this post was submitted on 13 May 2025
577 points (99.0% liked)

Technology

70031 readers
4941 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
577
Nextcloud cries foul over Google Play Store app rejection (www.theregister.com)
submitted 2 days ago by GertrudGoethe@feddit.org to c/technology@lemmy.world
86 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sommerset@thelemmy.club 4 points 1 day ago (1 children)

What is the point of obtainium ? Over fdroid?

[–] Wispy2891@lemmy.world 6 points 1 day ago (1 children)

You get apps a couple days earlier

But it comes with a huge downside: if dev goes rogue or gets hacked, you could install a malicious version of the app that doesn't match the source

[–] 9488fcea02a9@sh.itjust.works 1 points 1 day ago (1 children)

"If dev goes rougue"

Isnt that a risk for all app stores?

[–] Wispy2891@lemmy.world 1 points 17 hours ago (1 children)

For fdroid the app is compiled on fdroid servers when dev tags a new release on GitHub. So the app matches the source, it's not possible to put a tainted APK to download

Now, if the malicious code is slowly added to the source over the course of an year like it happened with the xz utils, this won't change the result, but it's easier to do so with a compiled binary. Release clean source and infected binary, it will take a longer time to get caught

For the closed source app stores, on iOS there's the manual inspection (which is not infallible especially if they timebomb or geofence the bad feature) and for Google there's the automated inspection (which fails often seeing the news) that should find problems

[–] 9488fcea02a9@sh.itjust.works 1 points 16 hours ago

What if fdroid goes rogue or gets hacked?

I'm an fdroid user, but i often wonder if it is safer than google play store

Likelihood of google getting hacked/rogue is much lower than a small, community run volunteer project