Alright boys, I've been converted to the light side and have installed F-Droid. Now what?
Basically title. I waited on installing F droid for a long time because my phone threw many scary warnings when I tried a long time ago. But now I have it, and I got some fossify apps, but since there is no "Editor's Picks" on F- droid I dont really know where to go from here.
What apps do you recommend I install first to remove my dependence on closed ecosystems?
What is my vulnerability surface ie, which sort of apps should I watch out for?
Are there any bad faith companies in the open source sphere?
What apps you install depends on your needs and preferences. It might help others if you include those in any future requests for suggestions.
I suggest not worrying too much about "removing your dependence on closed ecosystems" immediately. Just do as you did before, changing apps as you find better alternatives---only, this time, considering the advantages of FOSS. Simply by giving F-droid apps a chance before opening (I assume) the Play Store, you're already doing better than the vast majority of people.
Regarding discoverability and security, I believe participation in the community helps:
The Venn diagram of "FOSS app users" and "software enthusiasts" is closer to a circle. People like talking about useful, good software they like. Word of mouth recommendations is how I got into this stuff.
You'll be more likely to hear urgent actionable news (e.g. X app developer sold to bad company, here's the fork that will carry the torch onwards).
And so that this comment isn't completely useless... Mozilla are currently working on a mobile version of Thunderbird for Android, built on top of K9 mail. Been using the beta and liking it so far. If you want a FOSS e-mail app, keep an eye on that one.
P.S. I much prefer the dark side, and don't forget the cookies!
Begin to de-google yourself. Research on FOSS alternatives to Google apps and services. Depending on your reliance, this may be a slow process. It's OK. Build an understanding that there will be lots of sacrificing, especially convenience around the brand ecosystem that Google and Apple are known for.
You should check out Droid-ify! It's a much more friendlier alternative to F-Droid, and also has more applications by default (gets some apps directly from Github).
ViMusic - ad free music streaming
TrackerControl - view and block app trackers
LibreTube - ad free youtube client
Termux - Terminal
There are also plenty of replacements for builtin apps like camera, gallery, maps, etc, although I personally haven't made that jump yet as there are some missing quality of life features.
It really comes down to what is your use case. Also, a bit of a mindset change since you have to do a bit more research on some apps yourself, nothing too bad, like checking on the App's Github if they have one, to see issues or bugs. Some of which may apply to you... or not. F-Droid has a link for most apps on their app.
Personally, I removed almost all apps on my phone that have ads and/or improved privacy in one way or another.
I used to use Nova but I found KISS launcher or it's fork TinyBit Launcher much better. Why? Because I do a lot of searches and liked that it is search focused and you can add all types of different searches once you know the proper syntax. From Wikipedia, to Youtube, to Searxng, to Dictionaries or DuckDuckGo, you can add almost all search engines. The app is really, really light on resources and it does what I want it to do.
I dropped all Google products, rooted my phone and removed them off my phone along with Google Play Services. Avoid all apps with any trackers. Albeit I still have a couple that I still need. But it is a great improvement.
Use K9 for mail, OpenVPN in lieu of my VPN provider's app, BraveNewPipe or NewPipe w/Sponsor block for Youtube and other services. Use Mull instead of Firefox, due to being more privacy focused. Eternity for Lemmy, as a, well, Lemmy client.
KDEconnect to send/ping/transfer/control PC's and phones over local Wifi. It's free.
Now, I know that many people may not use it, but I set up a Nextcloud Instance on my server and thus have Notes, Maps, RSS reader, File and Bookmarks Sync all through that by using their free apps. All available for free from F-Droid. But you do need a server.
Also, Termux as terminal. You can do lots with it due to all the apps and services you can install and run. I used to run a Searx instance from my phone and I used that to search along with my VPN.
For weather I use either QuickWeather or Geometric Weather, with icons you can get for free from the Playstore.
These are my main core apps. Not fully divested from closed ecosystems (YouTube & Google Maps are in there with alternative private frontends). But close enough for me.
Mull - Private Firefox
OrganicMaps & GMaps WV - Maps
Eternity - Lemmy
Meglodon - Mastadon
ProtonVPN - VPN
AntennaPod - Podcasts
Bitwarden - Passwords
Joplin - Notes
NewPipe Sponsorblock - YouTube w/o ads or in-video promotions
Important note: app developers don't publish their apps on the official F-Droid repository. Other people (maintainers) download source code and compiling these apps. Therefore, updates are delayed by a week. You cannot update the app from other source because F-Droid version signed by a different key, so you must reinstall the app, deleting all the data.
I started using Obtainium to get updates directly from GitHub. It also has support for F-Droid and many other sources. I use F-Droid website mostly to discover apps.
DAVx & ICSx (nextcloud contacts and calendar sync)
DNS66
Jellyfin
Spotube
From FDroid (really droidify from various repositories)
FUTO Voice Input
Breezy Weather
K-9
Libera Reader
FFUpdater
Joplin
The list is massive and I'm on mobile and hate tiny keyboards. I can finish the list later if you/y'all are interested. The only thing that I actively use that is not FOSS on my phone is Google Messages, which I guess is a bit hypocritical, but its too good. Just the ability to react to messages makes it worth it for me.
I also highly recommend Grayjay. It is the best (IMHO) YouTube replacement. It is cross service, like I have odysee, nebula, youtube, and various peertube instances added as sources.
As far as what apps to watch out for, someone mentioned Simple Mobile Tools. Otherwise, I would stay away from apps that are not being updated anymore or are otherwise way too old.
Beside concrete suggestions, I would suggest having a look at the applications you use. (Decide whether you actually use and need them first.) Search for the application on AlternativeTo or similar sites and look for a FLOSS alternative there. And also search the internet for general FLOSS replacements for the use-cases of the applications you use. No need to rush anything. Even replacing one application a week is good progress.
Vinyl Music Player has been my favorite of the large handful that I've tried
Your question about the security of apps is a good one and should be an ongoing one. Who do we, who don't code, put our trust into? Generally I just see if an app is frequently mentioned by others; but that's a pretty shaky approach to downloading software...