Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t audit the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
I agree, at least partially. I do think that in most cases, this will actually protect not-so-tech-savvy users from installing spyware.
What i do not like is the “babysitting” approach which is now really bad on ios and android. They act like all users are babies who can’t be trusted with making their own decisions. If I trust the app developer and I am aware that it has access to all files and what that means, I should be able to decide to use my smartphone that way, not the billion dollar corporation behind the app store.
However Google can and should protect me by making this decision process easier and more informed, for example by showing what permissions are requested and maybe even a flag which indicates permissions that are not needed for any core functionality. I think that most users should be able to tell malicious permissions apart from actually needed ones.
My messaging app wants access to all my files? I don’t think so.
My popular open source file synchronization app requests the same? Sure, go ahead.
Because in the main repo of fdroid, the apps code is quickly eyed then packaged by the fdroid team from source (plus a quick virus scan. Google only does reputation check and use virus total (their android anti-virus and anti malware software), yes, the same virus total you can access as an app or webpage.
Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t audit the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
I agree, at least partially. I do think that in most cases, this will actually protect not-so-tech-savvy users from installing spyware.
What i do not like is the “babysitting” approach which is now really bad on ios and android. They act like all users are babies who can’t be trusted with making their own decisions. If I trust the app developer and I am aware that it has access to all files and what that means, I should be able to decide to use my smartphone that way, not the billion dollar corporation behind the app store. However Google can and should protect me by making this decision process easier and more informed, for example by showing what permissions are requested and maybe even a flag which indicates permissions that are not needed for any core functionality. I think that most users should be able to tell malicious permissions apart from actually needed ones.
My messaging app wants access to all my files? I don’t think so. My popular open source file synchronization app requests the same? Sure, go ahead.
Because most of them can’t.
Nextcloud is in the main repo
Huh?
What’s confusing?
Nextcloud is in the F-droid main repo
Its confusing that you didn’t say F-droid
I’m confused because I don’t understand why you’re telling me this.
Because in the main repo of fdroid, the apps code is quickly eyed then packaged by the fdroid team from source (plus a quick virus scan. Google only does reputation check and use virus total (their android anti-virus and anti malware software), yes, the same virus total you can access as an app or webpage.
He thought you were talking about the process of adding external repositories to fdroid while you were talking about having something scan the app