Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t audit the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
Because in the main repo of fdroid, the apps code is quickly eyed then packaged by the fdroid team from source (plus a quick virus scan. Google only does reputation check and use virus total (their android anti-virus and anti malware software), yes, the same virus total you can access as an app or webpage.
Unfortunately I think this is going to be an inevitable problem with any software repository. F-Droid just expects users to go to the repository and inspect the code if they have concerns, or to trust the developer. Google can verify their own code isn’t malicious. They can’t audit the code of potentially millions of apps submitted to the Play Store that will inevitably ask for access to your entire filesystem, if given the option. Because let’s face it, the majority of mobile apps these days are just spyware whose primary purpose is hoovering up as much data as humanly possible to sell to data brokers.
Nextcloud is in the main repo
Huh?
What’s confusing?
Nextcloud is in the F-droid main repo
Its confusing that you didn’t say F-droid
I’m confused because I don’t understand why you’re telling me this.
Because in the main repo of fdroid, the apps code is quickly eyed then packaged by the fdroid team from source (plus a quick virus scan. Google only does reputation check and use virus total (their android anti-virus and anti malware software), yes, the same virus total you can access as an app or webpage.
He thought you were talking about the process of adding external repositories to fdroid while you were talking about having something scan the app