this post was submitted on 20 Mar 2024
48 points (84.3% liked)

Sync for Lemmy

15189 readers
2 users here now

๐Ÿ‘€


Welcome to Sync for Lemmy!

Download Sync for Lemmy


Welcome to the official Sync for Lemmy community.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Community Rules


1- No advertising or spam.

All types of advertising and spam are restricted in this community.



Community Credits

Artwork and community banner by: @[email protected]


founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 40 points 9 months ago (2 children)

I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.

[โ€“] [email protected] 38 points 9 months ago (1 children)

F-Droid has verified and reproducible builds.

On the Play Store or iOS App Store, though, anything goes.

[โ€“] [email protected] 4 points 9 months ago (1 children)

Well this also assumes you trust fdroid but yeah

[โ€“] [email protected] 2 points 9 months ago

Eh I think that's fair. You don't have to trust fdroid per se, so much as trust that they're not collaborating with a specific developer. It's a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we're having here.)

[โ€“] Tier1BuildABear 9 points 9 months ago (2 children)

Isn't the point of open source that you can check the code for yourself though? Can't do that with closed source

[โ€“] [email protected] 5 points 9 months ago (1 children)

Have you?

Or are you just trusting someone else?

I trust LJ

[โ€“] Tier1BuildABear 2 points 9 months ago

Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It's just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It's just common sense.

[โ€“] [email protected] 3 points 9 months ago* (last edited 9 months ago)

You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can't do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.