It’s reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they’re granting administrative access to their devices.
Izzydroid’s security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.
Is there more reputation information about this app available?
It’s from the same devs of aurora store, aurora droid
And really, so much talking and scepticism around a free and open source app, you can go and check the source, or at least read a review about it (though the app wasn’t update
OP is recommending a cool app to spark a conversation, but all the replies are just complaints
Cool people made a cool app, cool people are hosting an alternative fdroid repo so it’s easier and faster for devs to publish their projects for the world to see, and cool people found this app and decided to share with other people
But those people are just behaving like boomers and saying that everything around is fake, dangerous, and so on
If somebody cares for security, why would that person even have root in the first place, same with fdroid, if you care for security you shouldn’t use fdroid
Sorry if i’m being to rough, everything i said is not really addressed to you, i’m just being pissed by people not appreciating somebody’s will to start a nice conversation
P.s. the last update of this app was like 3 years ago, if somebody cares for security, they should never install an app that old, it’s not even about root or some policies
I’m not complaining. I’m asking for some evidence this app is trustworthy.
Security is not binary. Having root can be bad for security, but it doesn’t have to be especially if you’re careful about what apps you grant root to, which is the point of my original comment. Having root can also be a security benefit because it offers more opportunities for detecting and blocking harmful and privacy-invasive apps, as this app does (if it’s trustworthy).
I don’t think F-Droid with the official repositories is a negative for security either; I suspect it’s less likely to contain outright malware than Google Play, and I’m sure the average app on F-Droid is less likely to be privacy-invasive. Adding random repositories suggested by strangers on the internet can be a different story, and asking who can vouch for the one suggested in this thread seems like a reasonable mitigation to me.
My last comment wasn’t really addressed personally to you, sorry i sounded like that
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
It means you have your bootloader unlocked, you have secure boot disabled which allows for persistent malware. Just having root by itself opens up many more remote, zero click, or just very dangerous exploits
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
Of course, everything depends on the thread model
I personally really like fdroid and izzy, and other custom repos. And root is a cool thing, although i don’t have it on my daily driver(but have on my test phone)
There may be some other comments being unfair. People shouldn’t complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
I think it’s more like two:
If an app granted root privileges is compromised, the damage it can cause is much greater
The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn’t easier for users to add signing keys and re-lock the bootloader
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don’t disagree with the design complaints in theory, but in practice it doesn’t hold up. I’ve seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.
I’m reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.
Of course someone with high-value secrets on their device or who’s likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.
The bootloader has to be unlocked for most approaches to gaining root;
Did you know you can root grapheneos, and lock the bootloader? 😂 pretty dangerous stuff to do, but possible!
concludes that most users are better off getting apps from Google Play.
In general, screw google play, and screw google, or any big corpo, it’s not even about security, but about them being bad companies and bad services
And the same about windows, joy is the most important thing, if software is full of trackers and just designed poorly, why would anyone want to use it 🫠
I did not know that it was possible to have root on GrapheneOS with a locked bootloader, but there have been ROMs with SU functionality built in, and adding their keys would be a straightforward way to have root and a locked bootloader.
lawnchair is still being developed but no builds are being pushed. I’m using someone’s fork they made specifically to build their own releases: (use at your own discretion) https://github.com/Goooler/LawnchairRelease/
Lawnchair, according to the devs, is not abandoned. In late November (of 2023), they said:
Sorry for the long break in Lawnchair announcements.
We have made significant progress in regards to Lawnchair development, and we are now actually developing Lawnchair 13 (with A13 QuickSwitch support) and custom-made no-root global search. Stay tuned for more updates and sneak peeks.
Coming soon to a lawnmower near you™
(And no, we are not dead. Also No ETAs.)
Then in December:
Hello again!
This time around, we are now developing Lawnchair 14 (with A14 QuickSwitch support). Alongside that, we are also re-adding an option to Hide Dock and options for custom Feed Providers, alongside other new features (we wont give too many spoilers 👀)
We also plan to support QuickSwitch for Android 11 to Android 14, so you can use Lawnchair with QuickSwitch on all your recent devices. (We will prioritize A12.1 to A14 first though).
Same. I felt I couldn’t live without Nova, now I feel like I can’t live without KISS. I really like the “swipe and type” flow to open an app and touching an empty area to open the recent entries. All that depends on your settings ofc. It’s not the prettiest, but it’s by far the fastest launcher I’ve had.
Does the bill need some amendments to clear up some ambiguity? Maybe, idk, I’m not Irish nor am I a legal expert; I know virtually nothing about the Irish legal system.
But based on the BBC article, it sounds like the intention of the bill is to get some hate crime laws on the books for Ireland, which they apparently have none so far.
I am very much in favor of punishing hate crimes/hate speech. Free Speech absolutism is braindead, and those who preach it are often hypocrites. Take Musk for example, self proclaimed free speech absolutist. Sure he allows people to hurl a variety of slurs on his platform but then goes and bans a bunch of left-wing accounts. Advocating for white supremacy is covered by free speech but advocating for socialism is not? That really ought to make you question if free speech is really Musk’s goal.
