F-Droid: the open-source app store explained
Google Play is the default app store on Android. But it’s not the only option — and for privacy-conscious users, it’s not the best one either.
F-Droid: the open-source app store explained
Google Play is the default app store on Android. But it’s not the only option — and for privacy-conscious users, it’s not the best one either.
F-Droid is an alternative app store that exclusively offers free and open-source software (FOSS). No tracking, no ads, no hidden code. What you install is what you see.
That makes F-Droid most interesting for readers who deliberately want more control over how they choose apps. It is not automatically the best first step for everyone with an Android phone.
Who this guide is for
This guide fits mainly:
- balanced privacy-aware Android users who deliberately want to choose more open-source apps
- GrapheneOS users who want to work outside Google Play where possible
- readers who are willing to manage extra app sources and accept some compatibility friction
For low-friction normal users, F-Droid is often not the first priority. Start there with passwords, 2FA, app permissions, and better default apps. F-Droid becomes logical once you also want to manage app sources more deliberately.
What you gain, and what it costs
If you use F-Droid seriously, you usually gain:
- more visibility into what you install
- access to many open-source apps without a Google account
- less dependence on Google Play as your only app channel
But it also costs something:
- slower updates than the Play Store for many apps
- more manual management of repositories and app sources
- a higher chance of running into apps that are less polished or support fewer features
It becomes overkill when:
- you mainly just want to make a regular Android phone safer and less leaky
- you do not want to actively maintain extra app sources
- you want banking, work, or government apps to stay as frictionless as possible
What exactly is F-Droid?
F-Droid is both an app store and a community project. It has existed since 2010 and is maintained by volunteers. There’s no company behind it profiting from your usage data.
Every app in F-Droid is:
- Open-source — the source code is public and verifiable
- Free of trackers — apps are scanned for tracking libraries; any found are disclosed
- Built by F-Droid itself — not by the developer. This prevents a developer from slipping malicious code into a signed build.
That last point matters: F-Droid builds apps from source code. If a developer modifies their source to add malware, the community can see it. Transparency is the security.
Why does F-Droid exist?
Because Google Play is a closed system. You trust Google that the apps you install do what they claim. You cannot verify the code.
F-Droid exists so that trust isn’t necessary. You can read the code. Others already have. And F-Droid builds the apps itself so there’s no room for hidden modifications.
Google’s developer-verification policy matters here, but the practical impact is more nuanced than “F-Droid will simply stop working everywhere.” Distribution rules, regional rollout, and enforcement details can shift.
Google has announced an “advanced flow” for power users who still want to sideload apps from unverified developers. Google says this flow involves extra steps such as developer-mode changes, rebooting, a waiting period, and biometric confirmation, while leaving a persistent warning label on the app. The initial rollout in September 2026 is limited to Brazil, Indonesia, Singapore, and Thailand, with broader rollout expected afterwards. Because Google describes this as a Google-layer experience rather than an OS feature, the exact behavior can still change.
What matters for users: F-Droid remains useful, but you should avoid writing as if every future policy detail is already fixed globally.
Installing F-Droid
F-Droid is not available in the Google Play Store — that would be ironic. You install it as an APK file.
Step 1: Enable sideloading
On standard Android, you need to enable sideloading (installing outside the Play Store). Go to Settings → Apps → Special app access → Install unknown apps.
Grant permission to the browser you’ll use to download the APK.
On GrapheneOS, sideloading is allowed by default — no changes needed.
Step 2: Download F-Droid
Go to f-droid.org and download the APK. Confirm you’re on the official site (correct address, valid certificate).
Step 3: Install the APK
Open the downloaded file and install it. Android will ask for confirmation.
Step 4: Verify (optional but recommended)
F-Droid publishes the SHA-256 hash of the APK on their site. You can compare the hash of the downloaded file to confirm it hasn’t been tampered with.
sha256sum fdroid.apk
Compare the output with the hash on f-droid.org.
