In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:
- https://privsec.dev/posts/android/f-droid-security-issues/
- https://xcancel.com/GrapheneOS/status/1883895255142932816#m
- https://github.com/obfusk/fdroid-fakesigner-poc
While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I’ve been hearing good words about F-droid in lemmyverse.
I am not good at assessing arguments, so I want to ask you guys for more aspects and information.
Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 3.78K Posts
- 95.7K Comments
- Modlog
Wrong, F-Droid is and has libre software. We control it.
Meanwhile, GrapheneOS has Accrescent spreading software which fails to include a libre software license text file, software we do not control, dangerous!
Tech talk is a confusion strategy to derail us and ‘open source’ is another. With it, their scam cannot get more blatant.
Warning, Accresent from the GrapheneOS Store does this and Privacy Guides does this too, smuggling it mixed in with good information, so always think for yourself. This is one of the few ways to trick us that sometimes actually works, so watch out for it.
Can we use GrapheneOS with F-Droid and without Accrescent? Yes.
Aurora Store (libre) replaces the Google Store app (anti-libre) but spreads other anti-libre software, harm reduction but not harmless.
Obtainium does nothing to check apps are libre software.
Why does including a text file have anything to do with control?
Not any text file. Read that again.
I did I must be missing something…
Also what is “Accrescent spreading software”? I searched for it and it looks like it’s just an app store like f-droid?
Not any software. Read more than half a sentence.
Ok, I’ve been trying to understand what you mean and one-line snarky replies are not helping your case.
Let’s be careful to remember that there are different levels of effort and understanding required for different levels of security and privacy. GrapheneOS has taken the approach of offering harm reduction, with sane defaults and options that allow advanced users to take near-complete control over their device (within the limits of the Pixel hardware). This is obvious by their inclusion of the sandboxed Google Play Store as a major feature of the OS, as it is much better than the situation on Google’s Android. It is also not installed by default, forcing users to at least somewhat educate themselves in order to install it.
Accrescent is right in line with this philosophy, and is also not installed by default. Of course if your threat model (or desire) is to achieve the highest level of online anonymity and to have a completely FOSS system, you should not use it… of course you probably shouldn’t use FDroid either, in that case, and should build from source. However, you are clearly in a situation where your threat model does not require those lengths, and FDroid is more of a principled choice.
I think its pointlessly inflammatory to call Accrescent “dangerous” just because it allows for non-FOSS software. Now if you want to criticize whether or not it is fulfilling its stated goals, that is another story.