• @CaptainAlchemy
    link
    English
    51 year ago

    I wouldn’t recommend using fdroid due to security concerns. When you download a fdroid so it is signed by fdroid instead of the developer, what this means it’s if fdroid gets hacked all your fdroid apps are insecure and can receive malicious updates. You also trust fdroid as another party in the chain, when in reality you should remove as many parties as possible. They also tend to host outdated apps with no updates in years. Use obtainium as it will pull directly from the developers GitHub page and will be signed by the developer instead.

    • Possibly linuxOP
      link
      fedilink
      English
      31 year ago

      What happens if the developer starts shipping anti features though? F-droid adds a layer of protection and verification. F-droid also allows you to find apps quickly.

      • @CaptainAlchemy
        link
        English
        61 year ago

        Wdym anti features? The only thing fdroid does is take the developer APK, sign it themselves and release it. If any anti features exist (I assume you’re talking about the anti features tab in the fdroid app) it won’t make any difference where you obtain it as fdroid doesn’t do code checks. They only check to make sure it’s under a open source licence. Fdroid adds no protection to any apps and you trust them to ship clean packages. If you get packages from the developer and they sign it and it happens to be malicious it’s only one app instead of all your apps you have from fdroid. You trust them a lot and I’d recommend reading this if anyone is interested. https://privsec.dev/posts/android/f-droid-security-issues/

          • @CaptainAlchemy
            link
            English
            5
            edit-2
            1 year ago

            Freedom from what? Good security practices? Open source does not equal security nor freedom. You’re pedaling digital politics instead of fact based privacy and security. Trust me I’d love my apps to be open source but ignoring blatant security issues is going to put someone at risk. You can’t have privacy without security and vice versa.

            edit: like I mentioned previously, use obtainium and you can still use open source software

                  • @jack@monero.town
                    link
                    fedilink
                    51 year ago

                    Open source gives you all the freedoms that free software gives. So it factually equates. You are also spreading the misinformation that F-Droid guarantees that the software there is 100% libre even when it is an external repo. Totally wrong.

                    You are trying to tell me that caring about free software is misinformation now?

                    When did I say that? Are you stupid?

                    You can’t convince people when you are just repeating what Stallman says without understanding it.

              • @CaptainAlchemy
                link
                English
                1
                edit-2
                1 year ago

                There is no completely free software, even if you take out the Intel ME (which is a very bad idea as it’ll leave you super vulnerable) The Intel chip will never be open source or FOSS at a hardware level. Even RISC-5 being open still has trust issues. Unless you setup a chip fab you’re at the helm of someone. And as the closed source hardware runs the open source software, is it really free?

                • Possibly linuxOP
                  link
                  fedilink
                  English
                  11 year ago

                  Therefore we shouldn’t even try? I do my best to steer clear of proprietary software.

                  • @CaptainAlchemy
                    link
                    English
                    1
                    edit-2
                    1 year ago

                    Like everything in life it’s about balance, using too much foss software and hardware could put you in much more risk, while using proprietary software won’t give you the control or privacy you want. Once again foss software is great, but it is not perfect and should not be treated as such.