I've already told you about the additional APK checks now performed in my repo, and that you can find the first summary of explanations in the repo info (https://apt.izzysoft.de/fdroid/index/info#manifest).
Now the results of those checks on app permissions are being made transparent to you if you expand the permission section for an app. Not seen in the screenshots: on mouseover you now will get a short explanation for each permission.
OSS Document Scanner: scan your documents and ORC them (with camera or from pics)
One app I had to remove earlier for proprietary components returned in a #FOSS variant: OneMoreSecret is now totally free of those. Congrats to stud0709 for this achievement!
Today is the first time I had to remove an app from the #IzzySoftRepo for potential security risks: author changed the signing key (happens a lot they lose it, unfortunately) – and instead of explaining what happened, simply deleted the issue where I reported it. So I must assume that repo was either compromised – or the author is not interested in security.
It should be safe to use my repo, so I had to remove that app (the "insecure" APK never went live here thanks to security checks).
You've read about F-Droid's #reproducibleBuilds recently? Now, the #IzzySoftRepo repo makes use of that implementation. How, you ask?
Well: part of the process is to compare APKs and make sure they carry the signature of their authors. That's done by fdroidserver whenever the YAML file of an app has "AllowedAPKSigningKeys:" defined. APKs with not-matching signatures are rejected. That's used by my repo now to make sure updates are "legit" (and not placed to the repo by a malicious actor). (1/4)
You may notice (or already have noticed) the number of apps in the #IzzySoftRepo currently dropping. Here is why:
I currently update the anti-features of apps (the next @fdroidorg client will support specifying reasons for why an AF is there) and noticed that some apps simply accumulated far to many non-free dependencies, some even while working with sensitive data (eg. finances), others while not being maintained anymore for years. Those are currently being removed.