Privacy

38448 readers

665 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Is F-droid insecure? (sh.itjust.works)

submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 3 days ago

I've seen posts by the GrapheneOS team about recommendations against using both F-Droid and Aurora. F-Droid had a decent sized list of issues they raised. One of the key ones they raised against both was that it added an extra person to trust. You always need to trust the code of the developer of the app. No way to avoid that. With F-droid you need to trust that their build system/infrastructure is serving you the app as per the developers code. With Aurora you need to trust the Aurora devs are giving you the app unmodified from Google.

There were other criticisms on F-Droid that they sign almost all apps with their own key rather than the developers. They do offer to serve apps with the developer keys, but it's difficult to setup and not many apps implement it. Google Play also does the same thing though, so I feel this risk isn't that big. Generally they seem to recommend getting apps directly from developers rather than via a 3rd party. They offer Accrescent in the GrapheneOS app store which is designed for this, just pulls files from Github AFAIK.

All that said. I prefer to get all my apps from F-Droid (NeoStore technically) and Aurora for anything without a F-Droid repo.