The only app I can’t live without. Except for gboard, all of my applications are Foss. There is no competition for gboard’s swipe typing, not to mention its many capabilities like as searching for gifs, stickers, being able to paste copied images, translating, and so on. I’d like to know how I can use gboard while maintaining my privacy. According to what I’ve heard, it sends all typing data to Google’s server. If you ask me, that’s a massive no-no. Do you have any suggestions?

    • N-E-NEnglish
      811 months ago

      Any chance u can explain how Neo Store is more secure?

    • @milicent_bystandr@lemm.eeEnglish
      311 months ago

      I read through that article, and though I don’t have the time or knowledge to properly critique it, I found quite a lot of it unconvincing.

      It’s one thing to agree there are potential issues, but the article seemed to jump a bit too easily, via rhetoric more than logic, to “therefore it’s unsuitable” and similarly to “the other ones are better”.

      (Disclaimer: I only know mildly what I’m talking about!! If whoever reads this is interested, I hope you can follow the details to their source and get involved in the proper discussion for improving f-droid and/or encouraging another respiratory client.)

      • @argv_minus_one@beehaw.orgEnglish
        111 months ago

        A tempting idea would be to compare F-Droid to the desktop Linux model where users trust their distribution maintainers out-of-the-box (this can be sane if you’re already trusting the OS anyway), but the desktop platform is intrinsically chaotic and heterogeneous for better and for worse. It really shouldn’t be compared to the Android platform in any way.

        This is, quite frankly, borderline misinformation. Malicious packages in Linux distributions are unheard of. Malicious apps in the allegedly-more-secure Google Play, on the other hand, are a dime a dozen.

        The downplaying of the importance of reproducible builds further diminishes my opinion of this piece.

        I’m going to go ahead and continue using F-Droid, thanks.

    • @argv_minus_one@beehaw.orgEnglish
      011 months ago

      A tempting idea would be to compare F-Droid to the desktop Linux model where users trust their distribution maintainers out-of-the-box (this can be sane if you’re already trusting the OS anyway), but the desktop platform is intrinsically chaotic and heterogeneous for better and for worse. It really shouldn’t be compared to the Android platform in any way.

      This is, quite frankly, borderline misinformation. Malicious packages in Linux distributions are unheard of. Malicious apps in the allegedly-more-secure Google Play, on the other hand, are a dime a dozen.

      The downplaying of the importance of reproducible builds further diminishes my opinion of this piece.

      I’m going to go ahead and continue using F-Droid, thanks.

        • @argv_minus_one@beehaw.orgEnglish
          111 months ago

          From your quote: “It really shouldn’t be compared to the Android platform in any way.”

          I quoted that because it’s part of the borderline misinformation. Security is security. Malware is malware. Android isn’t magical and neither is desktop Linux. They absolutely can be meaningfully compared.

          And where exactly does it downplay reproducible builds ? “reproducible builds are not as common as we would have wanted.”

          Ah, you’re right. I misread that part, sorry.

          I’m just trying to spread security awareness.

          So am I. I’m an ornery old Linux nerd and security snob. I’d excise all proprietary software from my home and office if I could, precisely because it has such an appalling track record and the blatantly unnecessary attack surfaces of DRM and telemetry.

          Can F-Droid be more secure than it is? Sure. Do the issues described in this paper mean F-Droid is so rampantly insecure that even Play is safer? Absolutely not.

          By the way, I’m not sure I understand how Neo Store is supposed to be more secure, as it’s supposedly just an alternative UI for F-Droid. As for Obtainium, it’ll protect you from malfeasance or compromise on the part of the F-Droid repository, but it won’t protect you from malicious app developers, and unless I’m mistaken, the latter is a much more common threat.