this post was submitted on 26 Jul 2023
66 points (91.2% liked)

No Stupid Questions

35806 readers
1702 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

I'm note a programmer. I Don't Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can't someone integrate their own virus just because the code is open?

you are viewing a single comment's thread
view the rest of the comments
[–] rufus@discuss.tchncs.de 5 points 1 year ago* (last edited 1 year ago) (1 children)

Tl;dr: Don't download random APKs from the internet, just because they claim to be FOSS. Just get them from F-Droid and you're safe.

Long answer: Depends on the project. Look how many people use it. If it's a bunch, chances are other people also keep an eye on it. Even better if you get that sofware packaged. That means from the package manager of your linux distribution or - in your case, using Android - from F-Droid. This way somebody from that team has a look at it, and F-Droid even strips all those trackers from Apps. I'd say chances for a virus/spyware getting through the F-Droid process are close to none. Not more than chances are of a virus slipping past Google's antivirus.

(Play Store doesn't do anything against excessive tracking.)

[–] zencat@kbin.social 3 points 1 year ago (2 children)

I'm curious, how does F-Droid detect malicious codes within an app?

[–] Peruvian_Skies@kbin.social 2 points 1 year ago (1 children)

Part of it is automated, part of it is real people looking at the source code. That's done by sampling of course, since it's not feasible to have someone manually look over every new update to every app.

[–] rufus@discuss.tchncs.de 2 points 1 year ago* (last edited 1 year ago)

Yeah. I haven't looked it up, but a huge part seems to be manual labor. They have a good look at it when it gets included into the f-droid repository. The app then gets re-packaged to meet their standards and compiled from source. During this process tracking libraries and other (proprietary) components get stripped.

They have an automated build server. I'm not sure if that does any additional tests or just checks if it can build the app. But this also prepares the updates.

I doubt there are automated antivirus scans involved. Usually only windows users do that.

And you have a community with many other users who use the same build of an app. They'll file bugreports and maybe notice if an app stops working or starts consuming huge amounts of data and battery. Those users also tend to be more tech-savy than playstore users.

[–] copygirl@lemmy.blahaj.zone 2 points 1 year ago

From what I know, F-Droid compiles apps from source so you can be sure that the code you're running is actually made from the source code that it claims to be built from. On most other platforms, the developers could be uploading malicious programs that actually have the code changed from what's shared online as its source code. Then add the fact that other developers can and do look at the code, and what changes are made from version to version.