F-Droid: the open-source app store explained
What is F-Droid, why does it exist, how do you install it, and which apps should you get from it? A complete guide for beginners and advanced users.
F-Droid: the open-source app store explained
Google Play is the default app store on Android. But it’s not the only option — and for privacy-conscious users, it’s not the best one either.
F-Droid is an alternative app store that exclusively offers free and open-source software (FOSS). No tracking, no ads, no hidden code. What you install is what you see.
What exactly is F-Droid?
F-Droid is both an app store and a community project. It has existed since 2010 and is maintained by volunteers. There’s no company behind it profiting from your usage data.
Every app in F-Droid is:
- Open-source — the source code is public and verifiable
- Free of trackers — apps are scanned for tracking libraries; any found are disclosed
- Built by F-Droid itself — not by the developer. This prevents a developer from slipping malicious code into a signed build.
That last point matters: F-Droid builds apps from source code. If a developer modifies their source to add malware, the community can see it. Transparency is the security.
Why does F-Droid exist?
Because Google Play is a closed system. You trust Google that the apps you install do what they claim. You cannot verify the code.
F-Droid exists so that trust isn’t necessary. You can read the code. Others already have. And F-Droid builds the apps itself so there’s no room for hidden modifications.
In 2026, this is more relevant than ever. Google has announced that starting September 2026, all Android apps must be registered by a verified developer — including paying Google a fee, providing government ID, and uploading private signing keys. Apps from unregistered developers will be blocked on certified Android devices.
What this means: F-Droid and apps distributed outside Google’s ecosystem will be blocked on standard Android. See keepandroidopen.org for the latest.
This won’t apply to GrapheneOS. GrapheneOS is not a certified Android device and does not enforce these restrictions. This is one of the reasons GrapheneOS is the right choice for people who want control over their device.
Installing F-Droid
F-Droid is not available in the Google Play Store — that would be ironic. You install it as an APK file.
Step 1: Enable sideloading
On standard Android, you need to enable sideloading (installing outside the Play Store). Go to Settings → Apps → Special app access → Install unknown apps.
Grant permission to the browser you’ll use to download the APK.
On GrapheneOS, sideloading is allowed by default — no changes needed.
Step 2: Download F-Droid
Go to f-droid.org and download the APK. Confirm you’re on the official site (correct address, valid certificate).
Step 3: Install the APK
Open the downloaded file and install it. Android will ask for confirmation.
Step 4: Verify (optional but recommended)
F-Droid publishes the SHA-256 hash of the APK on their site. You can compare the hash of the downloaded file to confirm it hasn’t been tampered with.
sha256sum fdroid.apkCompare the output with the hash on f-droid.org.
Repositories: the core of F-Droid
F-Droid works with repositories (repos) — sources of apps. By default, F-Droid includes the official F-Droid repo. You can add extra repos for more apps.
Official F-Droid repo
The default repo. Strict requirements: apps are manually reviewed, tracker-free, built by F-Droid. Fewer apps, higher certainty.
F-Droid Archive
Older versions of apps from the official repo. Useful if a recent update broke an app.
IzzyOnDroid
A popular extra repo maintained by Andreas Itzchak Rehberg (“Izzy”). More apps than the official repo, including apps still under review or not meeting all F-Droid requirements. Well-maintained and transparent.
To add: In F-Droid go to Settings → Repositories → + and enter:
https://apt.izzysoft.de/fdroid/repoGuardian Project
Repo from the makers of Tor Browser for Android. Contains privacy and security tools.
To add:
https://guardianproject.info/fdroid/repoMolly (Signal fork)
If you use Molly as a Signal alternative (see below), Molly has its own repo.
To add:
https://molly.im/fdroid/repoRecommended apps via F-Droid
Communication
Molly — a hardened fork of Signal. Same encryption as Signal, but with extra security options: on-device database encryption, RAM wiping on lock, no Google services required.
Element — open-source Matrix client for decentralised communication.
Browser
Tor Browser — anonymous browsing via the Tor network. Available via the Guardian Project repo.
Mull — a hardened version of Firefox without telemetry, built for privacy. Supports uBlock Origin.
Passwords
Bitwarden — open-source password manager. Also available via sandboxed Google Play, but the F-Droid version has no dependency on Google services.
KeePassDX — local password manager in KeePass format. No cloud, no sync unless you set it up yourself.
Maps and navigation
Organic Maps — offline maps based on OpenStreetMap. No account, no tracking.
OsmAnd — more comprehensive map app, also offline, more features than Organic Maps but more complex.
File management
Material Files — open-source file manager. Also supports SFTP and WebDAV.
Music and media
VLC — open-source media player. Plays almost any format.
Transistor — simple internet radio app.
System and security
NetGuard — firewall without root. Blocks internet access per app. Useful for seeing which apps reach out to external servers.
News and RSS
Feeder — RSS reader without an account. Add your own feeds, no algorithm.
What are the downsides?
Being honest:
- Fewer apps — popular commercial apps (Instagram, TikTok, banking) are not available. They’re not open-source.
- Updates are slower — F-Droid builds apps itself, which takes time. You receive updates later than via the Play Store.
- Some apps only work with Google Play Services — apps that depend on Firebase Push Notifications or other Google services won’t work or will be limited without sandboxed Google Play.
- Less polished — F-Droid is functional but not as refined as the Play Store.
These are real trade-offs. For daily use on a privacy phone, most essential apps are available. For banking or government apps you’ll likely need sandboxed Google Play.
F-Droid and the future of open Android
Google’s announcement to lock Android to registered developers is a direct attack on the ecosystem F-Droid operates in. If this policy goes ahead, F-Droid will be blocked on certified Android devices.
This is not a hypothetical risk — the deadline is September 2026.
What you can do:
- Install F-Droid now — on your current device, even if it’s not GrapheneOS
- Use GrapheneOS — Google’s certification requirements don’t apply on GrapheneOS
- Support the campaign — keepandroidopen.org collects signatures and coordinates resistance
- Follow Bits of Freedom — bitsoffreedom.nl is the Dutch digital civil rights organisation monitoring and challenging these developments
- Spread the word — the more people using F-Droid, the harder it is to shut out
F-Droid exists because people believed open software should be the norm. That fight isn’t over.
Summary
| Google Play | F-Droid | |
|---|---|---|
| Apps | Hundreds of thousands | ~4,000 (official) + repos |
| Source code | Closed | Always open |
| Tracking | Present in many apps | Disclosed and blocked |
| Updates | Fast | Slower |
| Cost | Free / paid | Always free |
| Google account | Required | Not needed |
| Future on standard Android | Certain | Uncertain after Sept. 2026 |
F-Droid isn’t for everyone. But if you take privacy seriously, it belongs on your phone.