this post was submitted on 10 Dec 2024
32 points (90.0% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
55016 readers
642 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
 |
 |
|---|---|
| Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Don't go with fdroid. Go with Obtainium. You can download apps directly from Github and it updates automatically. Smaller attack surface and it's one less hoop to jump through.
Why smaller attack surface? Bigger attack surface. For an attacker is way easier to hack a single developer and publish a malicious APK on their GitHub (or alternative) rather than hosting malware on the official fdroid repository.
The first just requires a phishing email (trojanize a random Dev with poor opsec, get his apk signing key and his browser cookies) while the second is way more complex (get full access to fdroid build servers)
The f-droid team goes through the source code and builds the app themselves before publishing. I think it's better to trust them. Obtanium is great, but only if the app is not on f-droid or f-droid is lagging behind updates.