroid/
Or use another repo, such as @IzzySoft's.
@IzzySoft commented on GitHub (Jun 13, 2019):
Thanks again! Will pick some from there and add them on my end. Besides: just added your repo to my Unofficial (and incomplete) list of F-Droid repositories 😉
App with screenshots should show up here again tomorrow.
@hovancik commented on GitHub (Jun 14, 2019):
Successfully installed 2.0.3. I hope you will soon find replacement solution for background sync.
@rakshazi commented on GitHub (Jun 19, 2019):
added to my own repo, too: https://fdroid.rakshazi.me (source: https://gitlab.com/rakshazi/fdroid ), daily updates
@DavHau commented on GitHub (Jul 14, 2019):
Thanks to all involved people to make this project more FOSS.
I see this ticket has been closed, but hope there is still effort being made to get it onto the real F-Droid repo. I don't consider it a good solution to just use another repo. If the original F-Droid repo rejects the project, it means that there are potential security/privacy issues and they should be taken care of.
@rakshazi commented on GitHub (Jul 14, 2019):
If you read the issue discussion, you can find that the only problem with fdroid main repo is xamarin. Fdroid build server does not support it. BTW, check the related issue on fdroid gitlab.
@setyb commented on GitHub (Feb 10, 2020):
SUMMARY UPDATE
(This is a handy TL;DR for those who do not want to read this entire thread.)
For those late to the party, the current bitwarden F-Droid status is being discussed on GitLab.
As of this posting, Xamarin dependency is holding up bitwarden from being included directly in the main F-Droid repository.
However, the F-Droid version of bitwarden is currently easily available by any one of several simple methods:
The differences between the F-Droid build and the Google Play store build are twofold:
Neither version now includes Google Analytics. Earlier versions of the Google Play store version did include it. Many thanks to Kyle for removing it.
For @kspearrin and @ALL:
Question: Have there been any issue reports (such as syncing issues) as a result of using the F-Droid version?
@rakshazi commented on GitHub (Feb 10, 2020):
@setyb, it works: https://fdroid.rakshazi.me/
May be you confused with 404 on qr click? That's url for f-droid client only:
https://fdroid.rakshazi.me/repo?fingerprint=80BF9EC0BCCED7DA2C9B272FA9B53A30E5B79282CFD629BDE14AB1FF1658C02E, seems client didn't handle that linkRegarding issues on F-Droid version: literally nothing. Usign it for several months, works perfectly
@setyb commented on GitHub (Feb 10, 2020):
@rakshazi Thanks Nikita. I updated my post above to reflect your response. Please verify I got it correct.
Also, thank you for your report on the bitwarden F-Droid version. Hopefully @kspearrin and others will concur.
@proletarius101 commented on GitHub (May 16, 2021):
https://gitlab.com/fdroid/fdroiddata/-/merge_requests/8995 @mp-bw
@IzzySoft commented on GitHub (Nov 10, 2021):
@kspearrin just dropping a note here as this doesn't reward a separate issue: After having served Bitwarden for almost exactly 5 years via my repo (where it was added 2016-11-09), I'll now remove it there. Not that I wouldn't like to keep it, or have "ill feelings", so let me leave the reasons as well:
Thanks for staying with me so long, best luck for an inclusion with F-Droid.org soon – and of course all the best for Bitwarden!
@eliykat commented on GitHub (Nov 11, 2021):
Thanks @IzzySoft! I double-checked and this won't cause us any dramas. Thanks for letting us know and for your help in the past with this.
@IzzySoft commented on GitHub (Nov 11, 2021):
Gladly! Should I be needed again, just let me know 😉
@shuvashish76 commented on GitHub (Dec 14, 2022):
@kspearrin Request to provide per-ABI builds for Bitwarden F-Droid repo, since the current single version is too heavy in size.
https://gitlab.com/IzzyOnDroid/repo/-/issues/325
@RokeJulianLockhart commented on GitHub (Jan 9, 2023):
@shuvashish76, should that not a separate issue?