@SylvieLorxu And you can be affirmed it's the very same FOSS build, as at IzzyOnDroid it is a Reproducible Build – meaning, our builders built the APK from Sylvia's code, and ended up with a byte-by-byte identical APK.
Bonus points: updates usually reach you within 24h of Sylvia making them available. Our build cycles are pretty short: just a few hours, instead of a few days 
#ReproducibleBuilds talk at #FOSSY2025 went pretty well today, presented by myself and my colleague Chris Lamb...
For bonus fun, I used the #MNTReform to present!
Slides available:
https://people.debian.org/~vagrant/fossy-2025/Nevermind-the-Checkboxes-heres-Reproducible-Builds.pdf
... as well as a .buildinfo file if you want to try and bit-for-bit reproduce the slides, although I did it using an arm64 machine:
Video should be available in a month or so, hopefully?
W00t, w00t! New NeoStore (one of our F-Droid clients) arrived, now showing the RB status directly next to the versions of each app 
I believe it will be recorded and live streamed ... presuming, of course, no serious intervention by gremlins!
I have not followed closely, but always glad to see all the work done verifying android apps!
#ReproducibleBuilds has definitely grown to span many different types of software, and really it should be helpful everywhere!
@vagrantc will the session be recorded, for those who cannot attend in person? Running multiple RB verification builders for Android apps ourselves (see e.g. https://android.izzysoft.de/articles/named/iod-rbs-mirrors-clients and https://codeberg.org/IzzyOnDroid/rbtlog plus https://codeberg.org/bg443/rbtlog / https://shields.rbtlog.dev/), we're of course interested in what you and Chris have to say 
the Real Beast arrived!
666 apps (50.6%)
So there!
Will be holding down a #ReproducibleBuilds table and giving a related talk or two!
Looking forward to seeing folks!
Welcome to the RB family, FlorisBoard
https://apt.izzysoft.de/packages/dev.patrickgold.florisboard.beta
FlorisBoard is your versatile keyboard app, loaded with many features, keyboard layouts, skins and more. At IzzyOnDroid, we ship the "early birds": alpha & beta versions.
Thanks to the hard work of the FlorisBoard team (thank you so much, Patrick & lm41!), the app is finally RB!
(2/2)
And just 15 days before the first anniversary of our public RB GoLive (which happened on August 1st, 2024), we've reached 50% coverage:
Every 2nd app at IzzyOnDroid is now RB!
Welcome to the RB family, KeePassDX
Both, the libre and the free flavor were just confirmed:
https://apt.izzysoft.de/packages/com.kunzisoft.keepass.libre
https://apt.izzysoft.de/packages/com.kunzisoft.keepass.free
KeePassDX is a password safe and manager allows editing encrypted data in a single file in the open KeePass format and fill in the forms in a secure way, requires no Internet connection and integrates Android design standards.
June news at reproducible-builds.org have been released, stating IzzyOnDroid passed 48% coverage (48.8% now), and that @bg443 made shields available to show the current RB status of an app. And on we go!
Welcome to the RB family, OPN2 MIDI Player
https://apt.izzysoft.de/packages/ru.wohlsoft.opnmidiplayer
OPN2 MIDI Player is a a MIDI-player based on emulator of a Frequency Modulation chip Yamaha OPN2 (YM2612).
With the help of its developer, we finally managed to confirm it as reproducible build, so its shield is up now 
Welcome to the RB Family, Jerboa
https://apt.izzysoft.de/packages/com.jerboa
Jerboa is a client for Lemmy, made by Lemmy's developers. And Lemmy is the Fediverse alternative to Reddit, Lobste.rs, HN & Co.
The current version finally passed RB, so the shield is up now!
@SylvieLorxu sorry, but I had to boost this again now. @fdroidorg can you please make optically clear which APKs you reproduced? Developers knock our doors wondering why we say their app is not RB, while you claim it is – and checking, EACH SINGLE TIME we find the app is NOT set up RB at your end, and the JSON at your verification server clearly states you verified YOUR OWN build. Yes, that might show your build is deterministic – but not that theirs is RB. It's confusing.
Speaking of RB:
DavDroid 4.5.1 unfortunately failed RB. Which shows the thin line between "deterministic" and "reproducible":
We were able to build the app umpteen times, and got the very same, byte identical APK on each build: deterministic. So, it was reproducible, right? Well: no. It didn't match the APK built by the developer. A very slight difference in this case, an "off-by-one" in the baseline (so don't you worry, it's just the optimizer).
#Apple is not the only one dreaming up new features. There are many of us. @fdroidorg on making the most trustworthy app distribution platform, following as many best practices as possible. Many Apple has not implemented, like app reviews of source code rather than binaries, or #ReproducibleBuilds. We require human review or apps. Over 60% of our apps are reproducibly built. Apple encrypts app files, making reproducible builds impossible. It continues to only review binaries apps not source code
So I had some more thoughts about FOSS sustainability. I've had them for some time. But this weeks issues reminded me of them.
So here's a mild spruik for some of the orgs who make my digital spaces for myself and my project and also package @librecast
https://www.onepict.com/20250628-plussustain.html
#AndroidAppRain at https://apt.izzysoft.de/fdroid today with 14 updated and 1 added apps:
* Pomozen: a Pomodoro timer designed to boost productivity and focus 
Enjoy your (1315) #free #Android #apps with the #IzzyOnDroid repo – 627 of them (47.7%) are #reproducibleBuilds
Welcome to the RB family, Aegis
https://apt.izzysoft.de/packages/com.beemdevelopment.aegis
Aegis Authenticator is a free, secure and open source app to manage your 2-step verification tokens for your online services.
Thanks to the help of the Aegis team, the app is now finally RB – expect the green shield coming up in a few hours
Btw: kudos for this go to @bg443 – who runs an independent builder (i.e. Ben is not a member of IzzyOnDroid himself, but his builder covers several of our apps. So it's verifying our builders are telling the truth, so to say).
So while IoD takes the APKs directly from the devs, our builders verify they were indeed built from the source code the devs claim to – while independents like Ben verify we're not "cheating". The winners are YOU
