this post was submitted on 13 Mar 2026
9 points (90.9% liked)

F-Droid

10318 readers
11 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 5 years ago
MODERATORS
fossdd@lemmy.ml
testman@lemmy.ml
9
#AnySoftKeyboard, installed from #FDroid, asks for access to Contacts. Was it compromised? (EDIT: Unlikely) (mastodon.nzoss.nz)
submitted 2 weeks ago* (last edited 2 weeks ago) by strypey@mastodon.nzoss.nz to c/fdroid@lemmy.ml
13 comments fedilink hide all child comments
 

#AnySoftKeyboard, installed from #FDroid, asks for access to Contacts. Was it compromised? (EDIT: Unlikely)

I don't remember it asking me for Contacts before (but @lnxw37a2 does). [EDIT: I was] worried it may have been subject to a supply chain attack, and to be on the safe side, I uninstalled it.

It seems to be a mostly unmaintained app that I never use, but hadn't uninstalled. This is the first new version since 2025/07/25, and before that, 2022/01/14 (the first version shipped by @fdroid).

you are viewing a single comment's thread
view the rest of the comments
[โ€“] strypey@mastodon.nzoss.nz 3 points 2 weeks ago (1 children)

Seems I was going off half-cocked, out of an overabundance of caution. #MeaCulpa. I thought it would be worse if I ignored my strypey-senses tingling and said nothing, then it turned out it was compromised.

We need to be cautious in this age of copious vibe coding;

https://forum.f-droid.org/t/f-droid-policy-on-libre-ai/

I do think @fdroid crew need to do due diligence when apps appear to be abandoned, then revived. They probably do, but any links to policies and processes on this would be a great way to put my mind at rest.

[โ€“] strypey@mastodon.nzoss.nz 2 points 2 weeks ago

#HatTip to the @fdroid threadiverse community, and others, for offering such rapid and thorough clarifications. Many thanks to @lnxw37a2 @hildegarde @alienghic @plm00 @Axolotl_cpp.

Thanks also to @tootbrute @kurikai for offering suggestions for other soft keyboard apps, and to @snek_boi for reminding me to format the first sentence of my Mastodon post so it becomes a good title in the threadiverse post.