| ▲ | pxc 4 hours ago |
| F-Droid is in fact what an app store concerned about user safety looks like. Nobody gets hoodwinked into installing apps that track them or sell their data or otherwise abuse them on F-Droid. |
|
| ▲ | throwaway85825 4 hours ago | parent | next [-] |
| It is yes. Their build system is somewhat arcane and difficult so some apps dont get updated from the git repo though. It could use some polish. |
|
| ▲ | selectively 4 hours ago | parent | prev [-] |
| This is non-technical. F-Droid is horrible. https://privsec.dev/posts/android/f-droid-security-issues/#5... F-Droid has not meaningfully improved since that piece was written, either. No one should use F-Droid. |
| |
| ▲ | rpdillon 3 hours ago | parent | next [-] | | That article's premise is that the Android security model is something that I want. It really isn't. The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository. | |
| ▲ | yjftsjthsd-h an hour ago | parent | prev | next [-] | | Can you describe the threat model / specific attack under which... any of the supposed flaws on that page matter? (Most of the particular section you've linked appears to be about extra defenses that could be added, but which are unlikely to make a difference in the face of Android's TOFU signature verification on installed APKs.) | |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
|
