Even my keyboard is built reproducibly
Posted on Mar 04, 2025 by
Two years ago, almost to the day, we’ve spoken about how “VPN trust requires free software” outlining the importance of reproducible builds in general, and specially when it comes to your Internet connection security. That post sparked some interest and led to improvements in the way F-Droid packages reproducible builds.
Last year we were sadden to read that proprietary keyboards are (still) spying on their users and encouraged you to seek better FOSS keyboard apps. The keyboard is perhaps the most sensitive app on the device. Everything you write will go through the keyboard app, including passwords and private messages. In order to have a trustworthy device, we need to know that our keyboard app is treating our secrets with the utmost care. The best ones do not even request internet access or any other way to send our precious keystrokes anywhere besides where they are intended to go.
As we push for apps to be reproducible when included, let’s take a look at the current F-Droid offer in regards to keyboards.
Our F-Droid Verification Server continuously rebuilds apps and compares them to the published version. This allows us to spot sources of non-determinism in all apps, no matter if setup as reproducible or not.
We split our available keyboard apps based on their reproducible status as:
- Reproducible - we host the developer signed packages after we verify them as reproducible
- Verified - we host our signed packages, and the Verification Server confirms them as reproducible
- Soon to be Verified - we host our signed packages, verification fails, but we’ve contributed upstream to hopefully fix the issues, so maybe the next version will be fine
- Not verified - we host our signed packages, verification fails or the app is so old that there are lower chances to be fixed
Reproducible:
- Latin script: Colemak Mod-DH Keyboard, Fossify Keyboard, HeliBoard
- Asian script: Fcitx5 & plugins, Kuaizi IME, Sithakuru
- Special layout: FlickBoard, Thumb-Key, Traditional T9
- Voice input: Sayboard
- Misc: KryptEY
Verified:
- Latin script: Brailliac: Braille Keyboard, DroidTR IME, Irregular Expressions, Key Mapper GUI Keyboard, Simple Keyboard, Unexpected Keyboard
- Asian script: Guileless Bopomofo, Stroke Input Method (筆畫輸入法)
- Voice input: Kõnele, Whisper
- Misc: FutharkBoard
Soon to be Verified:
- Latin script: 8Vim, FlorisBoard
- Asian script: Indic Keyboard, Trime
Not Verified:
- Latin script: AnySoftKeyboard & plugins, Hacker’s Keyboard
- Misc: KeePassDX - FOSS Password Safe
Too old to even be checked:
Interesting list, looks like we offer a large variety of input apps that, hopefully, not only cover your typing needs but also allow you to do this on a verified reproducibly built app.
This work was supported by your donations, and from NLnet. To help support F-Droid, please check out the donation page and contribute what you can.