WingNews logo WingNews
top | item 26062176

(no title)

aq3cn | 5 years ago

I stick to F-droid android app store. it asks developer to submit their code which gets compiled by the F-Droid team. apps with proprietary codes are flagged.

few QR code apps from F-Droid.

https://f-droid.org/en/packages/com.example.barcodescanner/

https://f-droid.org/en/packages/com.secuso.privacyFriendlyCo...

discuss

order

ignoramous|5 years ago

Open source apps can absolutely have trackers in them. F-Droid isn't a security solution by any measure. I have inspected code of at least one popular "privacy" app that absolutely tracks its users out in the open (I mean, the code is right there on GitHub), yet I see repeatedly that app (and F-Droid) being touted as some elixir that fixes security and privacy for one and all. It doesn't. Don't place your trust on F-Droid apps blindly, and more importantly, refrain from blanket advocating F-Droid apps as a security / privacy panacea.

What I do instead is monitor Android's traffic with a LittleSnitch-esque firewall and block all apps I don't use. Also, I've disabled auto-updates on non-essential apps. Only Photos, Maps, Chrome, and Firefox are allowed to auto update on my Android.

JeremyNT|5 years ago

Were the trackers already labeled in F-droid? They maintain a list of these anti features for all apps. If not, when you reported your findings to F-Droid, did they flag the app as having trackers at that time?

Nobody said blanket trust anything. F-Droid is a community project with a framework that allows for disclosing user hostile behavior in apps. By using it and paying attention, we can all make it even better - the exact opposite of Google, whose incentives do not align at all with these goals.

marcodiego|5 years ago

F-droid flags apps that have known anti-features. Using Open source software is a very significant security solution.

krageon|5 years ago

It would be more compelling if you actually mentioned what app you've found that's so naughty.

higerordermap|5 years ago

It's manually curated and generally flags such things as anti-features if found, and I'd believe them more than some tensorflow_script_to_detect_malware.py

rectang|5 years ago

What open source gives you is an audit trail, which is helpful but not sufficient. You still need to be able to trace malicious code to actual individuals. Then you need the ability to punish those individuals, ideally through criminal prosecution.

schmorptron|5 years ago

What app are you talking about specifically?

benibela|5 years ago

I once tried to get my app in F-Droid, but they refused, because they did not want to install the dependencies because the dependencies were too big. Turns out you cannot compile something without dependencies. I wrote my app in FPC/Lazarus to make a truly cross platform app that runs natively on anything from a Raspberry PI to Windows 2000, and they did not like that tech stack.

haspok|5 years ago

Both recommended apps use the ZXing library. So it is a small world, and if someone overtakes ZXing (assuming that it is not malicious right now), then all apps become infected. Otherwise no security and bugfixes, no improvements, no version upgrades... who knows how long this library will work?

uzakov|5 years ago

Additionally you can have two/three separate phones, linked to separate accounts for different purposes. I keep one phone separate for phone gaming.