Comment on Nextcloud cries foul over Google Play Store app rejection
Wispy2891@lemmy.world 1 day agoYou get apps a couple days earlier
But it comes with a huge downside: if dev goes rogue or gets hacked, you could install a malicious version of the app that doesn’t match the source
9488fcea02a9@sh.itjust.works 17 hours ago
“If dev goes rougue”
Isnt that a risk for all app stores?
Wispy2891@lemmy.world 10 hours ago
For fdroid the app is compiled on fdroid servers when dev tags a new release on GitHub. So the app matches the source, it’s not possible to put a tainted APK to download
Now, if the malicious code is slowly added to the source over the course of an year like it happened with the xz utils, this won’t change the result, but it’s easier to do so with a compiled binary. Release clean source and infected binary, it will take a longer time to get caught
For the closed source app stores, on iOS there’s the manual inspection (which is not infallible especially if they timebomb or geofence the bad feature) and for Google there’s the automated inspection (which fails often seeing the news) that should find problems
9488fcea02a9@sh.itjust.works 9 hours ago
What if fdroid goes rogue or gets hacked?
I’m an fdroid user, but i often wonder if it is safer than google play store
Likelihood of google getting hacked/rogue is much lower than a small, community run volunteer project