Is it currently in the APK Store / Github and F-Droid version?
Any tracking code
Any code “calling home”, analytics, crashlytics, social-login, etc
Any proprietary dependencies
Although I do not use PlayStore personally, tell me what badware contains the PlayStore version?
I am aware that in this version you will not avoid some of the bad code, but your application can not be tested for exodus-privacy
Are there any differences between the APK Store and F-Droid version?
For example: Does the APK Store version describe dependences for GDrive?
Yes, we switchted the dependency to another one so this (disabled) tracking library is completely removed, see
All versions doesn’t contain
any tracking code
any code “calling home”, analytics, crashlytics, social-login, etc
The F-Droid version doesn’t contain proprietary dependencies because there we removed Google Drive cloud but the APK store variant and the Google Playstore variant does support Google Drive and therefore have a proprietary dependency.
See 2. but you can run exodus for sure, we use it on every release to check if any library added tracking, see
As well we’re running Izzy’s script (which also runs on the F-Droid servers), see
You can download this version from GitHub releases: Releases · cryptomator/android · GitHub
It’s the one with the following name: Cryptomator-X.Y.Z_fdroid_signed.apk but please make sure that you check the SHA256 hash after downloading and before installing the APK. Furthermore this version is normally updated using F-Droid so it doesn’t have an auto updater included (in contrast to the APK store version), so please make sure that you are aware of updates and install them ASAP.
Regarding Izzy’s script I would also recommend to study the calls we execute in our Fastlane script and map them to normal terminal commands like e.g. FileUtils.mkdir("unsigned") → mkdir unsigned