• Zagorath
    link
    fedilink
    English
    arrow-up
    47
    arrow-down
    8
    ·
    9 months ago

    I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.

        • Zagorath
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          Eh I think that’s fair. You don’t have to trust fdroid per se, so much as trust that they’re not collaborating with a specific developer. It’s a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we’re having here.)

        • Tier 1 Build-A-Bear 🧸@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          9 months ago

          Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It’s just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It’s just common sense.

      • Zagorath
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        9 months ago

        You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can’t do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.