61

So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.

you are viewing a single comment's thread
view the rest of the comments
[-] 9tr6gyp3@lemmy.world 19 points 2 months ago

What does a healthy opinion of F-Droid look like though? Lol

[-] JackbyDev@programming.dev 9 points 2 months ago

What's an unhealthy opinion of f-droid? Is something wrong with it? Genuine question. I'm out of the loop.

[-] lord___vader@sh.itjust.works 5 points 2 months ago

F-droid acts as a trust for all the apps you download through it, which means if F droid is hacked, hackers can push fake update to all the apps. It is an issue, but not the biggest concern of average joe. Although F-droid should take it pretty seriously.

But I think hating on them is not the solution....

[-] JackbyDev@programming.dev 10 points 2 months ago

Oh. Same is true for Google Play and literally every self updating app/program on the planet lmao.

[-] jet@hackertalks.com 2 points 2 months ago* (last edited 2 months ago)

For Google Play: Google has root on play devices which is a separate issue, but the apps are actually signed by their developers and not google.

[-] refalo@programming.dev 7 points 2 months ago* (last edited 2 months ago)

not google

This is not true... play store now requires you to give up your signing keys to google so they can sign the app themselves after injecting whatever they feel like. F-Droid does the same because they also compile your apps for you. Another reason some don't trust F-Droid (or Signal, Tor and a bunch of other free/open source software for that matter) is that they received funding from OTF which is funded by the US government and some people don't like that. And yes I know computers and the internet also came from the government /shrug

I have no skin in this game, I am not intentionally trying to spread any FUD (but I realize some people will still claim so, they are free to do so), just relaying information I have seen elsewhere. Happy to provide sources if anyone likes.

[-] jet@hackertalks.com 4 points 2 months ago* (last edited 2 months ago)

https://support.google.com/googleplay/android-developer/answer/9842756?hl=en#zippy=%2Capp-signing-key-requirements

Thats a good point, but it looks like they still let you use your own keys if you want to, but they even say 90% of apps let google sign on their behalf. yeah, ok, full trust with google then.

Before 2021 all apps used their own keys it seems

[-] refalo@programming.dev 2 points 2 months ago

Play App Signing is required for new apps.

Also now required is giving up your government identity document to google in order to keep publishing on the play store.

[-] possiblylinux127@lemmy.zip 3 points 2 months ago

They have actually made a bunch of security enhancements to there systems and processes. You can look at the blog if you are curious.

load more comments (4 replies)
load more comments (19 replies)
this post was submitted on 13 Aug 2024
61 points (91.8% liked)

Privacy

31876 readers
244 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS