this post was submitted on 13 Sep 2024
85 points (98.9% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54500 readers
816 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I understand the developer may be known and trusted
But I do not have the expertise to do my own thorough code review
If that's of your concern, you can't download the play store version either. It is the same app, has the same signature.
as if the play store only contains safe APKs right?
Excuse my ignorance and correct me if I'm wrong
But does the play store not do some sort of scanning itself?
Even worse. Many apps have google signature instead of the developers. They upload their key and give it to google. Horrible practice. Nowadays, fdroid gravitates towards reproducible builds with the dev's own signature and google is going the other way round. Gravitating towards an unsafe "best practice" ...
Potentially, but that doesn't really matter, as you can match the signatures of the two versions and see that they are the same. You cannot fake that and have one version have different code, it's not possible.
Thanks for the insight :)
What does Google play do to remediate it?
They do basic checking for known malware.