I am on GrapheneOS, but this concerns Android as a whole. From the options of Fdroid and GitHub (Obtainium) which is the safest way to install an app?
From the GrapheneOS forums, I see many people recommending GitHub over Fdroid as it is straight from the source. I know its true, but if a developer adds a ‘not-so-safe’ piece of code or introduces tracking, Obtainium would automatically update my app without letting me know about the changes. But from what I have seen from Fdroid they usually pause or cancel the update or app if these changes were to take place (Example, Simple Gallery or Mull for Android).
So I am confused. Whom should I trust more, Fdroid with their own app builds or the Developers on GitHub?
Also I have seen that Obtainium when used with a VPN to fetch app updates, will get rate limited by GitHub. Also I don’t really like GitHub as a code repository, with their tracking and rate limiting. I don’t know if Fdroid tracks user.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.39K Posts
- 111K Comments
- Modlog
Whatever the app developer recommends. Obtainium directly from the developer repo or F-Droid when they officially support it. Depends if you want the latest version sooner, then the former.
You can turn off auto-update from both.
If you are questioning if the developer is malicious, why are you using their app?
Obtainium is more so if you don’t want any middle man and know the app you are downloading. If you want more checks, I suppose F-droid will provide some.
Why wouldn’t you question every developer?
No one said blindly. But why would you use the app if you don’t have trust.
Because if I only used apps from trusted developers, I wouldn’t use any apps at all. What reason do you have to trust them? Are they all made by your personal friends?
So then you trust the app enough that it provides the function you need from it? Trust doesn’t have to be an all or nothing ordeal.
It doesn’t have to be, but it should be.
I can trust an app to provide the needed functions, that doesn’t mean it doesn’t also perform other functions that I don’t need or want, and may potentially be malicious. And that can be literally any app that you haven’t personally reviewed the code and compiled.
When it comes to the developer recommendations, usually they would have a github page where they hosts their code. So most of the time they would recommend either fdroid or github releases equally.
Also, we cannot be sure of what happens in the future. The thing that is we cannot predict an enshitification.