this post was submitted on 10 Feb 2024
395 points (99.5% liked)

Open Source

31422 readers
12 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 9 months ago (1 children)

100% agree. I've always been shocked to see people claiming that automatic app updates are good for security. Having stuff being installed in the background on your device without your knowledge is good for security?

I understand the "we roll out an important security update and it quickly updates for all users" situation. However, I still want to chose what you install on my device. Look at what just happen with Simple Mobile Tools, how many unaware Google Play users now have spyware installed on their phones?

[โ€“] [email protected] 1 points 9 months ago

I think a pretty good solution for this, specific to mobile, is to require users to approve an update when permissions have changed. Most non technical users don't understand old software can contain security issues, they purely view updates as new bells and whistles. If these apps are actually malicious, they aren't going to include their new keylogger in the release notes nor release on fdroid. I think automatic updates for the predominantly non technical population is still safer.