@pell What kind of access? F-Droid doesn’t need any?
Installing fdroid required giving it all kinds of permissions: access to the file system, access to the network, control of the phone's ability to go into rest mode, etc.
@pell When installing an APK manually it tells me what permissions it needs. F-Droid said it needed no permissions, and if I look in "app permissions" settings, F-Droid does not have storage permission turned on.
Network / Internet permission is not listed on FairphoneOS (Android 7.1) at all. What is your Android version?
I guess maybe its an old version of android, where all permissions are granted and then the user has to turn off any they dont wish the app to have?
Can see the full list of permission, including those that arent considered 'dangerous', so no ability for users to deny, by looking in #FDroid at the app.
Heres the permission details for FDroid, viewed in Fdroid
@dazinism @colomar @pell Ohh, I remember what those are for. The new F-Droid supports locally sharing files with people you're near, so it needs a bunch of communication and location-related privileges. Other than your location provider (Google, probably), no one else gets your location when this is used.
Its also the case for apps with an old Target SDK (indicates which version of Androids features are used) but I think most maintained apps will now have a Target SDK with permissions granted as the app requests them, rather than at install time.
I used to have CopperheadOS on my phone, before they imploded, which used a obscure AOSP build option (apparently only otherwise used in Android watches?) that on older Target SDK apps, would give users options to … 1/2
…deny any/all dangerous permission on first app use, rather than them being automatically granted at app install time.
Copperhead also made network access, and sensors access dangerous permissions, with user control.
Pity it imploded, though the developer continues outside the company and has inspired other new projects
"There's a part of me that's nervous giving a third-party app that kind of access to my phone."
I'd be much more worried about the access that Google, phone manufacturers & possibly phone network operators have from all the spy/bloat ware they put on android phones.
I got a cheap android phone a year back for a job I was doing, checked out what it was up to in the thread....
You could even have a "dumb" phone and your cell carrier will still sell your location through cell tower triangulation. If you have a smartphone they can just use GPS (usually). (See: LocationSmart)
You have 0 options for a private/secure phone unless you use it exclusively over WiFi and without Google/Apple/etc services.
Yeah, kind of sucks - although I guess ultimately no computer (including smart phone) is completely secure/private. Its possible to make things better though. eg. I use encrypted xmpp messenger service, run by people I trust, to chat with friends using my phone. Few years back that would of been SMS so my carrier would of known who I was chatting with and what we said. I have an Android phone with LineageOS and no Play so Google dont get data from my phone etc.
@pell Yeah, XMPP is super light. It basically just passes the messages with some XML around them (and encrypted). Even if you start sending movies in your chats every day it's still basically a negligible amount of data.
I am worried, but they are the devil I know. And my phone works with just Android installed. I was curious enough to install Fdroid, but there's the risk of breaking my only phone access when I'm not at work.
To my mind the folks that run FDroid are much more trustworthy than Google. In 5 years of Android use I've never had a google account and got pretty much all my apps from fdroid without encountering any issues that have effected the reliability of my phones.
@pell it's the same with Google play store the only difference is you didn't install Google play but you are forced to trust them to get apps .They have alot more info on you that what fdroid needs to run. The good thing with fdroid is that it will tell you should an app,be very old or have a known vulnerability or what permissions if any that the app requires before you install . Google just makes everything shiny so people are fooled into installing without really knowing .
@pell isn't f-droid open source though? It's much less dangerous giving such an app permissions if you can see what it does with it.
Yes, Fdroid is free software. But I still ask myself the same questions: How known is this software? What is its reputation? What are the risks? Free software isn't automatically good or safe.
@pell let's aggree to disaggree. But within the community of free software enthusiasts f-droid is well known, in high regard and often used.
If you want a fully free android, it's the only way to go. Theres not a lot of competition for installers like f-droid and google play.
Why that question? I've definitely not been an advocate of Google Play or Google anything here.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.