I have switched everything to privacy alternatives is it safe to delete my Google account or is it needed for some android features also if I delete my account does Google delete all my data if not, can I request the deletion of my data under the GDPR

  • ZinQ@lemmy.ml
    1·
    2 days ago

    “Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards.” This is what PrivacyGuides says. Also you have Appverifier integration in Obtainium which verifies signatures or smth, I know it’s a lot better than comparing hashes

    • WhyJiffie@sh.itjust.worksEnglish
      1·
      10 minutes ago

      Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates.

      there were several statements in that article that lead me to believe it wasn’t revised in many years. yes, they had some difficulties just a few weeks ago, but otherwise that doesn’t occure often anymore. also they are working on replacing the build system with something better, if google does not kill them first

      F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust

      trust is not in package IDs, should never be. packge IDs can be easily “faked”. trust should be in the apk signature. sometimes not even that, like with google play, where the keys are handled not by the developer but by google.
      but yes, they do reuse package IDs, because they cannot patch every app that does not provide an fdroid build variant, doing so could break apps. what it causes today is that you can’t have installed the fdroid version and a different version of the app.

      and since f-droid focuses increasingly on reproducible builds, as they have been doing for the past few years, apps that are built that way are not even affected by this, because users get the file that was built by the original developers.

      Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play,

      I disagree. the play store allows and recommends lots of malicious apps.

      meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards."

      so those apps must be made inaccessible to all users, right? NO! these apps should have a warning, not being deleted!

      Also you have Appverifier integration in Obtainium which verifies signatures or smth

      this?
      contrary to f-droid’s build system it does not look for fishy things in the APK, it just checks whether the app was built by its expected developer. that’s what the apk signature can be used for.
      sometimes it’s useful, like if you get the apk file from wherever, except when the developer’s signing keys are handled by google, because then google can release altered versions that still pass the verification. but it does nothing to check whether it has tracking components that would be rejected by f-droid.

      I know it’s a lot better than comparing hashes

      thats what appverifier exactly does. it compares the hashes of the apk’s public signing key with a known good value.