this post was submitted on 13 Aug 2024
62 points (90.8% liked)

Privacy

31173 readers
335 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
62
Non toxic mobile privacy community (sh.itjust.works)
submitted 1 month ago by lord___vader@sh.itjust.works to c/privacy@lemmy.ml
64 comments fedilink hide all child comments
 

So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.

you are viewing a single comment's thread
view the rest of the comments
[–] lord___vader@sh.itjust.works 5 points 4 weeks ago (2 children)

F-droid acts as a trust for all the apps you download through it, which means if F droid is hacked, hackers can push fake update to all the apps. It is an issue, but not the biggest concern of average joe. Although F-droid should take it pretty seriously.

But I think hating on them is not the solution....

[–] JackbyDev@programming.dev 10 points 4 weeks ago (1 children)

Oh. Same is true for Google Play and literally every self updating app/program on the planet lmao.

[–] jet@hackertalks.com 2 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

For Google Play: Google has root on play devices which is a separate issue, but the apps are actually signed by their developers and not google.

[–] refalo@programming.dev 7 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

not google

This is not true... play store now requires you to give up your signing keys to google so they can sign the app themselves after injecting whatever they feel like. F-Droid does the same because they also compile your apps for you. Another reason some don't trust F-Droid (or Signal, Tor and a bunch of other free/open source software for that matter) is that they received funding from OTF which is funded by the US government and some people don't like that. And yes I know computers and the internet also came from the government /shrug

I have no skin in this game, I am not intentionally trying to spread any FUD (but I realize some people will still claim so, they are free to do so), just relaying information I have seen elsewhere. Happy to provide sources if anyone likes.

[–] jet@hackertalks.com 4 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

https://support.google.com/googleplay/android-developer/answer/9842756?hl=en#zippy=%2Capp-signing-key-requirements

Thats a good point, but it looks like they still let you use your own keys if you want to, but they even say 90% of apps let google sign on their behalf. yeah, ok, full trust with google then.

Before 2021 all apps used their own keys it seems

[–] refalo@programming.dev 2 points 4 weeks ago

Play App Signing is required for new apps.

Also now required is giving up your government identity document to google in order to keep publishing on the play store.

[–] possiblylinux127@lemmy.zip 3 points 4 weeks ago

They have actually made a bunch of security enhancements to there systems and processes. You can look at the blog if you are curious.