SomeGadgetGuyMalware FROM GOOGLE PLAY installed on a couple million Android devices, but of course Google is SUPER worried about you installing an app from f-droid 🙄
MetropleX@SomeGadgetGuy I'd be worried about installing from F-Droid regardless due to very poor security practices including very delayed updates, downgraded dependencies, problematic undocumented changes and an insecure build server environment. Their own app has an abysmally low targetsdk also, despite newer versions for it an outdated one is linked on the website, which causes conflicts when people have multi users when trying to install across them as the preexisting one has updated. Shambles.
Read more here:
https://xcancel.com/GrapheneOS/status/1961137060820951379
Also a post from the Wireguard dev with their concerns is available here:
https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
This led to them including a self-update system which was openly implemented and documented. F-Droid was unaware they'd shipped it for half a year, and by then WireGuard had essentially escaped from in their words being held hostage by F-Droid.
@metr0pl3x all good points, and my original comment shouldn't be taken as any kind of open or uncritical view of f-droid, but more in the spirit that Google is looking to police everyone else while they cant seem to get their own house in order.
I guess I would question which potential vector for attack has the potential to cause greater harm. Installing from APK's found on sites like f-droid (and others) or installing apps from Google Play?
I genuinely dont know, since I cant get legit usage stats from f-droid, but this most recent malware issue on Play clocked over 2 million downloads.
I guess I would question which potential vector for attack has the potential to cause greater harm. Installing from APK's found on sites like f-droid (and others) or installing apps from Google Play?
I genuinely dont know, since I cant get legit usage stats from f-droid, but this most recent malware issue on Play clocked over 2 million downloads.
@SomeGadgetGuy one is worse because of the popularity and exposure, the other is worse because of lack of security forward approach. I'd rather not enumerate badness and just call out the problems for what they are. That said I know which track would fix the vulnerabilities and issues when they're found though and I think you know too. 😉