F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
I don’t see how supply chain attacks on F-Droid are any different from other app stores. Supply chain attacks would also attack the APK compiled on a deb’s machine.
Also, APKs are signed on Google’s servers, devs don’t have control over those signatures anymore, unless they distribute their APKs through other means (which would impose similar if not worse risks compared to F-Droid, of course).
I don’t see how supply chain attacks on F-Droid are any different from other app stores. Supply chain attacks would also attack the APK compiled on a deb’s machine.
Also, APKs are signed on Google’s servers, devs don’t have control over those signatures anymore, unless they distribute their APKs through other means (which would impose similar if not worse risks compared to F-Droid, of course).
If you think Fdroid security is on par with Google security… then I got a bridge to sell you