(F)OSS by itself is not a security solution. Largely because you can't "solve" security.
There are plenty of insecure open source apps. To deny that would be to deny tons of security-related CVEs.
Yes, open source software is easier to audit, but does nothing to a) make those audits actually happen (frequently enough), nor b) improves the quality of those audits.
i.e. just because I have access to information does not validate that information. Work still has to be done.
FLOSS may have security vulnerabilities, just like any other software. An OSS android app which has no anti-feature flags on f-droid with intrusive advertisements or malware behavior, deliberately implemented by its own developer, is something I have never heard about.
The same can't be said about 'free' (or sometimes even paid) proprietary apps from play store.
There are plenty of insecure open source apps. To deny that would be to deny tons of security-related CVEs.
Yes, open source software is easier to audit, but does nothing to a) make those audits actually happen (frequently enough), nor b) improves the quality of those audits.
i.e. just because I have access to information does not validate that information. Work still has to be done.