Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t verify the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
I agree, at least partially. I do think that in most cases, this will actually protect not-so-tech-savvy users from installing spyware.
What i do not like is the “babysitting” approach which is now really bad on ios and android. They act like all users are babies who can’t be trusted with making their own decisions. If I trust the app developer and I am aware that it has access to all files and what that means, I should be able to decide to use my smartphone that way, not the billion dollar corporation behind the app store.
However Google can and should protect me by making this decision process easier and more informed, for example by showing what permissions are requested and maybe even a flag which indicates permissions that are not needed for any core functionality. I think that most users should be able to tell malicious permissions apart from actually needed ones.
My messaging app wants access to all my files? I don’t think so.
My popular open source file synchronization app requests the same? Sure, go ahead.
Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t verify the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
Nextcloud is in the main repo
Huh?
What’s confusing?
Nextcloud is in the F-droid main repo
I’m confused because I don’t understand why you’re telling me this.
He thought you were talking about the process of adding external repositories to fdroid while you were talking about having something scan the app
I agree, at least partially. I do think that in most cases, this will actually protect not-so-tech-savvy users from installing spyware.
What i do not like is the “babysitting” approach which is now really bad on ios and android. They act like all users are babies who can’t be trusted with making their own decisions. If I trust the app developer and I am aware that it has access to all files and what that means, I should be able to decide to use my smartphone that way, not the billion dollar corporation behind the app store. However Google can and should protect me by making this decision process easier and more informed, for example by showing what permissions are requested and maybe even a flag which indicates permissions that are not needed for any core functionality. I think that most users should be able to tell malicious permissions apart from actually needed ones.
My messaging app wants access to all my files? I don’t think so. My popular open source file synchronization app requests the same? Sure, go ahead.
Because most of them can’t.