Hi!
I recently stumbled across a new app in FDroid that promises the user security through encryption. A look at the source code revealed severe mistakes though and the app does (currently) not deliver what it promises (secure encryption). Is there something we can do in such a case (apart from notifying upstream) to protect/warn potential users?
I recently stumbled across a new app in FDroid that promises the user
security through encryption. A look at the source code revealed severe
mistakes though and the app does (currently) not deliver what it promises
(secure encryption). Is there something we can do in such a case (apart
from notifying upstream) to protect/warn potential users?
Our focus is to provide free/libre/open-source software and we try to
verify this as much as reasonable possible. We currently do not have
the personell to provide in-depth security analysis.
For now, you can open a merge-request to fdroiddata updating the app
description, but we will expand this to provide a way to push high
importance notices to users of specific apps as well as new anti-
feature called Known Vulnerabilities.
1 Like
I fully understand that 
Thats great 
Iām looking forward to that.