In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:
- https://privsec.dev/posts/android/f-droid-security-issues/
- https://xcancel.com/GrapheneOS/status/1883895255142932816#m
- https://github.com/obfusk/fdroid-fakesigner-poc
While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I’ve been hearing good words about F-droid in lemmyverse.
I am not good at assessing arguments, so I want to ask you guys for more aspects and information.
Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?
I actually take it even one step farther than that. I don’t want a bank app on my phone because it’s proprietary and I don’t know what it’s doing. So I only access my bank through the web browser.
I use bank app for contactless payments. But the bank app have no other permissions, even location is fake.
The one good thing about banks is they make these little plastic rectangles with metal chips in them that you can insert into a device at the terminal in order to pay for your stuff. No bank app required.
At least in the United States, these little plastic rectangles have a series of 16 numbers on them, followed by a date and a year and a three digit code.
Those plastic rectangles doesn’t have any security against range extend attacks so they can steal money from you and you would be plain unaware and defenses. While phone or watch will only enable contactless payment on demand making it way safer. And you can pay with contactless payment everywhere in Poland while you sometimes can’t pay with inserting physical card on some automated devices as there is no where to insert that card, you can only use contactless feature of that card.
Not to mention those plastic rectangles cost yearly or sometimes even monthly, while app is 100% free. And if the app at any point in time do anything that I didn’t agree in the agreement and/or bypass any permissions I didn’t grant them there will be hell to pay for them.
But maybe I’m wrong, I don’t know…
If you think that app is not collecting your data, you are totally naive.