itadakimasuThis doesn’t seem super safe from a security standpoint. Can anyone comment on safety?
nodietYeah fdroid is vastly preferred over this because you can be sure that the source code provided actually produces the executable.
csm10495So this means you trust F-Droid? … do you have proof that they aren’t doing anything nefarious?
… if we want to play the game of ‘is it safe’ play it all the way in each case.
Like we’re acting like a dev would upload malware to a trusted repo. If we think that way, the could also slip it into the open source code and not be noticed. Anything’s possible but don’t live in fear.
There is a weird thing on Lemmy where people seem to be very worried about things that they probably shouldn’t be; then we hit a line where its just ‘ok’.
TLDR: For 99.99% of people I’d recommend just using the Google Play store.
I thought about that argument as I was posting my reply. The thing is that with fdroid you only have to trust one instance. With something like obtainium, you are trusting every single developer whose app you are downloading. Don’t get me wrong, ultimately I am not that worried either and am using the izzyondroid repo as well which has the same issue as obtainium. But it is good to have systems in place to prevent abuse even if that abuse is unlikely.
Aren’t you trusting every app developer since it still compiles their code? I mean unless you actively look through all the code in each app you use.
Sure, at one point you have to trust something or someone unless you want to read all source code for all apps you use. Thankfully there are quite a few people out there who do basically that and report issues they find, but ultimately, reading all source code and compiling everything by yourself would be the only way to be safe.