I would like to make a suggestion, if I may, for the fdroid application.
I do not know if it could be possible, that fdroid does not have access to:
allow Wi-Fi multicast reception
connect to Wi-Fi networks and disconnect
pair with Bluetooth devices
access Bluetooth settings
run at startup
control Near Field Communication (NFC)
And within the application, the function. Or Nerby option to remove it.
It would be a plus point for security and privacy that is Fdroid.
Please do not take me wrong this suggestion and I apologize if I did something wrong doing it.
Best regards and thank you for your time.
Do explain the “threat model”
Good afternoon @Licaon_Kter
First those permissions are also held by the Google Play Store. And it would be one more point of difference with this unsecured store.
Nfc can be used by an attacker for malware entry or getting hold of data. Just like Bluetooth
That starts with the system if you have enabled automatic updates. It is a waste of resources for the mobile and slows down the startup.
Among other things. And it seems to me also some permissions not necessary.
A hug and thanks for your time
F-Droid Nearby exists to share apps with others. All of those permissions are used to share apps. They are necessary for the app to function.
Good afternoon @TheLastProject
First of all thanks for your help and time. And for your reply.
But if all the applications that are in Fdroid, are already inside the repositories, the Fdroid application itself, and the Fdroid website.
The Nerby option would not be necessary, since you can download the application without any problem. And no need to share between devices.
Forgive my ignorance and my concern but the bluetooth :
And they could use some bug or something to be able to get in through there. Also that would be another point of differentiation from the Play Store . And if anyone uses Fdroid on any Android phone. For example the Google application has full access. With what could even, I do not know if it would be possible. Access the application and get data.
Thanks for your time and help.
Ah, I misread you, I thought you were talking about F-Droid Nearby because you said Google Play Store but you were just talking about what permissions the Google Play Store has. My bad, sorry!
I understand those permissions can be an issue. Moving Nearby out of main F-Droid could be the solution, but I believe reading an article once about it being used in some country where Internet is unreasonably expensive a fair bit so removing it may hurt that community. I don’t know, I’m not really doing much on the client side and I don’t know all the reasons for all the decisions.
I believe “run at startup” is used to make sure that F-Droid’s background process (which checks for updates and so) is started when the phone starts. Removing that permission would probably lead to a lot of people missing updates because there would then be no update checking after a reboot until they open F-Droid manually.
For you maybe, as said above many don’t have such good internet or any at all.
That might be true for you, yet not for others.
The bad stuff doesn’t work if BT is off, F-Droid does not enable it randomly, only if you choose to.
I like to have automatic updates, disable them for you if you don’t.
If I understand correctly, Gallegonovato would like to have more control of the fdroid app and might be interested in a less bloated version that requests fewer permissions. I feel the same.
During normal usage (not use Swap of course) no permission is asked at all.
In that case, you may want to look into alternative clients like F-Droid Classic too, as it doesn’t have swap support at all and thus seems to request less permissions.
First of all I apologize if my suggestion has seemed wrong or something. It was not my intention at all. I just wanted to improve a little privacy and security.
Since for example the Google store has many permissions compared to Fdroid.
And for example if we have the add-ons for fdroid ( F-Droid Search: Fdroid ). Well under my point of view that has access to the permissions that I commented at the beginning because that’s where they could attack.
Already even that if you start alone (to turn on the computer) if your phone goes just as it would be slowing it down. And you could maybe put an option in the configuration of fdroid. You want it to start and check for updates.
Because for example I have them disabled. And every time I turn on the phone Fdroid is running and starting. Even removing permissions in app manager or Autostarts.
For example the one you mention F-Droid Classic has some simple permissions. Or the same Droid-ify Droid-ify | F-Droid - Free and Open Source Android App Repository
For example in App Manager and you mark some option in red to remove and two trackers. What in the antefiores not.
I repeat that it is not my intention to do wrong. Or something wrong. On the contrary since I thank Fdroid for bringing free software to ordinary people. And even more for all his work reviewing the applications so that they do not sneak weird things. And as I said many times of Fdroid I have not heard in all the years I’ve been using it that nothing has happened (infections, attacks, etc …) something that Apple or Google can not say the same for example.
I just wanted to propose some improvements to make the application better.
Thank you very much for all your time
Also has advantages of being developed on f/loss network system, toggle to only download screenshots when tapped to reduce data used, easy filter by repo, display of version details without extra taps…