Recently Google decided that in the future for an app to be installable on an Android device, the developer of this app needs to be ID’d and registered at Google. They claim this is in order to “to better protect users”. However, I think, this is a move to get more control over the Android ecosystem, and the data they can collect with it. If anyone who wants to develop an app for Android devices has to be registered with Google, this puts all the power of who to allow distributing an app to Google.
Furthermore F-Droid shows, that safe app stores can exist without registration, neither of users nor of developers. There is zero malware or spyware on the F-Droid store. What there is on F-Droid is thousands of beautiful, useful and, most importantly, safe apps. And this entire ecosystem is at risk, because Google wants to gain more control over its users and over the Android operating system.
I disagree with the notion that letting users make their own decisions regarding where to install apps from is a vulnerability. That’s how computers have always and are supposed to work. It’s like saying banking apps are a vulnerability because people can transfer money to scammers through them.
Under this thought process, Linux is the most insecure OS.
Why do you think vulnerabilities and functionality are mutually exclusive??
Of course being able to connect to other repos is a useful function of F-Droid, I use it for several. However, functionality also opens up potential doors for attackers.
The most effective way to secure your device is to limit functionality. Then, it becomes a trade off between what functionality you want or can do without, and what potential risk you’re willing to accept.
It’s easy to ignore risk and enable all functionality, and sometimes that’s nice to do, but you’ve got to find a balance.
My point here is that F-Droid is arguing about their viability because of their security, while running a service that has a known vulnerability.