In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:
- https://privsec.dev/posts/android/f-droid-security-issues/
- https://xcancel.com/GrapheneOS/status/1883895255142932816#m
- https://github.com/obfusk/fdroid-fakesigner-poc
While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I’ve been hearing good words about F-droid in lemmyverse.
I am not good at assessing arguments, so I want to ask you guys for more aspects and information.
Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?
If you think that app is not collecting your data, you are totally naive.
Like I already wrote, I fully know that it is collecting data, thats why I’m giving it some bogus ones (like for example fake location), and some other valid one (like for example my device id and IP when I use it) that I did agree to give in exchange for protecting my bank account from being hijacked and other.
Other than that it collects nothing more at least nothing active. Why do you ask? Because bank app have background internet access denied so it can only connect to internet when it is in foreground. Yes, it could run some periodical task in background, store that data on disk and send it only when active but that’s something that facebook would definitely do. While I agree that a lot of shitty apps do that, I doubt that bank will try to risk gdpr breach (that would hurt them monetairly in many ways) over some useless data that they could access.
On top od that I have have network traffic monitor always on screen so I see when something is using network and howuch, ans that it stays flat 0 when I use offline apps, that gives me confidence that nothing is actively sending data to network.
And yes, I already once closed my bank account because of a shitty app, so I know what I’m saying.