Fun fact: about 2/3 of the apps in our repository are confirmed as #ReproducibleBuilds – and (rough guess) about 90% of those are hosted at Github.
Now: Github being marked "malicious" by Google "Safebrowsing" – when? That's where all the malicious code lives then, no? And where all those (90%) "malicious" APKs are attached to releases (which we scrutinize with a bunch of extra scans; you can compare the file hashes to confirm) 🤔
Welcome to the RB family, Presents 🥳
apt.izzysoft.de/packages/com.l…
Presents is an app that helps you keep your wishes organized, and instantly share them with all your friends. Its developer having identified and fixed the final culprit keeping it from being reproducible, it now is 
#IzzyOnDroid #ReproducibleBuilds
The ultimate wishlist app to share your wishes with all your friends!IzzyOnDroid Repo Browser
Welcome to the RB family, APlayer 🥳
apt.izzysoft.de/packages/remix…
APlayer is a beautiful and powerful music player with lyrics support, a built-in equalizer, sleep timer, tag editor, and more.
Thanks to some help by its developer, this app can now be built reproducible
#ReproducibleBuilds #IzzyOnDroid
A beautiful and powerful music playerIzzyOnDroid Repo Browser
Welcome to the RB family, Interstellar 🥳
apt.izzysoft.de/packages/one.j…
Interstellar is a Fediverse client for Mbin/Lemmy/PieFed accounts. Having found the final culprit that kept it from being RB (after 6 months, and it was just a single thing to toggle! RBs can be bitches sometimes…), we finally succeeded
So raising the bar a little again, RB status is now at 774 apps (60.5%)
#ReproducibleBuilds #IzzyOnDroid
An open source Mbin & Lemmy client, connecting you to the fediverse.IzzyOnDroid Repo Browser
Welcome to the RB family, FileBin 🥳
apt.izzysoft.de/packages/de.va…
FileBin is a mobile client for FileBin, a self-hostable service to manage your pastes. We finally managed to get it RB, as we were able to locate a culprit in Gradle not dealing correctly with per-ABI builds when only building a single ABI…
So, current RB status: 773 apps (60.4%)
#ReproducibleBuilds #IzzyOnDroid
Share any file easily - a mobile app for FileBinIzzyOnDroid Repo Browser
Well, "only" 12 updates today and no added apps, BUUUUT…
New milestone reached: 3 out of 5 apps at #IzzyOnDroid are now #ReproducibleBuilds 🥳
==> RB status: 758 apps (60%) <==
You can read more about what that means at our website: izzyondroid.org/about/security…
(and we hope to reach the "2 out of 3" (aka 66.666%) until FOSDEM 2026 🤞)
What are Reproducible Builds, and what does IzzyOnDroid have to do with them?izzyondroid.org
Welcome to the RB family, Print(Notes) 🥳
apt.izzysoft.de/packages/com.p…
Print(Notes) is a cross-platform markdown notes app inspired by Google Keep and Obsidian. Took a lot of efforts, so we like to thank its developer for their patience, persistence, and diligence to reach this goal with us 🤗
#IzzyOnDroid #ReproducibleBuilds
A cross-platform markdown notes app inspired by Google Keep and ObsidianIzzyOnDroid Repo Browser
In this very minutes, our website (izzyondroid.org/) gets some updates deployed:
* we've collected some more hints on #ReproducibleBuilds (embedded paths with cmake, failed library stripping)
* our "landing page" (intro) got its content a bit rewritten, to hopefully be clearer
Hope you enjoy it!
FreeBSD Now Builds Reproducibly and Without Root Privilege
We’re pleased to share that the FreeBSD Project now supports builds without requiring root privileges, removing elevated access from the release pipeline and improving overall security. This work was completed as part of a program commissioned by the Sovereign Tech Agency.
Read more: freebsdfoundation.org/blog/fre…
#FreeBSD #ReproducibleBuilds #OpenSource #Security
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege.Florine Kamdem (FreeBSD Foundation)
Welcome to the RB family, Zest 🥳
apt.izzysoft.de/packages/com.y…
Zest is a task management system – and Yoshi just got the final pieces into place for the app to build reproducibly.
