this post was submitted on 06 Mar 2024
189 points (100.0% liked)
Technology
37719 readers
114 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What boggles my mind is that the level of sandboxing displayed in Apple's App Store is not really interpretable to me.
I also see something like "the developers indicated they do not collect sensitive information." Yeah, but why would they indicate otherwise if they were malicious parties?
Probably, the only way to get sort of assurance is to choose an open source project, but App Store doesn't guarantee that the code on Github matches the app in the Store.
This is why I like fdroid. They insist on building the app themselves, ensuring that it does indeed match what's on github. Now you need to trust only fdroid to do the right thing. Then again, if they do something bad, someone will recognize it.
You upload the binary to the App Store, and as a part of the release process they may inspect the binary to figure out what it's doing.
They of course don't do that for everything as it's a bit complicated to do for everything, but it can be an effective means to for example figure out when an app is calling an API in a prohibited manner.