GrapheneOS on Nostr: For the vast majority of apps they package, F-Droid downloads and builds whatever ...
For the vast majority of apps they package, F-Droid downloads and builds whatever developers publish, then sign it with their own keys and release it. They aren't doing any real review as people believe. What they really do is run things through basic scans looking for libraries they've disallowed, primitive antivirus checks for common Android malware as if that's what malicious code in an open source project would be, etc. It took them that long just to realize an app openly took over updates.
Published at
2025-01-27 15:15:41Event JSON
{
"id": "9daa52d1c00f878e3de5a0880953c3147496ec93a9f64f84c5a692e94e7ef04c",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1737990941,
"kind": 1,
"tags": [
[
"e",
"c50fae2c56e3a9507e127f42b5db17e39a0d65e76710b6d89d0222a96bcd5c48",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/113900974322689624",
"activitypub"
]
],
"content": "For the vast majority of apps they package, F-Droid downloads and builds whatever developers publish, then sign it with their own keys and release it. They aren't doing any real review as people believe. What they really do is run things through basic scans looking for libraries they've disallowed, primitive antivirus checks for common Android malware as if that's what malicious code in an open source project would be, etc. It took them that long just to realize an app openly took over updates.",
"sig": "79be75838a7de33eabe21efcf1baa32cd5f00b6276dceaf7a096b12a6b988df54c05f9b277af48da7f6423f0957b2480130a42a29656ddb9c054983fc4480e82"
}
