483

Hello everyone!

I've finally released Eternity on the google play store. Note that this is not compatible with the existing releases as this build has a different signature.

Thanks for your support and looking forward to your feedback!

you are viewing a single comment's thread
view the rest of the comments
[-] elkalbil@jlai.lu 4 points 1 year ago

Because of the disclaimer on this page:

DISCLAIMER: I have not thoroughly checked the .apk files available here. As stated above, they are directly taken from the repositories of their resp. developers. Some basic measures are taken, though (see the Security section below). Still, use this repo at your own risk: I will take no responsibility whatsoever for any damages which might occur as result (not saying there will be any, though). Further note the inclusion policy of this repo (see the link above) is slightly less strict than F-Droid’s.

[-] BeeCoffee@discuss.tchncs.de 3 points 1 year ago

I think they should put this warning in any app store right now, self awareness is something many people stop doing when they promise you safety, even in the play store you can find malware so for best practice check the developer

[-] elkalbil@jlai.lu 5 points 1 year ago* (last edited 1 year ago)

I started typing a very long response explaining my risk model, how a malware on my mobile device will be a nightmare to my whole digital life, etc. Long story short, my case might differ from yours and I consider Izzy's security not enough for me.

I consider myself fairly educated in infosec. Security is layered, no single measure can give you assurance it will not fail.

I suspect Google to perform automated reverse engineering on the Play store apps. F-Droid get the source, not the binaries. Much easier to look for sketchy behaviour if you've got the sources. Yes, Google sometimes get malware on the Play store, but it usually does not stay very long or affects a lot of their users.

Izzy simply does not have the resources to do so, so they use VT as a "replacement", which is not good enough for me; AV solutions have traditionally shitty engines for mobile apps.

Also, Izzy is a much more confidential source for apps. Only a few (if any) security researchers will look at it. Even if someone finds a malware, I strongly doubt it will make news, even in IT security websites. Whereas the Play store or even F-droid...

I don't blame them nor anyone using them, I'm just saying the risk of potential malware on my phone is not worth the benefit of installing bleeding edge apps for me.

[-] smollittlefrog@lemdro.id 2 points 1 year ago

That's a nice and concise explaination.

this post was submitted on 30 Aug 2023
483 points (99.0% liked)

Eternity

1701 readers
1 users here now

Eternity is a free and open-source Lemmy client, forked from Infinity for Reddit!

🔗Universal Link: !eternityapp@lemdro.id

📥 Downloads
🌱Contribute

Rules

  1. Stay on topic: All posts should be related the Eternity project

  2. Be descriptive: If you're reporting a bug, please provide as much detail as you can. Screenshots can be helpful!

  3. Be nice: Keep it positive! Treat others with respect, even if you disagree. Accordingly, you should expect others to be nice to you as well. Report intentionally rude comments.

  4. No piracy: Do not share links or direct people to pirated content.

  5. No advertising: Please refrain from advertising products or other projects here.

founded 1 year ago
MODERATORS