| ▲ | lukeschlather 8 hours ago |
| All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware. |
|
| ▲ | hasperdi 8 hours ago | parent | next [-] |
| I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscated |
| |
| ▲ | lukeschlather 8 hours ago | parent | next [-] | | F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid. | | |
| ▲ | silver_sun 7 hours ago | parent [-] | | Users don't have to wait 24 hours because Google Play store already has registered developers. Scammers can be held liable when Google knows who the developer of the malicious app is. | | |
| ▲ | xp84 5 hours ago | parent [-] | | Really though? Who is in jail right now for Play Store malware offenses? Or are we just talking about some random person in China or Russia who signed up with a prepaid card and fake information had their Google account shut off eventually. |
|
| |
| ▲ | collabs 8 hours ago | parent | prev [-] | | I think compared to the alternatives, this is the best answer. Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public. |
|
|
| ▲ | staticassertion 8 hours ago | parent | prev [-] |
| That's absurd. |
| |
| ▲ | RobotToaster 8 hours ago | parent | next [-] | | No more absurd than letting a megacorp control what I install on my own device. | | |
| ▲ | staticassertion 6 hours ago | parent [-] | | Instead the megacorp forces open source licensing, which doesn't solve any of this shit anyway lol |
| |
| ▲ | array_key_first 7 hours ago | parent | prev [-] | | It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware. | | |
|
