this post was submitted on 13 Sep 2023
330 points (98.0% liked)

Asklemmy

42502 readers
1432 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
330
Whats your favorite free open source software that everyone should try? (midwest.social)
submitted 9 months ago by [email protected] to c/[email protected]
331 comments fedilink hide all child comments
 

Lemmy seems like the right place to ask this. Personally I've really enjoyed Gurgle, which is a FOSS Wordle clone app.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 9 months ago (8 children)

Try F-Droid instead.

[–] [email protected] -3 points 9 months ago (7 children)

F-Droid has many security vulnerabilities and has many issues such as:

  1. Hosting an outdated APK client.
  2. Utilizes an obsolete installation method.
  3. Does not take advantage of modern appstore features.
  4. Has no moderation.
  5. Has no old app deletion.
  6. Has an arbitrary FOSS only rule.
  7. Does all building and signing themselves.

If you want more details about these issues read this:

https://privsec.dev/posts/android/f-droid-security-issues/

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (6 children)

#2 can be solved by using one of several alternative clients with root permissions. Yes, manual APK install is tedious but not inherently insecure, and the only option for nonroot devices without an ADB host.

#4 is not really true. They are just very lenient, mostly just flagging apps with problems (known vulnerabilities, telemetry, non-FOSS services/assets/libs, ads).

#5, #6 and #7 are actually advantages. It's nice to know that all apps are FOSS and correspond to source, and I can install old apps / earlier versions on old phones – as opposed to Google Play, which denies an app’s existence if your device is incompatible, resulting in shady alternatives and adware typosquatters topping search results.

[–] [email protected] 1 points 9 months ago (2 children)

2 - Manual installation methods can be insecure because a lot of people don't update their apps all the time. Obviously rooting a phone is insecure, but having no auto updates in 2023 is crazy.

4 - It is very true, having zero quality control on new apps. The flagging of apps with problems is just following the FOSS philosophy. Any FOSS app can be added to F-Droid.

5 - Not sure why you would want to install abandoned apps on F-Droid, let alone use an EOL device. A lot of people don't check if apps are maintained because they trust their app store.

6 - FOSS doesn't automatically mean its secure or private. Also, why is it that I have to install proprietary apps only on the Google Play Store?

7 - FDroid signing keys isn't an advantage because it requires an extra layer of trust. I'm already trusting the developer by installing their app, so the developer should be signing the keys. This is a reason why Signal is not on F-Droid.

[–] [email protected] 3 points 9 months ago (1 children)

2 - You cannot really fix this unless an alternative F-Droid client is installed as a system app by the manufacturer, or they allow relocking the bootloader. Good luck convincing them.

5 - I can run anything of any age on my devices, accepting the security risk. I want to be able to factory reset and use one of my Android 4.4 phones with an unmatched speaker as an Internet radio receiver instead of throwing it out. F-Droid explicitly tells you how long it’s been since the last update and ranks old apps low in lists and searches.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

This is why Accrescent is amazing. It has automatic updates for Android 12+. Also leaving the bootloader unlocked is a security risk. Using stock or GrapheneOS (better option) on Android is best because you can lock the bootloader.

I don't mind Fdroid being around. If you're okay with the security risk, I have no problem. I've explained to you the security issues and the misinformation that people give that FDroid is secure. I was just explaining their security vulnerabilities and explaining why Accrescent is a much better option for installing apps.

[–] [email protected] 0 points 9 months ago (1 children)

The point of free software isn't security, but freedom. For people who want control of their computing, this is not an "arbitrary restriction" but rather a basic requirement. Just because you don't particularly care about a concern doesn't make it "arbitrary." I'm not a vegan or vegetarian but I don't complain about the "arbitrary restriction" of a plant-based diet.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

I think your thinking im against FOSS but you're not understanding. Many people in the FOSS community only care about privacy and ignore security. A developer can implement security benefits to FOSS but many people don't care to do it.

Accrescent is FOSS and it has much higher security benefits than F-Droid. Accrescent allows both open and closed sourced apps because there's no benefit being exclusive to having FOSS apps in their catalog.

If the user chooses to not use proprietary apps on Accrescent, they don't have to install them.

[–] [email protected] 2 points 9 months ago

It's a misconception to say that free software is "about privacy." Many people in the free software community care about having the four freedoms (the freedom to use, share, modify, and share modified copies). We don't like free software because we think it's more secure, we like it because it's free software. Freedom doesn't need a justification other than freedom itself.

For us, a catalogue offering only free software isn't an "arbitrary rule" that's the whole point. If F-Droid carries an app I know I have the four freedoms with that app, because they put in the work to verify that, by building the app according to their (relatively strict, not strict enough IMO) standards. Accrescent and Obtainium fans have different priorities, which is okay, but I don't understand why they spend so much time shitting on F-Droid and the free software movement.

Security is important in free software, but security in proprietary software is often user-hostile (for example, DRM and WEI). Often times the only way to regain freedom in a proprietary environment is to exploit a security hole, so sometimes we prefer that proprietary software actually not be very secure.

As for F-Droid's and the free software's community towards "old" apps, we understand that software does not lose value simply by being unmaintained. Of course, if something is particularly security-critical and/or has a large attack surface (for example an operating system or a web browser). I would stay away from anything unmaintained. That doesn't apply to all software, though.

load more comments (3 replies)
load more comments (3 replies)
load more comments (3 replies)