zlacker

While this is true of many projects, F-Droid has a track record of sourcing funding for security audits. To date there have been at least three audits, in 2015, 2018, and 2022.

I was involved in addressing in issues identified in the first one in 2015. It was a great experience, much more thorough than the usual "numerous static analysers and a 100 page PDF full of false positives that you often receive.

replies(1): >>udev40+eb

>>pserwy+(OP)
I'm surprised that several audits didn't uncover this signing issue. GrapheneOS devs do not recommend f-droid. Instead, Play Store is the safest option for now, after Aurora Store

replies(2): >>cenamu+Oe >>t0bia_+Cy

>>udev40+eb
But their goals are also kinda opposed, software security with not much concerns paid to freedom.

replies(1): >>udev40+6j

>>cenamu+Oe
What? That's so not true. They give heavy preference to security because without it, your freedom and privacy has no value

replies(2): >>fl0id+Wj >>t0bia_+My

>>udev40+6j
Well yeah so Theo goals are opposed. F-droid is foss first and probably say proprietary illusion of security has no value ;)

>>udev40+eb
Aurora Store downloads apk files directly from gplay servers, why it should be less safe than Play Store?

>>udev40+6j
How can you trust proprietary software, when you cannot inspect code? It's just a blind trust.

replies(1): >>gruez+qJ

>>t0bia_+My
You don't have to. On grapheneos google play service isn't given special privileges and is sandboxed like any other normal app.