Open Source Apps on Android
As I've gradually moved my desktop experience to mostly open source software, I've been looking towards the same from my mobile experience. I'm currently using Android, which is "open source" in a Google controls everything way. There's been good progress in the last few years in making non-Android operating systems available for phones, but none of them are stable yet. So in the meantime, I've started to pay more attention to the apps I use and switch to open source alternatives where possible.
F-Droid (App Store)
The most obvious choice for a Play Store alternative is F-Droid. An open source app store that lets you add third-party repositories. The official repo builds most apps from source so you have access to the exact source code that you're running without needing to trust that developers didn't tweak the build beforehand. Chances are you'll still need Play Store as a fallback as F-Droid won't have everything and you'll likely have built-in apps tied to Play Store for updates.
The main problem with F-Droid and really any app store is trust. F-Droid is run by a small team, so even with their offline build pipeline, it's possible for malicious code to get through. I mean, who's going to fully audit the source code of every single app update? It's the same problem as desktop package managers. At the end of the day, you need trust, and F-Droid is not as well established as, say, Fedora to be fully trusted yet.
However, trust isn't as all-or-nothing as it is on desktop. Android has a somewhat decent permissions system so you can see and control what apps have access to. Last I checked, there are some permissions that are automatically approved (like internet access), so you still have to be cautious before installation. Desktops are also going in a similar direction with new distribution methods and runtimes like Flatpak.
I've been on the fence with F-Droid for a while now, but I've lurked around the project and kept track of their progress for over a year. At this point, I'm familiar enough with their community and approach to say I do trust them. I haven't encountered any red flags or reasons to be anymore concerned than the Play Store; which is riddled with malware. So here I am, writing this all down.
AnySoftKeyboard (Keyboard)
Everything we type on our phones goes through a single keyboard app. So it's vital that we can trust it. There a lot of keyboards out there. Most of them are pretty similar. Sadly, of the ones I've tried, none come close to Google Keyboard in terms of polish and accuracy. However, trusting Google with everything I type is a definite no-go so I'm willing to make some sacrifices.
I went with AnySoftKeyboard. It's quite popular so I can trust that it's well maintained. Its presentation blends well with Android's look and feel and it has a good level of customisation to get the behaviour right. The completion and correction is nowhere as good as Google's and after a month I'm still having problems with missed keys and typos. The emoji picker is also just plain ugly. There's definitely room for improvement and I'm happy to give it more time.
KISS (Launcher)
I've always used Nova Launcher on Android. It's the first app I paid for. It's always been miles better than the default Android launchers and it's clear Android's newer versions have adopted a lot of its(?) ideas. However, I've never used most of its features and it's closed source so I don't want to give it access to things like Contacts and Notifications. Maybe it's time I looked for something else.
To me, a launcher is just that. A launcher. I use it to search for an app and launch it. Like a "start menu", "spotlight" or "overview". I don't want to organise widgets, folders and icons. I just want to search and launch. KISS does exactly that and nothing else. Since it doesn't even ask for an internet connection, I'm happy to give it access to my contacts and anything else. It's perfect. There's not much else to say.
Firefox Preview (Web Browser)
I use Firefox on desktop so using it on mobile is a no-brainer. The current Firefox app is solid and fully supports extensions. However, after trying Firebase Preview, which uses a new engine, I noticed how janky Firefox can be. So now I'm sticking with Firefox Preview until it becomes the official Firefox. If any of that sounded confusing, I don't blame you.
Shuttle (Music Player)
I've used Shuttle for years now and didn't realise it's open source. There are plans to publish it on F-Droid, but there's little progress. I organise my library on desktop and only use my phone for playback and Shuttle's interface is perfect for that. It fits with the rest of Android and there's no misaligned elements. Everything is polished, fluid and straightforward.
VLC (Video Player)
VLC is a pretty standard player nowadays. I prefer mpv on desktop but I don't think it matters much on mobile. It's a nice to have for those rare moments I need to play a video file from storage.
VLC is also a music player, but I found the interface to be a bit ugly, especially compared to Shuttle. Music playback is definitely an afterthought for them whereas video is in their name.
Signal (SMS/MMS, Instant Messaging)
I used to use WhatsApp since that's where everyone is. I tried moving to Signal a few years back and no one followed. I tried again recently, and people did follow. It seems like the general public is (slightly) more privacy-conscious now than before which is great. The additional ability to send and receive SMS through Signal is also convenient as it keeps things in one place and reduces the need to install yet another app.
Signal itself is pretty solid. It lacks a few features like group calls. Their desktop experience is terrible right now. Signal is nowhere near as polished as Telegram and Whatsapp, but it's getting there. They do make a few strange decisions like PIN nag screens and a dedicated "sticker" button that no one uses. But their focus on privacy is what's important. Unlike Telegram, Signal-to-Signal messages are always end-to-end encrypted so everyone benefits from it.
Aegis (Two-Factor Authentication, TOTP)
I switched from Google Authenticator to Authy a while back as Authy provides remote backup and restore. However I didn't pay attention to the fact that they only allow backups through their own servers. You can't request a backup and move to something else. They don't even let you see your account keys to manually move them over. The only solution is to go through each service, hunt down the 2FA settings and move over to a new device. That sucks.
I found two popular open source alternatives: andOTP and Aegis. Both work as you'd expect and have similar interfaces. However, since they store your keys encrypted, you need to input a password every time you launch the app. Aegis supports fingerprint unlocks to make that process more convenient so I went with that.
Unlike Authy, both of these apps let you export your keys locally, however they don't back them up remotely for you so it's up to you to keep them safe.
OsmAnd (Maps)
There's no doubt that Google Maps is pretty much the best map and navigation app. But giving Google our location details is of course a bad idea. OsmAnd is the best open source alternative. It uses OpenStreetMap and while the interface isn't as clean as Google Maps, it works and provides everything you'd need; including offline maps and public transport directions. In a way, its traditional presentation and open nature makes it a much better tool for power users.
Last I remember, the app on Play Store (OsmAnd+) had some subscription-based features. However the one I installed from F-Droid (OsmAnd~) doesn't have any of that, which makes it a lot less confusing to use. Maybe it's missing some features but I'm happy with what I have.
Other Apps
I'm still using Fastmail's app for email and calendar. I bought DAVx5 to synchronise contacts -- something that should be built-into Android but isn't because Google wants you to go through them -- and I could do the same for calendars. Email of course can go through SMTP. However I've tried the email and calendar apps on F-Droid and I'm not sold on any of them. There's a lack of polish compared to Fastmail's app so I'm reluctant to switch.
BitWarden while open-source isn't available in F-Droid's official repo yet due to some dependencies. But they have their own repo in the meantime. It lacks automatic push updates since that's tied to proprietary Google software (a common story), which I'm fine with.
For everything else, Simple Mobile Tools provides an entire suite of open source core Android apps. Calendar, gallery, camera, file manager, etc. Most of which don't require network access. Pretty amazing.
Oh, there's also some mandatory banking apps. A hell of closed source bad ideas. I don't think there's a cure for that yet other than to avoid them altogether. The sad thing is, Steam also falls under that bracket. I'll never understand Valve. Aegis at least can work as a Steam Guard Authenticator (which is like any other TOTP but with completely unnecessary custom encoding), but the Steam app is still needed for approving trade requests.
Conclusion
I strongly recommend Android users start looking at alternative app stores like F-Droid. Google is slowly strangling Android's ecosystem so we need to start introduce some competition. Until at least a viable alternative to Android appears.
Thanks for reading.