• CubitOom@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    14 days ago

    This is interesting, but Obtainium exists and this won’t stop Google from preventing installing things outside of the play store.

      • kurcatovium@piefed.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        13 days ago

        What the hell is that weird bp hybrid letter? From context I get that’s substitute for “th”, but man… It’s so hard to read, at least for me as non-native. What’s the point?

    • garden@lemmy.blahaj.zone
      cake
      link
      fedilink
      English
      arrow-up
      0
      ·
      14 days ago

      Thanks for the link! Even though that site is sure to fill me with endless disappointments… 🙃

    • artyom@piefed.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      14 days ago

      Nothing relevant to this app. But FDroid only has apps that have been submitted to it. This allows installation and updates of any apps with releases published to GitHub.

      • solrize@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        14 days ago

        I don’t see the point then. I can install direct from GitHub if I want that. I don’t want a random intermediary that’s another possible attack vector.

          • TehPers@beehaw.org
            link
            fedilink
            English
            arrow-up
            0
            ·
            13 days ago

            FDroid’s official repository includes fairly strict requirements for apps they allow, meaning you get a level of confidence that those apps meet those requirements. You can add custom repos in the app, but it’s not the default flow. To use a recent example, it’s like comparing the Arch official repos to AUR.

            Not that there isn’t value in a tool that can download apps for you from GitHub, but it’s not really fair to compare that to F-Droid. You’re generally safer on F-Droid’s official repo than with random projects off GitHub, and potentially even safer than downloading official releases of apps on F-Droid directly from the releases page.

              • TehPers@beehaw.org
                link
                fedilink
                English
                arrow-up
                0
                ·
                13 days ago

                The qualities that were specified were security. Do you plan to actually explain how both FDroid and random GitHub downloads are equally insecure?

                • artyom@piefed.social
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  13 days ago

                  The qualities that were specified was the ability to install the apps through the browser without the “attack vector” of an app installer.

        • hellmo_luciferrari@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          13 days ago

          While I understand that less is more mentality here; but Obtainium doesn’t just install apps, it allows checking for updates. Which updating apps I would argue is something worth doing.

  • ultimate_worrier@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    There’s so many scary vibecoded apps being announced on here. Forgive us if we have stopped even looking into these.

    Security seems to be an afterthought in almost every single one. I’d be shocked if I were wrong at this point. Advice to repo owner since they need the LLM to do anything: take a step back and have your LLM brutally criticize your work before the rest of us get PWNED by your malicious lack of critical thinking and due diligence.