top | item 42592444

(no title)

pserwylo | 1 year ago

While this is true of many projects, F-Droid has a track record of sourcing funding for security audits. To date there have been at least three audits, in 2015, 2018, and 2022.

https://www.opentech.fund/security-safety-audits/f-droid/

https://f-droid.org/2018/09/04/second-security-audit-results...

https://f-droid.org/2022/12/22/third-audit-results.html

I was involved in addressing in issues identified in the first one in 2015. It was a great experience, much more thorough than the usual "numerous static analysers and a 100 page PDF full of false positives that you often receive.

discuss

udev4096|1 year ago

I'm surprised that several audits didn't uncover this signing issue. GrapheneOS devs do not recommend f-droid. Instead, Play Store is the safest option for now, after Aurora Store

cenamus|1 year ago

But their goals are also kinda opposed, software security with not much concerns paid to freedom.

t0bia_s|1 year ago

Aurora Store downloads apk files directly from gplay servers, why it should be less safe than Play Store?