Privacy comparison PlayStore vs APK Store vs F-Droid version

For people who value the spirit privacy, FOSS, Non-GAFAM, degoogled etc will be great to have all this explained and no doubt.

  1. Was it possible to completely remove the Amazon trackers from the code?
    https://github.com/cryptomator/android/issues/312
    Amazon Kinesis and Amazon Metrics In Android App

  2. Is it currently in the APK Store / Github and F-Droid version?

  • Any tracking code
  • Any code “calling home”, analytics, crashlytics, social-login, etc
  • Any proprietary dependencies
  1. Although I do not use PlayStore personally, tell me what badware contains the PlayStore version?
    I am aware that in this version you will not avoid some of the bad code, but your application can not be tested for exodus-privacy

  2. Are there any differences between the APK Store and F-Droid version?
    For example: Does the APK Store version describe dependences for GDrive?

Cheers!

Yes, we switchted the dependency to another one so this (disabled) tracking library is completely removed, see

All versions doesn’t contain

  • any tracking code
  • any code “calling home”, analytics, crashlytics, social-login, etc

The F-Droid version doesn’t contain proprietary dependencies because there we removed Google Drive cloud but the APK store variant and the Google Playstore variant does support Google Drive and therefore have a proprietary dependency.

See 2. but you can run exodus for sure, we use it on every release to check if any library added tracking, see

As well we’re running Izzy’s script (which also runs on the F-Droid servers), see

See 2.

2 Likes
  1. Does this mean that the F-Droid version is “the purest” from all?
  2. Can I download the apk F-droid version somewhere if the F-droid store also does not use?

I mean https://exodus-privacy.eu.org

Can you help me how to start Exodus and Izzy’s script locally?
I am too thin for it :frowning:

Thank you very much for your time and patience! :heart:

That is true.

You can download this version from GitHub releases: https://github.com/cryptomator/android/releases
It’s the one with the following name: Cryptomator-X.Y.Z_fdroid_signed.apk but please make sure that you check the SHA256 hash after downloading and before installing the APK. Furthermore this version is normally updated using F-Droid so it doesn’t have an auto updater included (in contrast to the APK store version), so please make sure that you are aware of updates and install them ASAP.

We’re using the exodus checker from this organization using their docker image, see https://github.com/Exodus-Privacy/exodus-standalone. Please checkout our linked fastlane script above, which commands we do execute or see the linked GitHub repo to know how to use exodus-standalone.

Regarding Izzy’s script I would also recommend to study the calls we execute in our Fastlane script and map them to normal terminal commands like e.g. FileUtils.mkdir("unsigned")mkdir unsigned