Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
udev4096 8 days ago

Stop using F-droid. It is insecure and shouldn't be the primary way of installing apps. Stick to Aurora Store or Play Store

npteljes 8 days ago | parent | next [-]

I read your sources, and one, as a user, I'll let these people sort out their drama among themselves, two, the security issues of the apps that are downloaded I think are way higher potentially than the ones in F-Droid in itself. With these considerations, F-droid is fine as a way of installing apps. Just as fine as any other technically imperfect service, business, or product that we use daily. In fact, I consider it higher than average in quality.

vroomik 8 days ago | parent | prev | next [-]

Could you elaborate on that? Do you mean bigger possibility of apps containg malware or what?

udev4096 8 days ago | parent | next [-]

https://privsec.dev/posts/android/f-droid-security-issues/, the recent findings of bypass of certificate pinning [0], wireguard creator doesn't trust f-droid himself [1], continued harmful attacks to GrapheneOS devs [2] and a few more points regarding their build infra using a deprecated debian release.

[0] https://www.openwall.com/lists/oss-security/2024/04/08/8

[1] https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613...

[2] https://gitlab.com/ironfox-oss/IronFox/-/issues/7#note_22877...

Timshel 8 days ago | parent | prev [-]

The handling of the project appears quite troubling, the whole board resigned last year: https://gitlab.com/fdroid/admin/-/issues/447

orbital-decay 8 days ago | parent | prev [-]

Why is it insecure?