Skip Navigation
Switching to custom rom on android device with data
  • AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.

    Non pixel phones aren't secure because GrapheneOS doesn't support them. They aren't secure because they either don't have secure elements, broken verified boot, or don't properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.

    DivestOS I would say is the least worst option when it comes to supporting EoL phones. They're at least honest about what they do and don't provide unlike what other OSes do. On their website, they tell you they aren't a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.

  • I wonder how many fires have been started because people left the pizza box in the oven while trying to keep it warm
  • I'm not sure about pizza but I've heard a guy putting a casserole in his oven and forgot about it because his coworker was begging him to hang out with him. When he walked back home, his house was burned down to the ground and the firefighters told him "Some knucklehead left a casserole in the oven." He was super devastated after that.

  • Whats your favorite free open source software that everyone should try?
  • This is why Accrescent is amazing. It has automatic updates for Android 12+. Also leaving the bootloader unlocked is a security risk. Using stock or GrapheneOS (better option) on Android is best because you can lock the bootloader.

    I don't mind Fdroid being around. If you're okay with the security risk, I have no problem. I've explained to you the security issues and the misinformation that people give that FDroid is secure. I was just explaining their security vulnerabilities and explaining why Accrescent is a much better option for installing apps.

  • Whats your favorite free open source software that everyone should try?
  • I think your thinking im against FOSS but you're not understanding. Many people in the FOSS community only care about privacy and ignore security. A developer can implement security benefits to FOSS but many people don't care to do it.

    Accrescent is FOSS and it has much higher security benefits than F-Droid. Accrescent allows both open and closed sourced apps because there's no benefit being exclusive to having FOSS apps in their catalog.

    If the user chooses to not use proprietary apps on Accrescent, they don't have to install them.

  • Whats your favorite free open source software that everyone should try?
  • 2 - Manual installation methods can be insecure because a lot of people don't update their apps all the time. Obviously rooting a phone is insecure, but having no auto updates in 2023 is crazy.

    4 - It is very true, having zero quality control on new apps. The flagging of apps with problems is just following the FOSS philosophy. Any FOSS app can be added to F-Droid.

    5 - Not sure why you would want to install abandoned apps on F-Droid, let alone use an EOL device. A lot of people don't check if apps are maintained because they trust their app store.

    6 - FOSS doesn't automatically mean its secure or private. Also, why is it that I have to install proprietary apps only on the Google Play Store?

    7 - FDroid signing keys isn't an advantage because it requires an extra layer of trust. I'm already trusting the developer by installing their app, so the developer should be signing the keys. This is a reason why Signal is not on F-Droid.

  • Whats your favorite free open source software that everyone should try?
  • F-Droid has many security vulnerabilities and has many issues such as:

    1. Hosting an outdated APK client.
    2. Utilizes an obsolete installation method.
    3. Does not take advantage of modern appstore features.
    4. Has no moderation.
    5. Has no old app deletion.
    6. Has an arbitrary FOSS only rule.
    7. Does all building and signing themselves.

    If you want more details about these issues read this:

    https://privsec.dev/posts/android/f-droid-security-issues/

  • Whats your favorite free open source software that everyone should try?
  • This app isn't fully ready yet but Accrescent is a secure and private app store for Android. It aims to be a better alternative app store on Android rather than using the Google Play Store. It currently has 11 apps right now and more to come soon.

    Highly recommend to check out and support this project cuz this appstore is the best out there right now security and privacy wise.

  • I thought advertisements were supposed to be enticing...
  • Here is a more detailed explanation: https://privsec.dev/posts/android/f-droid-security-issues/

    Accrescent is a new appstore that fixes all these issues but its still in alpha stage and has 11 apps right now.

    I replaced fdroid with Obtainium that pulls apks from github,gitlab,fdroid,etc and it has support for auto updates. It's a little better than Fdroid but still has its own issues.

  • I thought advertisements were supposed to be enticing...
  • Why Fdroid is not secure:

    1. Hosts an outdated APK client.
    2. Utilizes an obsolete installation method.
    3. Does not take advantage of modern appstore features.
    4. Has no moderation.
    5. Has no old app deletion.
    6. Has an arbitrary FOSS only rule.
    7. Does all building and signing themselves.
  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)GE
    Genghis @monero.town
    Posts 0
    Comments 36