this post was submitted on 08 Dec 2023
22 points (100.0% liked)

Free and Open Source Software

17901 readers
1 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

@foss In reference to this post- https://lemmy.ml/post/6374732

For Molly, I kept seeing this popup by Google when downloading Molly FOSS from fdroid.

Should I be concerned? What should I do to ensure I am downloading Molly from a trusted source if Fdroid isn't an ideal place (due to misleading names as depicted in the referenced post)?

all 12 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 11 months ago (2 children)

This is kinda like Windows with the "We don't recognize this application" message. Letting it scan will probably just help other users avoid this annoyance in the future. You can also shut off play protect from the play store settings.

[–] [email protected] 3 points 11 months ago (1 children)

It still does this with app scanning turned off, unfortunately.

[–] [email protected] 4 points 11 months ago* (last edited 11 months ago)

Oh, wow, that's absolute bullshit from Google in that case.

[–] [email protected] 2 points 11 months ago

Yeah, I have it turned off by default.

[–] [email protected] 17 points 11 months ago (1 children)

Play Protect gives a lot of false positive warnings for me, and I usually just ignore them

FDroid is one of the safest, but you may need to go into settings -> repositories to check which repos are being used. What is checked off when you do that?

[–] [email protected] 6 points 11 months ago

The repo a specific app comes from can also be checked by opening the list of versions, then clicking on one of the versions to show the details.

[–] [email protected] 13 points 11 months ago (1 children)

Of course, google is trying to dissuade you from using other app stores, nothing more. You might be able to download and install it from GitHub using obtainium if you really want to verify the origin of the app.

[–] [email protected] 16 points 11 months ago* (last edited 11 months ago) (1 children)

Eh, I think there's definitely some legitimacy to doing a virus scan for applications with unrecognised signatures

Not everyone knows how to (or even can for many apps) manually verify the authenticity of their apks

And plenty of non-technical people will just install random shit from the internet without thinking

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

And yet most malware comes from the Play store.

[–] [email protected] 4 points 11 months ago

This BS is one of the last straws pushing me away from Google.

Running DivestOS, you can install MicroG as a user app in a secondary profile. So it runs only when you want it to. You can install play store there too, and again it only runs when you want it to.

That should limit this nonsense until I can replace my paid for apps with something else.

Shut up Google. Most malware comes from the play store.

[–] [email protected] 3 points 11 months ago

It's fine if you downloaded it from official place. Sometimes warnings are shown for apps which are patched or forked from original. If it's the offical place then don't worry