Follow

I'm trying for the first time. There's a part of me that's nervous giving a third-party app that kind of access to my phone.

@pell What kind of access? F-Droid doesn’t need any?

@njha
Installing fdroid required giving it all kinds of permissions: access to the file system, access to the network, control of the phone's ability to go into rest mode, etc.

@pell Um, that can't be right. I've just downloaded F-Droid from f-froid.org and it required no permissions whatsoever to install and run.
I fear you might have just installed some malware that disguised as F-Droid!
Where did you download it from?
@njha

@colomar @njha
I got it from f-droid.org, unless Chrome on the phone is spoofing the IP. Besides, how could it work without some of that kind of access? Maybe "permissions" was the wrong term. But before installing I got the warning about the access the app was requesting.

@pell @colomar all fdroid does is download apks, which you install yourself

It needs network, permission to download apks, and that’s about it.

@colomar @njha
I wonder if you have the warning turned off somehow. I got the message with the very few apps I installed through Google Play.

@pell When installing an APK manually it tells me what permissions it needs. F-Droid said it needed no permissions, and if I look in "app permissions" settings, F-Droid does not have storage permission turned on.
Network / Internet permission is not listed on FairphoneOS (Android 7.1) at all. What is your Android version?
@njha

@colomar

I guess maybe its an old version of android, where all permissions are granted and then the user has to turn off any they dont wish the app to have?

Can see the full list of permission, including those that arent considered 'dangerous', so no ability for users to deny, by looking in #FDroid at the app.

Heres the permission details for FDroid, viewed in Fdroid

@pell @njha

@dazinism @colomar @pell Ohh, I remember what those are for. The new F-Droid supports locally sharing files with people you're near, so it needs a bunch of communication and location-related privileges. Other than your location provider (Google, probably), no one else gets your location when this is used.

@njha Ah, right, and newer Android versions only ask for those permissions when that feature is actually used. That's why I didn't see them.
It's really scary in old Android versions when you have to grant all permissions right at install time, even those you don't ever need.
@dazinism @pell

@colomar @njha @pell

Its also the case for apps with an old Target SDK (indicates which version of Androids features are used) but I think most maintained apps will now have a Target SDK with permissions granted as the app requests them, rather than at install time.

I used to have CopperheadOS on my phone, before they imploded, which used a obscure AOSP build option (apparently only otherwise used in Android watches?) that on older Target SDK apps, would give users options to … 1/2

@colomar @njha @pell

…deny any/all dangerous permission on first app use, rather than them being automatically granted at app install time.

Copperhead also made network access, and sensors access dangerous permissions, with user control.

Pity it imploded, though the developer continues outside the company and has inspired other new projects

piunikaweb.com/2019/02/05/the-

@pell

"There's a part of me that's nervous giving a third-party app that kind of access to my phone."

I'd be much more worried about the access that Google, phone manufacturers & possibly phone network operators have from all the spy/bloat ware they put on android phones.

I got a cheap android phone a year back for a job I was doing, checked out what it was up to in the thread....

social.coop/@dazinism/10120266
@colomar @njha

@dazinism

You could even have a "dumb" phone and your cell carrier will still sell your location through cell tower triangulation. If you have a smartphone they can just use GPS (usually). (See: LocationSmart)

You have 0 options for a private/secure phone unless you use it exclusively over WiFi and without Google/Apple/etc services.

@pell @colomar

@njha

Yeah, kind of sucks - although I guess ultimately no computer (including smart phone) is completely secure/private. Its possible to make things better though. eg. I use encrypted xmpp messenger service, run by people I trust, to chat with friends using my phone. Few years back that would of been SMS so my carrier would of known who I was chatting with and what we said. I have an Android phone with LineageOS and no Play so Google dont get data from my phone etc.

@pell @colomar

@dazinism @njha @colomar
Dazinism, do you know if xmpp is light enough to run it just for family and friends from a typical hosting service without your provider getting angry at you?

@pell Yeah, XMPP is super light. It basically just passes the messages with some XML around them (and encrypted). Even if you start sending movies in your chats every day it's still basically a negligible amount of data.

@dazinism @colomar @njha
"I'd be much more worried about the access that Google...put on android phones"

I am worried, but they are the devil I know. And my phone works with just Android installed. I was curious enough to install Fdroid, but there's the risk of breaking my only phone access when I'm not at work.

@pell

To my mind the folks that run FDroid are much more trustworthy than Google. In 5 years of Android use I've never had a google account and got pretty much all my apps from fdroid without encountering any issues that have effected the reliability of my phones.

@pell it's the same with Google play store the only difference is you didn't install Google play but you are forced to trust them to get apps .They have alot more info on you that what fdroid needs to run. The good thing with fdroid is that it will tell you should an app,be very old or have a known vulnerability or what permissions if any that the app requires before you install . Google just makes everything shiny so people are fooled into installing without really knowing .

@pell isn't f-droid open source though? It's much less dangerous giving such an app permissions if you can see what it does with it.

@vancha
Yes, Fdroid is free software. But I still ask myself the same questions: How known is this software? What is its reputation? What are the risks? Free software isn't automatically good or safe.

@pell let's aggree to disaggree. But within the community of free software enthusiasts f-droid is well known, in high regard and often used.
If you want a fully free android, it's the only way to go. Theres not a lot of competition for installers like f-droid and google play.

@pell
Less afraid of the Terms of Use of Goole play store ?

@Fredux
Why that question? I've definitely not been an advocate of Google Play or Google anything here.

@pell @Fredux
it was estonished that you were afraid of the access asked by Fdroid, that are less frightening than those of Alphabet, according to their target..
I didn't pretend you were their advocate. Just don't be so afraid : with Fdroid, you're in safe hands..

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.