• karlthemailman@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.

    Reviewed by who though? Malicious apps even get through apple and Google’s screening. I can’t see how fdroid can match the capabilities of those guys.

    • Malicious apps can make it onto F-Droid as they can onto any app store. The biggest difference is that F-Droid compiles apps from the published source code rather than accent uploads from the developer directly. That means only apps with source available are installable by default, built from the source everyone else can read.

      If there’s any malware in these apps, the malicious code can be found in the public source code.

      There is a manual vetting process before an app is accepted into the repo which should detect shady behaviour but updates aren’t subject to this strict process, so it’s not a full fix.