TWIF 20: Security audit completed, buildserver setup with ansible

This Week In F-Droid 20, Week 36, 2018

In this edition: Second security audit completed, automating the buildserver setup with ansible, a light week with updates for Just Notes, Cow’s Revenge, Feeel, and others.

F-Droid is a repository of verified free and open source Android apps, a client to access it, as well as a whole “app store kit”, providing all the tools needed to set up and run an app store. It is a community-run free software project developed by a wide range of contributors. This is their story this past week.

Second security audit completed

In case you missed it, our second security audit has been completed. All important issues have been fixed, and work on the remaining issues is ongoing. @Tovok7 has been working on repomaker issues found in the audit, uploaded a pre-release to pypi and started to write installation instructions. If you are a developer or a power user, we could use your help with testing these.

@_hc writes: We are satisfied with the results, which confirmed again that the core security model and standard operations are solid. Read more.

For those who are curious about the first security audit, which happened in 2015, this post looks back on it.

Automating buildserver setup with ansible

@uniq is currently working on automating the buildserver setup with ansible. Although we already have makebuildserver, this completely automates it, and all you have to do is run vagrant up and you’ll get a VM with fdroidserver set up for doing builds with a nested buildserver inside. This is different from makebuildserver in that it also builds the host.

Community News

New apps

Updated apps

This week, 24 apps were updated, which is by far the lightest week we’ve had since the start of TWIF. We are not aware of any technical problems, and the index has been updating regularly. This slowdown appears to be entirely natural.

  • Just Notes released version 2.0, now with scrolling notes!

  • Featured Cow’s Revenge is an awesome game in which you play a cow that was abducted and genetically enhanced by aliens. Seriously, who doesn’t want to be THE COWEST? In version 1.0.5 you can toggle the sound on and off in the settings, enjoy Gamepad improvements, change weapons with shoulder buttons, and more.

  • Feeel is an app for doing simple at-home exercises. The update from 1.1 to 1.91 adds multiple workouts and fixes a bug that makes it actually work on Android 4.x, as well as SailfishOS.

  • Draw is a dead simple drawing app. Version 4.3.0 adds an initial Zoom implementation, which is disabled by default.

  • Mastalab 1.11.0 is out! Links to toots now open the conversation inside the app, detailed bug reports can be sent by email, GIFs can be imported from the Android keyboard, instances can be followed from profiles, markdown is accepted for links in toots, and more. There’s also a slew of bug fixes and better Pleroma support.

  • is an instant messenger and team collaboration tool based on the Matrix protocol/network. It skipped a version on F-Droid, updating straight to 0.8.15. This update has a lot of quality improvements under the hood, an updated settings icon and notification logo, the ability to send messages starting with a slash (/) and automatically escapes nickname mentions starting with a slash.

Tips and Feedback

Don’t forget to send in your tips! There are way too many app updates to keep track of them all, and we’d love your help to find the important ones. And of course, if you’re doing anything involving F-Droid in any way, tell us about it!

Send tips via Mastodon to on and remember to tag with #TWIF. Or use the TWIF submission thread on the forum. The deadline to the next TWIF is Thursday 12:00 UTC.

General feedback can also be sent via Mastodon, or, if you’d like to have a live chat, you can find us in #fdroid on Freenode, on Matrix via or on Telegram. All of these spaces are bridged together, so the choice is yours. You can also join us on the forum.