answer recurrent question

2022-07-13 15:37:30 +02:00 · 2022-07-13 15:37:30 +02:00 · eb440fd4ec
commit eb440fd4ec
parent eab7b057f5
1 changed files with 4 additions and 0 deletions
--- a/content/posts/fdroid-issues.md
+++ b/content/posts/fdroid-issues.md
@ -180,6 +180,10 @@ For most people, I'd recommend just **sticking with Play Store**. Play Store isn

 As explained above, it doesn't matter as you shouldn't really rely on any quality control to be the sole guarantee that a software is free of malicious or exploitable code. Play Store and even the Apple App Store may have a considerable amount of malware because a full reverse-engineering of any uploaded app isn't feasible realistically. However, they fulfill their role quite well, and that is all that is expected of them.

+> With Play App Signing being effectively enforced for new apps, isn't Play Store as "flawed" as F-Droid?
+
+I've seen this comment repeatedly, and it would be dismissing all the other points made in this article. Also, I strongly suggest that you carefully read the sections related to Play App Signing, and preferably the official documentation on this matter. It's not a black and white question and there are many more nuances to it.
+
 > Aren't open-source apps more secure? Doesn't it make F-Droid safer?

 You can still find and get your open-source apps elsewhere. And no, open-source apps [aren't necessarily more private or secure](https://seirdy.one/2022/02/02/floss-security.html). Instead, you should rely on the strong security and privacy guarantees provided by a modern operating system with **a robust sandboxing/permission model**, namely modern Android, GrapheneOS and iOS. Pay close attention to the permissions you grant, and avoid legacy apps as they could require invasive permissions to run.