• incogtino@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      Yes, that video is primarily complaining about F-Droid self-signing, and that it creates: a requirement to trust them; a single point of failure for security; and slows updates

      The trade off is that developers must maintain their key, if they lose it the user must uninstall and reinstall the app, as Android will not trust an update signed with a different key

      • Nakres@lemmy.one
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        What alternative does the video promote? Trusting Google and the Playstore? Trusting each dev of every app to deliver apks which match the code? I don’t want to give the video more clicks if it’s scaring away people from F-droid towards worse alternatives.

        • incogtino@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          No need to click, it complains about exactly what has now been changed. In essence you are always trusting the dev, why add other parties to that chain

          • Nakres@lemmy.one
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            Wrong, if you are using F-droid, you aren’t trusting the dev, you are trusting F-droid and the source code, the dev CAN NOT give you an app that doesn’t match the code, and the code can be seen and reviewed by anyone.