Welcome to the RB family, AntiQ 🥳
apt.izzysoft.de/packages/com.c…
AntiQ is an offline Android Music Player with some opinionated features and a distinctive User Interface tailored for large music libraries and collections. Joint efforts with its developer were fruitful, so now the APK for v1.7.0 was confirmed to be reproducible
#IzzyOnDroid #reproducibleBuilds
A Music Player for Music Collectors and Enthusiasts.IzzyOnDroid Repo Browser
as toots are not really fit for this kind of discussion, I've answered your questions at github.com/eddyizm/tempus/issu…
That said, welcoma aboard #IzzyOnDroid – and to #reproducibleBuilds
Picking up from your toot: Should I submit the regular version (github release) or the degoogled version? as they have different icons and different app ids (in keeping with the previous repo patte...IzzySoft (GitHub)
Welcome to the RB family, Chronofile 🥳
apt.izzysoft.de/packages/com.c…
Chronofile is a personal time tracking app. With the help of its developer, it is now (starting with the 1.1.1 release which will go live in our repo with the next sync around 6 pm UTC) confirmed as Reproducible Build
Welcome to the RB family, World Clock 🥳
apt.izzysoft.de/packages/de.er…
World Clock displays the current time and weather for various cities. Thanks to a little help from Eric, its developer, the app is now RB, starting with v1.5.1 (which will go live with our next repo sync around 6 pm UTC) 😃
So with this, our current RB status is: 724 apps (56%) 🎉
#reproducibleBuilds #IzzyOnDroid
display offline time and online weather for various cities in a sleek Material YIzzyOnDroid Repo Browser
Welcome to the RB family, JxlViewer 🥳
apt.izzysoft.de/packages/fr.ou…
JxlViewer lets you view your JPEG XL files on your device. Thanks to the help by its developer, this app is now RB
RB Status: 711 apps (54.2%)
Welcome to the RB family, Weather Master 🥳
apt.izzysoft.de/packages/com.p…
inspired by the Google Pixel weather app, Weather Master meanwhile provides a lot of additional features.
Working hard on it, Pranshul finally succeeded, thanks to CI builds (here: Github actions), so it now has the shields up.
#reproducibleBuilds #IzzyOnDroid
Weather, Forecasts, Moon Phases, and MoreIzzyOnDroid Repo Browser
@Kerplunk we'd suggest you read the security section at apt.izzysoft.de/fdroid/index/i… 😉 TL;DR: multiple scans are performed on apps published via #IzzyOnDroid, to make it as safe & secure as can be. In the 10 years of our existence, there hasn't been a single incident of a malicious app. So please, don't spread uninformed misinformation ("without checks" even). Thanks! @CoMaps
PS: IzzyOnDroid also has #reproducibleBuilds to ensure apps were built from the indicated source. Planned for CoMaps as well
how to use this site and its repo, how to get your app listed here, and more.IzzyOnDroid App Repo
Oh, PS: I forgot to mention some nice numbers. We are now available in 4k – err, I mean, our main builder today reached 4,000 k packages coverage
> 4000 packages, 3875 reproducible
RB status: 687 apps (52.2%)
Welcome to the RB family, Prism File Explorer 🥳
apt.izzysoft.de/packages/com.r…
Prism File Explorer is a modern, feature-rich, and lightweight file manager for Android, delivering a seamless file management experience with a beautiful Material Design interface. Thanks to the efforts taken by its developer (and now using CI to build it), the app is now reproducible.
#reproducibleBuilds #IzzyOnDroid
full-featured and lightweight file managing appIzzyOnDroid Repo Browser
And you can be affirmed it's the very same FOSS build, as at IzzyOnDroid it is a Reproducible Build – meaning, our builders built the APK from Sylvia's code, and ended up with a byte-by-byte identical APK.
Bonus points: updates usually reach you within 24h of Sylvia making them available. Our build cycles are pretty short: just a few hours, instead of a few days 😉
#IzzyOnDroid #reproducibleBuilds #updates
#ReproducibleBuilds talk at #FOSSY2025 went pretty well today, presented by myself and my colleague Chris Lamb...
For bonus fun, I used the #MNTReform to present!
Slides available:
people.debian.org/~vagrant/fos…
... as well as a .buildinfo file if you want to try and bit-for-bit reproduce the slides, although I did it using an arm64 machine:
people.debian.org/~vagrant/fos…
Video should be available in a month or so, hopefully?
W00t, w00t! New NeoStore (one of our F-Droid clients) arrived, now showing the RB status directly next to the versions of each app 🥳
#IzzyOnDroid #reproducibleBuilds
I believe it will be recorded and live streamed ... presuming, of course, no serious intervention by gremlins!
I have not followed closely, but always glad to see all the work done verifying android apps!
#ReproducibleBuilds has definitely grown to span many different types of software, and really it should be helpful everywhere!
will the session be recorded, for those who cannot attend in person? Running multiple RB verification builders for Android apps ourselves (see e.g. android.izzysoft.de/articles/n… and codeberg.org/IzzyOnDroid/rbtlo… plus codeberg.org/bg443/rbtlog / shields.rbtlog.dev/), we're of course interested in what you and Chris have to say 🤗
Spannende Neuigkeiten im IzzyOnDroid Repo: Jetzt haben wir reproduzierbare Builds, spezifische Unterstützung durch einige der beliebtesten F-Droid-Clients und mehr!IzzyOnDroid
Welcome to the RB family, FlorisBoard 🥳
apt.izzysoft.de/packages/dev.p…
FlorisBoard is your versatile keyboard app, loaded with many features, keyboard layouts, skins and more. At IzzyOnDroid, we ship the "early birds": alpha & beta versions.
