• elbowgrease@lemm.ee
    link
    fedilink
    arrow-up
    16
    arrow-down
    2
    ·
    1 year ago

    I’ve always had a niggling worry that downloading apps from 3rd party app stores came with a higher risk of getting apps with viruses and spyware.

    any truth to this?

    • qyron
      link
      fedilink
      arrow-up
      19
      arrow-down
      2
      ·
      1 year ago

      Not really.

      Fdroid is a secure repositorie and the applications are reviewed before being made available for end users.

      The repository is also highly focused on privacy and security and will warn if applications have security flaws or depend on non free services.

      As an example, I use NewPipe instead of the standard YT app and it has a warning it depends on non-free services.

      One other example I can give is Librera. It’s a very feature rich ebook/pdf/etc reader. At some point, a security flaw was discovered and the app was instantly flagged has having such problems and users were advised to not install it.

    • transientDCer@lemdro.id
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      The benefit of open source apps is anyone can view the code to see if there is malware or other installed.

    • dmrzl@programming.dev
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      1 year ago

      What I can tell you is that Google was extremely detailed in their monitoring of my apps - even looking up e.g. rate limits of the steam api to check if I properly deal with those. And I pick that example since I don’t want to talk about the ways I mishandled user data out of negligence or ignorance.

      Back then I perceived it as harassment. Today I will certainly not install any apps that didn’t pass their testing.

      And we’re not even talking about deliberate malware but simple incompetence. I would consider the average hobby app project to be borderline malware and a proper QA needs qualified personnel. I don’t see how F-Droid can ever reach those standards.

      • argv_minus_one@beehaw.org
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        1 year ago

        Play’s reputation for being full of malware stands directly at odds with your assessment.

        Hobbyists are rarely incompetent. They actually take pride in their work, and aren’t just trying to quickly slap something together for a quick buck.

        Not sure what gave you the impression that most phone apps have gone through professional QA, but I very seriously doubt that they have.

        As for mishandling user data, it’s a lot easier to avoid doing that when user data never leaves the user’s device in the first place. Proprietary apps collect user data for profit; free and open source apps often don’t.

    • MrSqueezles@lemm.ee
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      Even small companies have to deal with, “supply chain”, attacks, criminals putting code into open source repositories to steal data and get access to servers. App stores are major targets too.

      There have been weather apps that need your location to show you weather and oops we also send your location history to our data center in China and sell that data.

      There have been, “document scanner”, apps that help you take pictures of things like credit card statements and did we not mention we send those images to Russian servers?

      Do use a major brand phone like Samsung, keep your OS up to date, and don’t expose private info to these apps or give them special privileges, especially, “accessibility”, or, “screen reader”, and you should be okay.