In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

• https://privsec.dev/posts/android/f-droid-security-issues/
• https://xcancel.com/GrapheneOS/status/1883895255142932816#m
• https://github.com/obfusk/fdroid-fakesigner-poc

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I’ve been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?