The app "Alarm Klock"is the best and most privacy-friendly clock-app. But when i view the app, in the F-Droid app, onmy phone, it’s written that it has the anti-features: known security vulnerabilities. But when I look at the app on the F-Droid website, on the computer, there is no info about any anti-feature or security issue.
So I wonder is there any security problems or is something wrong with the F-droid app? If there is security vulnerabilities: Could you please ask the app creator to create a security updated, new version of “Alarm Klock” or find someone capable of helping him with this?
There is just one other clock-app that is privacy-friendly in permissions called “Simple Clock”, but the problem with this app is that it can not play alarms without the pre-installed “Google Clock App” (and all google apps need permissions on nearly everything, thats why the Simple app is not good enough, for me).
“Alarm Klock” on the other hand can play alarms without the damn “Google Clock” app installed/activated.
So if there is any security vulnerability, please find someone to fix it, please.
The vulnerability is due to the app being 2 years old, when the last update was done. Ideally there is a timeline based on which the apps are deemed vulnerable. If your phone would not receive the security patches timely, it too becomes vulnerable. The last commit to the code was over an year ago, with no releases since 2 years.
Could you check with the app-creators of “Alarm Clock” if they might update the app to make it more secure & stable on the newest Android version 9.0 “Pie”?
Two years go by fairly quickly, that doesn’t automatically mean that the app is insecure but it could be using depricated functions, which may have been depricated for any number of reasons, not sure if security is a common reason for deprication. Surely if the OS is updated it would prevent phones from using functions that are found to be insecure or patch said function so that it is made secure?
Err on the side of caution always but in this situation I think that you would be okay. If you can read code maybe look at a bunch of random commits or a few object (ie. java) files. If you can read code you could do that with any app, not just this one.
True. That is why I said, that it is vulnerable. I did check its code and there is no harm in using it today as well. Just that at times the functions may not work or it may not work in Pie.