this post was submitted on 28 Jul 2023
38 points (95.2% liked)

Android

1886 readers
1 users here now

A place to discuss anything related to Android or Android adjacent.


INFO:


Check Out Our Partner Communities:

[email protected]

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (4 children)

Be aware that this is a closed source app, and since lemmy doesn't currently have proper oauth, that it could potentially be storing your login creds. Be very wary of any lemmy app that isn't open source.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

That said, this dev is a legend and has been around for over a decade. His reddit app was monetized directly through buying a pro version of the app.

[–] [email protected] 3 points 1 year ago (1 children)

I'm a big fan of trustless computing, which requires apps to be open source, or at the very least, source available.

Trust and security just don't mix in my eyes, since supply chain attacks are much easier when using a trusted platform vs a trustless platform, where it's still possible to perform a supply chain attack, but since there are more eyes on it, it is much harder.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

If it ever gets sold to a big corporation I'll feel the same way but as it stands it's been developed by one guy who has gained my trust over a decade.

I understand there are inherent risks in that and I approach it on a case by case basis.

[–] [email protected] 2 points 1 year ago (1 children)

A trustworthy person doesn't require you to trust them; they don't keep secrets from you, and are an open book. Beware anyone asking you to "just trust them", which is what the authors of all closed source software demand of you.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

I see your point but unfortunately I don't think his patreon can cover costs as well as a "premium" version of his app will. You know more about open source than me (obviously) so what would stop someone from taking his code and making a free app with the premium features? Are you against his entire business model, the nature of the code, or both equally?

For the record I am glad to see many good open source apps like Jerboa.

[–] [email protected] 3 points 1 year ago (1 children)

There's nothing preventing him selling the app or a premium version, while still open sourcing it. Free as in freedom, not as in beer. Open source makes no demands or says anything about how you choose to monetize.

Someone releasing a fork nowadays seems even more difficult than downloading an unlocked apk anyway. If they want your app for free, they'll get it.

[–] [email protected] 1 points 1 year ago

Your last point really does seal it actually. If people want it you can't prevent them from finding a way. But in this specific case I'll still support it since I'm sympathetic to how he was betrayed by a corporation.

[–] [email protected] 3 points 1 year ago (1 children)

An Open Source app that you don't compile yourself after reviewing the source code has the exact same risks.

There is no guarantee that the version of Jerboa you install from the Play Store corresponds to the source code you see on GitHub.

[–] [email protected] 4 points 1 year ago

It's also on f-droid, which does their own builds, and you could also compare the build with one you do on your own machine. So no, you don't have to trust me.

[–] [email protected] 2 points 1 year ago (1 children)

Is Lemmy planning on implementing a proper oauth down the road?

[–] [email protected] 1 points 1 year ago

There are some ideas for it, and a PR which puts some of them out there, but not anytime soon.

[–] [email protected] 2 points 1 year ago

Yeah, and also I left reddit not to use other proprietary software.