Looking for an open-source privacy oriented fitness tracker?
I have really been enjoying FitoTrack.
FitoTrack is a mobile app for logging and viewing your workouts. Whether you’re running, cycling or hiking, FitoTrack will show you the most important information, with detailed charts and statistics. It is open-source and completely ad-free.
Features:
• Track workouts. Choose the type of sport you would like to track and just start running, cycling or hiking, for example. You can see the general information right below the map on the tracking screen.
• View your workouts. View general information such as date, time, duration, distance, speed and pace. See your route on a map. Work out your level of performance from the speed diagram.
• Open-Source. There is neither advertisement nor tracking, and the source code is open and licensed under the GPLv3.
Check it out!
The repo is on Codeberg and the official release is on Google Play and F-Droid only, so...
I recommend getting it from F-Droid Basic and not a third party like Obtanium.
Get it here:
https://codeberg.org/jannis/FitoTrack
For those who wonder why not Obtanium?
My views align with PrivacyGuides and modern security standards regarding obtaining apps from F-Droid. I don't recommend getting apps from F-Droid unless it's the only option.
If F-Droid must be used, F-Droid Basic is the preferred choice. F-Droid Basic supports automatic background updates without privileged extension or root and has a reduced feature set, limiting the attack surface.
Third-party F-Droid clients can have numerous issues, such as lacking proper mirroring support. For this reason, I recommend avoiding Neo Store and no longer suggest using any third-party clients for F-Droid repositories.
#Ikitao #Fitness #OpenSource #Privacy
One of us is confused about how Obtainium works. AFAIK it's not a third-party client for F-Droid. Rather it downloads releases directly from the code forge used by the app developers (usually HitGub).
Also, can you link to a good summary of the perceived security issues with using F-Droid, and what the alternatives are to using that, Goggle Prey Store (obviously not a good idea) or Obtainium?
The debate about F-Droid security and trustworthiness has been ongoing for a while now with passionate arguments on both sides, so I will let you go down that rabbit hole for yourself.
The main issue for me with F-Droid is having to trust not only the dev but also F-Droid. This is basic OPSEC. If you can get it from the source (GitHub usually) without also having to trust a 3rd party, then that is basic security practice. If the release is on GitHub, the Obtanium is just pulling from the repo.
If the dev releases the apk on F-Droid only, then that is the release repo (not GitHub/GitLab, Codeberg), straight from the dev. Using Obtanium, in this case, now introduces a third party, so while the risk is minimal compared to an alternative client like Neo Store, I still recommend following best OPSEC practices and just getting the apk from the source, which in this particular case is not Codeberg, or GitHub, or GitLab, but F-Droid. I already spoke about why I recommend F-Droid Basic in the post.
Here is more info on the subject: https://discuss.privacyguides.net/t/remove-note-about-getting-f-droid-apps-from-obtanium/14440
Thanks a lot for the detailed response. Just posting the link would have been quicker for you, so I appreciate you taking the time.
"If the dev releases the apk on F-Droid only, then that is the release repo (not GitHub/GitLab, Codeberg), straight from the dev. Using Obtanium, in this case, now introduces a third party"
I guess the underlying issue here is one of dev practice. If all mobile app devs ran their own
release repo, independent of *both* code forge and app library, then something like Obtainium could always download directly from the dev.
Installing with F-Droid could then be an automated process of adding that repo, and installing from it. At least as an option, for those who don't want to trust the F-Droid team to compile from source.
As things stand, people using Android apps are usually forced to trust either Goggle Prey Store, GritHub, or F-Droid. I know which of the 3 I trust. F-Droid is the only one where full source code is available for *every* link in their distro chain.
In the long term though, the solution to all this is Reproducible Builds. Or some other way of checking whether a binary (or server) is compiled from the published source code.
