|
|
|
|
|
|
by AJ-1320
48 days ago
|
|
|
First of all, I would like to state that just because a piece of software is free and open source, does not mean it is inherently more secure or private. "Open source" is merely just a licensing term. GrapheneOS has the "App Store" to get the most basic apps required for general usage. Accrescent is distributed there because it follows Android's security baseline for being an actual app repository while F-Droid and Aurora Store do not.
There really isn't a value in having third parties compiling apps to check for any malicious activity, which F-Droid does. These checks are not reliable and have been bypassed. It's one of the reasons why Wireguard is no longer on F-Droid. If you don't trust an app enough to get it directly from the developer, then don't use the app at all.
The privacy and security benefits of GrapheneOS are supposed to be nearly invisible to the average user. Examples include a hardened memory allocator and memory tagging extension to protect from memory corruption bugs, and the ability to install sandboxed Google Play to use Google services without Google having complete control of your device. |
|
|
Developers are not geniuses at every aspect of security or app deployment. They can sell their projects. Get compromised. Or can get tricked like the xz exploit
Having an app store making any effort to prevent or correct problems, especially as transparent as F-Droid, is better
Wireguard app dev wanting to bypass the store and push an executable to your phone every day is ridiculous. No user of app/package manager expects it to be bypassed