Are FOSS apps safe and trustworthy?

I have lately started to keep up with all of googles kind of creepy antics and I have a Motorola that is basically stock google. The primary advice I get to degoogle my phone is to get a custom ROM but my phone is neither compatible with any and I am not sure I trust any of them anyways. So instead I am just turning off google play services and replacing all the apps with alternatives from fdroid. But I am just wondering if all these apps were made by random devs why couldn’t one of them just put spyware or malware on their apps to infect your phone. What I am asking if are FOSS apps safe and secure and how to do you know you can trust them. When you have a large company like google or apple while they can get away with subtle spying they can not screen record or infect your phone with malware but when you have developers who are doing it for free and do not update them often who knows?

You can build Android for your phone yourself. You already trusted your money with a manufacturer that didn’t make that easy. Let’s focus on software.
You can find anything you are looking for, as can anyone else. That is the premise you are looking to remove by making a comparison. There is no guarantee either way, but you can decide for yourself what the incentive is for either option, and in each case.
Google and Apple can not only spy on you, they can sell this data to authorities, and have done. “Subtle” is the kicker there. With subtle you aren’t loosing any data you wouldn’t lose with “blatant”, but you are instead worried that there would be anything blatant for all to see. That is the thing that doesn’t happen other than extremely rarely. The winning move is not to play, but then you settle for nothing :slight_smile:

1 Like

From my amateur point of view, the official repository is unlikely to be infiltrated with malware or spyware, I’m not sure if everything there is has been carefully audited. Nonetheless, you can be sure that the app will be safe if it is very popular and has a lot of attention (from real people ofc)

There’s always a link to the source code, the number of stars and watchers can be found on Github / Gitlab (keep in mind that Gitlab is less popular and they won’t get many stars, but that doesn’t mean it’s any less safe).

I do not intend to discredit new applications or those that for some reason did not receive enough attention, my intention is simply to show caution to users who do not know about coding.

Anyway, there has been much more malware in the GPlay Store than here, if ever there was malware in F-Droid.

1 Like

They can be malware too, but…

It’s in the name F-OPEN-SOURCE-S, see? You can see the code…

2 Likes

My concern with screen recording is not that is would be published or sold I really have nothing to hide I am sure no one cares what music I listen to or who I text I would be more worried about them getting passwords like email social media, and other account passwords and then using them to try to infect myself and others with malware ( I dont have any money on my phone but someone could still use my gmail to send malware to my friends and family)

1 Like

@Franky
A lot of entities care about your habits, they are they social media owners of said accounts. They already have your passwords, and aren’t looking to share details or aggregate conclusions with anyone else. Except for when they merge, accumulate it in even bigger databases, or share with those doing the same.
That is the part they are good at, and any security is only a concern in light of that.

A fairly poignant threat is that of buying up libre software plugins for browsers and loading those with ad- or spyware. That does happen with some frequency.

Identity theft is a good attack-vector in exploiting your friends and family too, think of that.

1 Like