F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Malicious apps can make it onto F-Droid as they can onto any app store. The biggest difference is that F-Droid compiles apps from the published source code rather than accent uploads from the developer directly. That means only apps with source available are installable by default, built from the source everyone else can read.
If there’s any malware in these apps, the malicious code can be found in the public source code.
There is a manual vetting process before an app is accepted into the repo which should detect shady behaviour but updates aren’t subject to this strict process, so it’s not a full fix.
Reviewed by who though? Malicious apps even get through apple and Google’s screening. I can’t see how fdroid can match the capabilities of those guys.
Malicious apps can make it onto F-Droid as they can onto any app store. The biggest difference is that F-Droid compiles apps from the published source code rather than accent uploads from the developer directly. That means only apps with source available are installable by default, built from the source everyone else can read.
If there’s any malware in these apps, the malicious code can be found in the public source code.
There is a manual vetting process before an app is accepted into the repo which should detect shady behaviour but updates aren’t subject to this strict process, so it’s not a full fix.