So I’ve been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let’s just say that they doesn’t have a “healthy” opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn’t have drama or toxicity or “extreme opinions”. Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.

  • JackbyDev@programming.dev
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 months ago

    What’s an unhealthy opinion of f-droid? Is something wrong with it? Genuine question. I’m out of the loop.

    • lord___vader@sh.itjust.worksOP
      link
      fedilink
      arrow-up
      8
      arrow-down
      2
      ·
      3 months ago

      F-droid acts as a trust for all the apps you download through it, which means if F droid is hacked, hackers can push fake update to all the apps. It is an issue, but not the biggest concern of average joe. Although F-droid should take it pretty seriously.

      But I think hating on them is not the solution…

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        3 months ago

        Oh. Same is true for Google Play and literally every self updating app/program on the planet lmao.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          3 months ago

          For Google Play: Google has root on play devices which is a separate issue, but the apps are actually signed by their developers and not google.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            7
            ·
            edit-2
            3 months ago

            not google

            This is not true… play store now requires you to give up your signing keys to google so they can sign the app themselves after injecting whatever they feel like. F-Droid does the same because they also compile your apps for you. Another reason some don’t trust F-Droid (or Signal, Tor and a bunch of other free/open source software for that matter) is that they received funding from OTF which is funded by the US government and some people don’t like that. And yes I know computers and the internet also came from the government /shrug

            I have no skin in this game, I am not intentionally trying to spread any FUD (but I realize some people will still claim so, they are free to do so), just relaying information I have seen elsewhere. Happy to provide sources if anyone likes.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        They have actually made a bunch of security enhancements to there systems and processes. You can look at the blog if you are curious.