this post was submitted on 18 Jan 2025
26 points (100.0% liked)
Privacy
32796 readers
1319 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's what Arthur describes: you're comparing from my point of view two non issues against each other.
If you don't have the profile that either warrants:
And that being worth it instead of just getting you personally is a very specific threat model where I lack the fantasy on what would warrant that.
Or to give the relevant xkcd:
https://xkcd.com/538/
And to answer your specific question: I personally went with keepass2android and have neither issues nor concerns so far.
Another issue with Google Play is that there's nothing stopping the developer from pushing out an update that doesn't match the published source. It isn't tied to GitHub or anything.
Developers with apps on Google Play are frequently targeted with buyout requests from scammers looking to get malware to an existing user base. Or even if it's not explicitly malware, it could be closed-source.
For example, the "Simple Mobile Tools" app developer sold their apps a year or two ago. Now they have ads, in-app purchases, and god knows what else. If you had installed them from Google Play, you would have received these updates automatically. Those new versions don't exist on f-droid, naturally. Anyone who was using them should really uninstall them and install the "Fossify" forks from f-droid.
Every developer ID publishing on Google Play is potentially for sale. There are no real safeguards against this, and you might never know. At least with F-Droid it's verified as open source and malicious (or just plain crappy) updates can be identified and dealt with, either by f-droid maintainers or by end users.
Oh yeah I agree with that and s good point! Google Play Store is convenient but... Well I circumvent it where possible, more due to the tracking mania but your points added to my sensitivity,so thank you!