this post was submitted on 26 Jul 2023
66 points (91.2% liked)

No Stupid Questions

36180 readers
925 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS
 

I'm note a programmer. I Don't Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can't someone integrate their own virus just because the code is open?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 22 points 1 year ago (2 children)

You mention the Google Play issue. That is an example of a disadvantage of closed source (Android is open, the Google Play Protect is not). Google Play Protect is essentially static code analysis. Think of it almost like antivirus. It tries to look for anomalies in the code itself. But it's not great. It can be tricked. And we don't even know how good it is or what kind of checks it does.

FOSS code has many people looking at it. You can compile it yourself. It's extremely unlikely for something that's remotely popular to have explicitly malicious code in it. Is it impossible? No. But just as you get folks deep diving video game code assets, you get people looking at code of many FOSS projects. Likely because they either want to contribute or make changes.

It comes down to it being easier to find malicious actors in FOSS. Its just more difficult to hide than closed source.

Why would you think closed source is any safer for any of the same reasons but worse? Closed source can just as easily (arguably more easily) steal your info (and many did but bury it in EULAs).

[–] Serinus 3 points 1 year ago (1 children)

I wouldn't assume there are many people looking at most open source code. And even if there are, it's not impossible to hide malicious code.

Just because people can review it doesn't mean they are reviewing it.

It does introduce more risk of discovery though. Malicious code is easier to find, and there will be at least a username associated with it.

[–] [email protected] 5 points 1 year ago

There are more people looking than there are elsewhere. And unless you're suggesting the authors as being malicious (which can happen), most FOSS is reviewed. Especially larger ones. You can tell by the number of contributors. Smaller projects will surely be an issue, but popular ones do get reviewed, simply because many people want to be able to contribute.

It's almost certainly more than proprietary though. Like, all these risks still apply to proprietary.

[–] [email protected] 1 points 1 year ago (3 children)

How come users don't have root access on Android even though Android is open?

[–] [email protected] 10 points 1 year ago

Because of the handset makers and wireless carriers (honestly more the latter than the former). It's not because of Google or Android.

[–] [email protected] 8 points 1 year ago (1 children)

Most phones use customized versions of Android and decide you shouldn't have root access. It opens up security issues and makes it easier to bypass ads and DRM which they don't like.

You can get it on some phones, including Google's.

[–] [email protected] -2 points 1 year ago (2 children)

But why is Android even called opensource when there are restrictions by Google? Isn't it a dangerous path when Google can decide to ban F-droid on the platform? What could stop them from doing that? How is the future of Android even guaranteed under such a greedy company like Google?

[–] [email protected] 6 points 1 year ago (1 children)

The Android source code is available, but unfortunately that doesn't mean that all phones are based solely on that source code. Almost all vendors (including Google) have closed-source additions to it.

There are indeed people who agree with you. I do in principle too, but I can't say this is something I think about much, which is probably how much people who even understand the issue feel. And most people don't have a clue the issue exists.

Google could ban F-droid on some phones, but not all. OEMs could overrule Google on such things with their custom Android builds, and even if they didn't, users could create their own ROMs to solve the issue for rooted devices.

[–] [email protected] 1 points 1 year ago

Alright, I think now I understand. Thank you for the answers.

OEMs as I understand are companies who make phones, they mostly care about profit and if there is an agreement in the future with Google or any corporation that would make them more money but restricts user control, they wouldn't care less and go for more money. And day to day users would not care about it if they can use their favorite apps and browse internet.

It seems like a wise idea to already think about making Android less and less reliant on a corporation. Especially looking at the recent example of Reddit, a sudden change or decision from companies is not impossible.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

And there are Android derivatives which are Google / PlayStore or Play Services free. Like Lineage OS, GrapheneOS, CalyxOS or /e/OS

[–] DeRp_DaWg 1 points 1 year ago (1 children)

Because the vast majority of users does not need root access.

[–] [email protected] 2 points 1 year ago (2 children)

Alright, but why does Google gets to decide that? Why not make it so that users can get the root access like they can get the developers mode unlocked? On top of that, doesn't them making it difficult or almost impossible to remove their apps defy the idea of opensource? How is Android even called opensource when the users have so much restriction put upon by Google?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

There is the Android Open Source Project (AOSP), and then there's Google's Android, which has both open and closed components (e.g. proprietary media codecs). There is such a thing as a pure, open-source Android, but what Google ships is not 100% open.

Think of it like Google's browser: AOSP is Chromium, the Android that comes with your phone is Google Chrome.

[–] [email protected] 1 points 1 year ago

Whether or not someone has admin has nothing to do with whether something is open source.