In November 2017, Yale Privacy Lab and Exodus Privacy reported one of the most scariest security vulnerability in Android phones. They claim Android phones collect your location even if you’ve turned off location services. In fact, Google was aware of this all the time and was doing so on purpose. You don't even need to use any app or even insert a SIM card. All that Google need is your phone to get online. Once you're connected to the internet, the hidden spyware in the pre-installed apps on your phone automatically gathers data about your location and sends it back to Google. This means Google has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.
Google, thereafter, have claimed that it encrypts the data in transit, and doesn’t store any of it. The company also said it has stopped doing so since November, as soon as it was caught red-handed. However, the security breach is really huge, one that could have had serious real-world consequences.
Furthermore, Google Play Store, the one-stop hub for all the Android apps, also shares a wide variety of user-data with advertisers, unknown to the user. After being caught once again, Google said it would expand its Unwanted Software Policy and implement click-through warnings in Android. However, this move still can't clean the polluted ocean of Apps plaguing Android. Yale Privacy Lab and Exodus Privacy have now taken the matter into their own hands. The two security companies have created an Android app store of their own, the F-Droid app store.
A replacement for Google Play, F-Droid offers Free and Open-Source Software (FOSS) apps without all those hidden trackers. F-Droid only allows apps that include their source-code and whose licenses require anyone who modifies them to also include the source. F-Droid doesn't offer the millions of apps available in Google Play, but those it offers are fully secure ones.
It’s true that Google does scan apps submitted to the Play Store to filter out malware, but the process is still mostly automated and very quick— too quick to detect Android malware before it's published. Your privacy and security are massively important and installing F-Droid can be the first step in protecting yourself from malware.