Reproducible F-Droid
Building a trusted app ecosystem with F-Droid
F-Droid maintains a complete free software build/sign/deploy stack for securely making signed releases of Android apps in a fully automated way. This has been used since 2010 to run the f-droid.org repository of free software Android apps. Reproducible builds means it is possible to make a strong link between the actual app running on our devices, and the source code which they were built from. When the source code has been thoroughly inspected and is trusted, it is then possible to apply that same trust to the install binary.
This project will make this stack much easier for other people and organizations to deploy and use on a daily basis. This allows organizations to run rebuilders to confirm that the releases available on f-droid.org or any F-Droid-compatible repository exactly match the source code. The resulting data can then be automatically consumed by the client app so it can communicate to the user that it was confirmed as a reproducible build.
- The project's own website: https://f-droid.org
Run by F-Droid
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.