this post was submitted on 31 Jul 2024
26 points (90.6% liked)

Open Source

31725 readers
207 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
26
submitted 4 months ago* (last edited 4 months ago) by JustMarkov@lemmy.ml to c/opensource@lemmy.ml
 

(cross-posted from: https://lemmy.ml/post/18603801)

Today I opened the App Store on my GrapheneOS to see, that Accrescent is now mirrored in it.

I know, that GrapheneOS devs have addressed F-droid very negatively it the past (and they still do that), but imo, including Accrescent as a part of official GOS App Store is very harmful for FLOSS movement, as Accrescent does not support any third-party repos, claiming that they are "breaking the Android security model", and also allows submitting closed-source apps to the repo.

This unlikely to be the reason for me to change OS, as GrapheneOS is still amazing, but devs rhetoric and actions become more and more concerning for me.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] deadcade@lemmy.deadca.de 29 points 4 months ago (1 children)

Despite the downsides of F-Droid, there's one thing they provide that other stores like Accrescent simply can't. F-Droid provides APK builds with the exact source used for the build available. There's a lot of trust involved, but this trust is in a single entity, rather than random developers. F-Droid has existed for a long time without adding malicious code to builds, so when they say "this source code produces this APK", they have years of history doing exactly that to back their claim.

A random app developer has no such trust built up. Stores like Accrescent, even if you download only FOSS apps, trust the app developer with building apps. It's less prone to one massive takeover, but APKs built by random devs are much harder to verify and check for malicious code than the source code. If F-Droid is taken over, it should be noticed relatively quickly, but affects everyone using F-Droid. If an app on Accrescent bundles malware, only users of that app are affected, but it may go unnoticed for a much longer time.

[โ€“] GravitySpoiled@lemmy.ml 8 points 4 months ago

Not only that, more and more apps are reproducible nowadays