this post was submitted on 13 Sep 2024
82 points (98.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54609 readers
578 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thats not a random apk
I understand the developer may be known and trusted
But I do not have the expertise to do my own thorough code review
If that's of your concern, you can't download the play store version either. It is the same app, has the same signature.
Excuse my ignorance and correct me if I'm wrong
But does the play store not do some sort of scanning itself?
Even worse. Many apps have google signature instead of the developers. They upload their key and give it to google. Horrible practice. Nowadays, fdroid gravitates towards reproducible builds with the dev's own signature and google is going the other way round. Gravitating towards an unsafe "best practice" ...
Potentially, but that doesn't really matter, as you can match the signatures of the two versions and see that they are the same. You cannot fake that and have one version have different code, it's not possible.
Thanks for the insight :)