this post was submitted on 16 Oct 2024
14 points (100.0% liked)

Privacy

31609 readers
430 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
14
Thoughts on Obtainium and Aurora Store? (lemmy.ml)
submitted 9 hours ago by [email protected] to c/[email protected]
2 comments fedilink hide all child comments
 

I've looked through Obtainium source code a while back and there seems to be no hash verification whatsoever. Looks too susceptible to supply chain attacks to me.

I don't like that Aurora Store sends a list of installed applications to Google and the only way to stop it is to blacklist.

Is there an option that combines multiple sources together like Obtainium but contains automatic hash verification for added security (I am aware updates are protected by Android)? Something I can use to download non-FOSS apps from a mirror but make sure it's the APK from the Play Store?

top 2 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 2 points 9 hours ago (1 children)

If you're really paranoid about it, you can download AppVerifier and have Obtainium automatically send the downloaded apk to it and verify the sums before installing

[โ€“] [email protected] 2 points 9 hours ago

that's still a manual process for most apps I've tried