• Zagorath
    link
    fedilink
    English
    409 months ago

    I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.

    • @[email protected]
      link
      fedilink
      English
      389 months ago

      F-Droid has verified and reproducible builds.

      On the Play Store or iOS App Store, though, anything goes.

        • Zagorath
          link
          fedilink
          English
          29 months ago

          Eh I think that’s fair. You don’t have to trust fdroid per se, so much as trust that they’re not collaborating with a specific developer. It’s a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we’re having here.)

    • Tier 1 Build-A-Bear 🧸
      link
      English
      99 months ago

      Isn’t the point of open source that you can check the code for yourself though? Can’t do that with closed source

        • Tier 1 Build-A-Bear 🧸
          link
          English
          29 months ago

          Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It’s just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It’s just common sense.

      • Zagorath
        link
        fedilink
        English
        3
        edit-2
        9 months ago

        You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can’t do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.