• qyron@sopuli.xyz
    link
    fedilink
    arrow-up
    18
    arrow-down
    2
    ·
    1 year ago

    Not really.

    Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.

    The repository is also highly focused on privacy and security and will warn if applications have security flaws or depend on non free services.

    As an example, I use NewPipe instead of the standard YT app and it has a warning it depends on non-free services.

    One other example I can give is Librera. It’s a very feature rich ebook/pdf/etc reader. At some point, a security flaw was discovered and the app was instantly flagged has having such problems and users were advised to not install it.

    • karlthemailman@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.

      Reviewed by who though? Malicious apps even get through apple and Google’s screening. I can’t see how fdroid can match the capabilities of those guys.

      • Malicious apps can make it onto F-Droid as they can onto any app store. The biggest difference is that F-Droid compiles apps from the published source code rather than accent uploads from the developer directly. That means only apps with source available are installable by default, built from the source everyone else can read.

        If there’s any malware in these apps, the malicious code can be found in the public source code.

        There is a manual vetting process before an app is accepted into the repo which should detect shady behaviour but updates aren’t subject to this strict process, so it’s not a full fix.