F-Droid

10318 readers

16 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 5 years ago

MODERATORS

fossdd@lemmy.ml

testman@lemmy.ml

#AnySoftKeyboard, installed from #FDroid, asks for access to Contacts. Was it compromised? (EDIT: Unlikely) (mastodon.nzoss.nz)

submitted 2 weeks ago* (last edited 1 week ago) by strypey@mastodon.nzoss.nz to c/fdroid@lemmy.ml

13 comments fedilink hide all child comments

#AnySoftKeyboard, installed from #FDroid, asks for access to Contacts. Was it compromised? (EDIT: Unlikely)

I don't remember it asking me for Contacts before (but @lnxw37a2 does). [EDIT: I was] worried it may have been subject to a supply chain attack, and to be on the safe side, I uninstalled it.

It seems to be a mostly unmaintained app that I never use, but hadn't uninstalled. This is the first new version since 2025/07/25, and before that, 2022/01/14 (the first version shipped by @fdroid).

you are viewing a single comment's thread
view the rest of the comments

[–] hildegarde@lemmy.blahaj.zone 4 points 1 week ago

I checked every version on F-Droid and they all have the contacts permission. Its a common request on software keyboards, because it lets it add the names of those in your contact list to the autocorrect dictionary. Its nice to avoid your keyboard wrongly correcting names.

It doesn't have the network permission, so its not able to transmit any data it has. I don't think this is an attack.

The app has a link to their privacy policy which explains what permissions it asks for, why, and affirms the app cannot transmit the data off the device. Last updated in 2017, and still matching the permissions of the current version. This isn't an attack.