Thanks to the hard work of the FlorisBoard team (thank you so much, Patrick & lm41!), the app is finally RB!
#reproducibleBuilds #IzzyOnDroid
Beta of FlorisBoard, the open-source keyboard which respects your privacy.IzzyOnDroid Repo Browser
(2/2)
And just 15 days before the first anniversary of our public RB GoLive (which happened on August 1st, 2024), we've reached 50% coverage:
Every 2nd app at IzzyOnDroid is now RB! 🥳
Welcome to the RB family, KeePassDX 🥳
Both, the libre and the free flavor were just confirmed:
apt.izzysoft.de/packages/com.k…
apt.izzysoft.de/packages/com.k…
KeePassDX is a password safe and manager allows editing encrypted data in a single file in the open KeePass format and fill in the forms in a secure way, requires no Internet connection and integrates Android design standards.
#reproducibleBuilds #IzzyOnDroid
Secure open-source password safe and managerIzzyOnDroid Repo Browser
June news at reproducible-builds.org have been released, stating IzzyOnDroid passed 48% coverage (48.8% now), and that @bg443 made shields available to show the current RB status of an app. And on we go!
reproducible-builds.org/report…
#IzzyOnDroid #reproducibleBuilds
Welcome to the RB family, OPN2 MIDI Player 🥳
apt.izzysoft.de/packages/ru.wo…
OPN2 MIDI Player is a a MIDI-player based on emulator of a Frequency Modulation chip Yamaha OPN2 (YM2612).
With the help of its developer, we finally managed to confirm it as reproducible build, so its shield is up now
#reproducibleBuilds #IzzyOnDroid
Simple MIDI-player for Android based on libOPNMIDI libraryIzzyOnDroid Repo Browser
Welcome to the RB Family, Jerboa 🥳
apt.izzysoft.de/packages/com.j…
Jerboa is a client for Lemmy, made by Lemmy's developers. And Lemmy is the Fediverse alternative to Reddit, Lobste.rs, HN & Co.
The current version finally passed RB, so the shield is up now!
#reproducibleBuilds #IzzyOnDroid
An app for Lemmy, a federated reddit alternative.IzzyOnDroid Repo Browser
sorry, but I had to boost this again now. @fdroidorg can you please make optically clear which APKs you reproduced? Developers knock our doors wondering why we say their app is not RB, while you claim it is – and checking, EACH SINGLE TIME we find the app is NOT set up RB at your end, and the JSON at your verification server clearly states you verified YOUR OWN build. Yes, that might show your build is deterministic – but not that theirs is RB. It's confusing.
So I had some more thoughts about FOSS sustainability. I've had them for some time. But this weeks issues reminded me of them.
So here's a mild spruik for some of the orgs who make my digital spaces for myself and my project and also package @librecast
onepict.com/20250628-plussusta…
Speaking of RB:
DavDroid 4.5.1 unfortunately failed RB. Which shows the thin line between "deterministic" and "reproducible":
We were able to build the app umpteen times, and got the very same, byte identical APK on each build: deterministic. So, it was reproducible, right? Well: no. It didn't match the APK built by the developer. A very slight difference in this case, an "off-by-one" in the baseline (so don't you worry, it's just the optimizer).
#reproducibleBuilds #IzzyOnDroid (1/2)
#AndroidAppRain at apt.izzysoft.de/fdroid today with 14 updated and 1 added apps:
* Pomozen: a Pomodoro timer designed to boost productivity and focus 🛡️
Enjoy your (1315) #free #Android #apps with the #IzzyOnDroid repo – 627 of them (47.7%) are #reproducibleBuilds
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).IzzyOnDroid App Repo
Welcome to the RB family, Aegis 🥳
apt.izzysoft.de/packages/com.b…
Aegis Authenticator is a free, secure and open source app to manage your 2-step verification tokens for your online services.
Thanks to the help of the Aegis team, the app is now finally RB – expect the green shield coming up in a few hours
#reproducibleBuilds #IzzyOnDroid
Free, secure and open source 2FA app to manage tokens for your online servicesIzzyOnDroid App Repo
Btw: kudos for this go to @bg443 – who runs an independent builder (i.e. Ben is not a member of IzzyOnDroid himself, but his builder covers several of our apps. So it's verifying our builders are telling the truth, so to say).
So while IoD takes the APKs directly from the devs, our builders verify they were indeed built from the source code the devs claim to – while independents like Ben verify we're not "cheating". The winners are YOU
Dear developers of #Android #apps which are listed at #IzzyOnDroid and have been confirmed as #reproducibleBuilds by one (or more) of our builders:
I've been told by a dev:
> There are only 3 things devs want. Stickers, badges and a good dev environment (and I'm not sure the last one is important)
So there you go if you want to show the RB status of your app:
