this post was submitted on 20 Mar 2024
48 points (84.3% liked)
Sync for Lemmy
15189 readers
2 users here now
๐
Welcome to Sync for Lemmy!
Welcome to the official Sync for Lemmy community.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Community Rules
1- No advertising or spam.
All types of advertising and spam are restricted in this community.
Community Credits
Artwork and community banner by: @[email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.
F-Droid has verified and reproducible builds.
On the Play Store or iOS App Store, though, anything goes.
Well this also assumes you trust fdroid but yeah
Eh I think that's fair. You don't have to trust fdroid per se, so much as trust that they're not collaborating with a specific developer. It's a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we're having here.)
Isn't the point of open source that you can check the code for yourself though? Can't do that with closed source
Have you?
Or are you just trusting someone else?
I trust LJ
Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It's just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It's just common sense.
You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can't do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.