this post was submitted on 11 Aug 2023
77 points (93.3% liked)

Open Source

31197 readers
206 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I've come to realize that a lot of foss android apps are pretty outdated and usually abandoned. Is that even safe to use? Like even the fdroid archive repository, are those safe to use? I'm still rather new to the foss world, but in my mind it seems a very outdated app is probably not safe or am I missing something here?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (2 children)

I look at the latest release date. At leisure time, I would also go and check repository and issue tracker to see whether something serious is being ignored. If it's crucial for business, I would spare time investigating the source code itself.

I would not necessarily say that many apps uploaded to F-Droid and other repositories are unsafe, because I don't have all that energy to audit anything I use. What helps me to stay on the safe side is reading into things - enclosed descriptions and names may look like a small factor to some, once they tread the sources, but it saves me both the time and trouble. Sloppily written stuff usually implies a sloppy code, a lax attention to details on the developer's side.

[–] [email protected] 2 points 1 year ago (2 children)

Good tips, these are exactly what I need. Like which repos do you check out; like github and gitlab?

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

Wherever the app's code is on. I usually go around finding the link in the store page or through the search engine. Most of the time, they end up on GitHub and GitLab, sometimes on Codeberg or other instance.

Paranoid section ahead: Don't blindly trust the issues list, closed or open, because there are still ways to permanently delete those, hence giving bad actor a way to hide evidence of the on-going security problem.

[–] [email protected] 8 points 1 year ago (1 children)

In F-Droid, there is always a link to the repo. In english it is probably something like "source (code)". It is in the collapsable menu under "Links".

[–] [email protected] 1 points 1 year ago

Thanks, I've just been doing by the apps version numbers and the last date it was updated

[–] [email protected] 1 points 1 year ago

Plus there should be some tools or scanners to look at the app for any potential dangers, like play protect, right?