I'm just using the default GrapheneOS SMS app, but it's concerning seeing the number of these FOSS apps lately adding major privacy invasive permission changes. Are there a few big companies buying them up for a quick buck, or what?
Yup, ZippoApps just bought this one. It’s a company that basically buys apps then pumps them full of invasive (bordering on spyware) bloat to capture the data from existing users. It’s a typical corporate strategy, where they buy a popular app, extract every single cent they can from it, then discard it once it’s a shell of its former self, for the next popular app.
I'm just speculating here, but I've seen where app developers pull in a framework for a feature and it comes with all sorts of hidden gems since the framework was developed by a large corporation. The small development team now needs to consider writing their own framework (an established anti-pattern), find another (that may have the same problems or be less mature, etc) or include the privacy invading code and plan to replace it in a future release (which never happens because users want new features and the privacy concerned users have left).
Not even close. This has nothing to do with SimpleApps.
A crappy company bought them from the original creator and maintainer. This company is well known for buying mildly popular apps and inserting ads in them for monetisation.
People who downloaded them from F-Droid should be fine tho.
yeah, the most shady part of this is that SimpleApps' code was available in Github. They could have just used that and upload it to the Play Store.
why did they buy it from the developer instead? because thousands of people already had these installed, so when buying it from the developer they get to push their new, ad infested versions to the unwary users had the apps installed.