Repositories: the core of F-Droid
F-Droid works with repositories (repos) — sources of apps. By default, F-Droid includes the official F-Droid repo. You can add extra repos for more apps.
Official F-Droid repo
The default repo. Strict requirements: apps are manually reviewed, tracker-free, built by F-Droid. Fewer apps, higher certainty.
F-Droid Archive
Older versions of apps from the official repo. Useful if a recent update broke an app.
IzzyOnDroid
A popular extra repo maintained by Andreas Itzchak Rehberg (“Izzy”). More apps than the official repo, including apps still under review or not meeting all F-Droid requirements. Well-maintained and transparent.
To add: In F-Droid go to Settings → Repositories → + and enter:
https://apt.izzysoft.de/fdroid/repo
Guardian Project
Repo from the makers of Tor Browser for Android. Contains privacy and security tools.
To add:
https://guardianproject.info/fdroid/repo
Molly (Signal fork)
If you use Molly as a Signal alternative (see below), Molly has its own repo.
To add:
https://molly.im/fdroid/repo
Recommended apps via F-Droid
Communication
Molly — a hardened fork of Signal. Same encryption as Signal, but with extra security options: on-device database encryption, RAM wiping on lock, no Google services required.
Element — open-source Matrix client for decentralised communication.
Browser
Tor Browser — anonymous browsing via the Tor network. Available via the Guardian Project repo.
IronFox — a Firefox-based privacy browser option that fits better with the current ecosystem than older Mull recommendations.
Passwords
Bitwarden — open-source password manager. Also available via other distribution channels, including Bitwarden’s own Android packaging.
KeePassDX — local password manager in KeePass format. No cloud, no sync unless you set it up yourself.
Maps and navigation
Organic Maps — offline maps based on OpenStreetMap. No account, no tracking.
OsmAnd — more comprehensive map app, also offline, more features than Organic Maps but more complex.
File management
Material Files — open-source file manager. Also supports SFTP and WebDAV.
Music and media
VLC — open-source media player. Plays almost any format.
Transistor — simple internet radio app.
System and security
NetGuard — firewall without root. Blocks internet access per app. Useful for seeing which apps reach out to external servers.
News and RSS
Feeder — RSS reader without an account. Add your own feeds, no algorithm.
What are the downsides?
Being honest:
- Fewer apps — popular commercial apps (Instagram, TikTok, banking) are not available. They’re not open-source.
- Updates are slower — F-Droid builds apps itself, which takes time. You receive updates later than via the Play Store.
- Some apps only work with Google Play Services — apps that depend on Firebase Push Notifications or other Google services won’t work or will be limited without sandboxed Google Play.
- Less polished — F-Droid is functional but not as refined as the Play Store.
These are real trade-offs. For daily use on a privacy phone, most essential apps are available. For banking or government apps you’ll likely need sandboxed Google Play.
F-Droid and the future of open Android
Google’s announcement to require verified developers on certified Android devices could make sideloading and alternative app distribution harder in some scenarios. How much that affects F-Droid specifically still depends on the final enforcement details and on which devices and regions are in scope.
Platform policy can still affect open Android distribution, but the exact rollout and consequences can change. Keep the long-term concern in mind without turning it into a hard dated prediction.
Summary
| Google Play | F-Droid | |
|---|---|---|
| Apps | Hundreds of thousands | Roughly 3,800 in the official repo + extras via other repos |
| Source code | Closed | Always open |
| Tracking | Present in many apps | Disclosed and blocked |
| Updates | Fast | Slower |
| Cost | Free / paid | Always free |
| Google account | Required | Not needed |
| Future on standard Android | Strongest default path | More policy-sensitive than Play distribution |
F-Droid isn’t for everyone. But if you take privacy seriously, it belongs on your phone.
Next step
Go further
- Android privacy without a custom ROM — broader baseline settings after installing F-Droid
- GrapheneOS first setup — getting started with GrapheneOS
- Profiles on GrapheneOS — app isolation with separate profiles
- Google Play sandbox on GrapheneOS — run Play apps in isolation