Lutin DiscretI wonder if android closing, making de facto @murena @iode #grapheneOs #volla and other alternative roms the only OS being able to install and run apps from @fdroidorg apps, a way to gain market share 🤔. Like would that be a good thing?
Scanner DiciestDon’t use F-Droid and Aurora store for security, use Obtainium, Accrescent and AppVerifier.
https://privsec.dev/posts/android/f-droid-security-issues/
https://xcancel.com/search?f=tweets&q=from%3AGrapheneOS+Aurora+Store
F-Droid Security Issues
F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider. Before we start, a few things to keep in mind: The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work.
@a53bdb the article downplays Google signing keys as "opt in" (it's not) and calls reproducible builds "interesting but largely unused".
Today you can't add an App to Google Play without Google signing it, but 2/3s of F-Droids repo is reproducible.
@CjMalone This article is a little outdated, but I’m surprised that most of these criticizes are still true.
@a53bdb no. I don't trust apk from github. I favir fdroid who rebuild everything from source.
@a53bdb thanks for the article. Will read
@lutindiscret Why would you trust the developer but not the APK directly from them?