First, f-droid only accepts OSS apps, so the incentives for spyware is simply not there. Second, anti-features are explicitly marked on f-droid. Third, f-droid apps are curated like a very rigorous linux repo.
Being an OSS app is not sufficient protection. Most OSS apps aren't terribly misbehaved, but some are. Being OSS in and of itself is not anything like a guarantee with this sort of thing.
> Third, f-droid apps are curated like a very rigorous linux repo.
Yes, I know. My question is is this one of the things they're screening for?
packages on f-droid list all required permissions explicitly, and the mentioned permission seems to be listed as "query all packages: Allows an app to see all installed packages.". It doesn't mark the app as having "anti-features", but you can at least make a more informed decision this way.
That's pretty cool, but the article says that most apps that are doing this sort of thing aren't using the query all packages permission and instead are using the facility to provide a specific list of apps they're checking for, which is not permission-gated.
> It doesn't mark the app as having "anti-features"
I suppose they must be too busy ticking off "anti-features" like "can communicate with non-Free services" to notice that sort of thing.
(No, really. F-Droid will tag applications like a Mastodon client as having "anti-feature: Non-Free Network Services", presumably because it can be configured to connect to servers running non-free software?)
How does that address the problem? Does F-Droid do some sort of additional screening to keep out apps that do this?
First, f-droid only accepts OSS apps, so the incentives for spyware is simply not there. Second, anti-features are explicitly marked on f-droid. Third, f-droid apps are curated like a very rigorous linux repo.
Being an OSS app is not sufficient protection. Most OSS apps aren't terribly misbehaved, but some are. Being OSS in and of itself is not anything like a guarantee with this sort of thing.
> Third, f-droid apps are curated like a very rigorous linux repo.
Yes, I know. My question is is this one of the things they're screening for?
1 reply →
packages on f-droid list all required permissions explicitly, and the mentioned permission seems to be listed as "query all packages: Allows an app to see all installed packages.". It doesn't mark the app as having "anti-features", but you can at least make a more informed decision this way.
That's pretty cool, but the article says that most apps that are doing this sort of thing aren't using the query all packages permission and instead are using the facility to provide a specific list of apps they're checking for, which is not permission-gated.
4 replies →
> It doesn't mark the app as having "anti-features"
I suppose they must be too busy ticking off "anti-features" like "can communicate with non-Free services" to notice that sort of thing.
(No, really. F-Droid will tag applications like a Mastodon client as having "anti-feature: Non-Free Network Services", presumably because it can be configured to connect to servers running non-free software?)
My daily driver has minimal apps, most from F-Droid. An old iPad on my IOT network has any other apps needed.