this post was submitted on 17 Feb 2024
524 points (100.0% liked)
196
16408 readers
1680 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Jerboah is also very recently updated.
Btw fdroid just builds the apps. It is often better to use the APKs from the release pages of github etc. so that you only need to trust the devs. It is also way better for security as FDroid uses the same signing key for every single app.
Obtainium works okay for that, you enter the URL and it finds a lot of sources. It is completely overcomplicated though.
I'm not sure I agree on the trust thing. I prefer to trust a single source of curated apps, rather than many individual developers. I like to imagine that f-droid would remove a malicious update before it gets to my phone.
Nobody reads the source code of those apps. Thats basically an audit, and it may happen sometimes, but it is not a requirement for F-Droid.
They do some general tests, but the "antifeatures" are either by the officially stated permissions or by opt-in in the F-Droid submission. Creators/packagers often state the reason for the antifeature in the README, which means they are the person placing the tag, or know the process.
Google Play has sometimes good, sometimes bad requirements too. Those APKs are signed by developers, but the final product also by Google afaik, its some mix.
You need to trust the devs anyways, thats the point.