Law system here is basically common law. Legislation directs it but ultimately the judiciary are the final arbiters. Laws may be referred before signing for constitutionality but that’s quite rare.
I’m skipping a lot but that’s my “not a lawyer” ten second summary.
Yeah I’ve no issue with hate laws as a general exception to freedom of speech but there are some weird laws here. This does sound open to abuse from what I’m reading in OP but honestly this is the first I’ve heard of it and there’s not much to go on so I’ll have to reserve judgement until I’ve had a chance to read more.
In general I would prefer more free speech here, not less. Like I don’t want someone getting arrested for calling me a filthy paddy for example or having a meme of similar. It would make them a dickhead but I don’t think it’s worth jail time over. Again though I’ll have to read more.
We had a weird provision where blasphemy was illegal until recently but that was honestly largely because it required a public constitutional vote to remove (as all changes to our constitution do).
While writing this I’ve taken time to do some reading on current obscenity law status. The laws do sound quite archaic but have been reasonably implemented by the judiciary. Some examples below: (DPP is the department of public prosecution)
DPP v. DPP (2010): The Supreme Court of Ireland ruled that a website that depicted child pornography was an obscene publication.
DPP v. Walsh (2014): The Court of Appeal of Ireland ruled that a magazine that featured explicit photographs of adult women was not an obscene publication.
DPP v. McGivern (2018): The High Court of Ireland ruled that a book that contained graphic descriptions of sexual violence was not an obscene publication
Edit: If you make it this far you mention hate crime but not hate speech in the US. Freedom of speech there is reasonably close to absolute, right? Barring things like defamation etc.
I’ve seen that awful church protesting with what is absolutely hate speech “God hates fags” etc.
True, but another commonly cited exception is that it’s illegal to yell fire in a crowded theater where there is no fire. My assumption is the rationale being, if your speech is likely to present a danger to people it shouldn’t be legal.
But you’re correct, America is pretty tolerant of hate speech, and it does lead to some pretty negative consequences imo.
Probably a better comparison would be countries like Canada or Germany.
EDIT:
I do applaud you for taking the time to research it rather than getting caught up in the sensationalism of a Twitter post like so many others replying to me.
This is more of an argument against EM than free speech absolutism, since your point is that he doesn’t actually believe in it. But anyway it seems like there should be some possible middle ground between a truly absolutist position on free speech, and the overt disdain for free speech implied by a vague prohibition like the OP law. Isn’t it valuable for people to generally be able to speak their minds? That can be the case even if the loudest people hiding behind the idea are disingenuous, or if the furthest interpretations of it go too far.
Willing to bet some motherfucker has hardcoded twitter domain on the backend in one (or many) link generation process(es) on the basis “it’s not like they’re going to change the name” and now it borks occasionally if they use x.com
Oh god. You’ve probably hit the nail on the head both directions all the same, how many methods/classes/variables are going to have twitter in the name somewhere. Or random bash scripts that pass an arg to something else from a job scheduler. This shit gives me the heebeejeebees just thinking about it.
For some reason I’m now thinking about a video game called x.com where you have to fight aliens who have infiltrated and taken over a major social media site and are trying to TAKE OVER THE WORLD Wide Web.
(Actually, that kinda sounds like a sequal to x-bill.)
The law seems well intentioned and I agree with that intent but there is definitely potential for abuse. One thing benevolent governments should assume when drafting legislation is that there will be a government in the future that will try to abuse legislation to hold on to power and word it to prevent that abuse happening.
Still reading through the full text but it is quite broad so that is a legitimate concern.
Edit: The “protection of freedom of expression” part is four lines of nothing.
It’s not clear to me yet if satire is protected. Like is a comic mocking an aspect of religion “hate”?
Love the extension, but it’s a shame not all the alternate front-ends work. The Reddit ones stopped working a while ago, the fandom one is unreliable, lots of other ones are just a tad too slow.
If your hardware supports, you may self-host your favourite privacy frontends (e.g. LibReddit) on docker on your system, and point that extension to your self-hosted privacy frontend servers.
libreddit is the Reddit front end. Reddit did something, it seems they blocked IP addresses. There are ways around it and folks do have some instances, but there’s sitll a lot out there that don’t work. You can rung your own libreddit and put it through Cloudflare’s bridge thing and then point libredirect to your own libreddit for stability.
The whole age verification can be done privately, secure and without the possibility to get tracked. But imho still not really a good thing to do. Parenting should still be a thing.
Thank you for the links to Wikipedia and identity.com on that other thread. I’ve yet to wrap my head around how zero-knowledge proof could work for such a basic assertion as “user is of legal age”, which calls for a 0 or 1 answer. It seems very different from the examples given of polynomial computations to prove knowledge of an exponent in a complex math expression. I can’t see what could prevent any client to simply lie about the answer here.
You do you, but realize it’s hardly for chumps just because you’re too cheap to shell out a couple of dollars for an app you’ll potentially spend tens to hundreds of hours on. That’s a very strange thing to call others chumps for.
No, I simply do not spend hundreds of hours on any phone app. Social media is not very important to me, and I would always rather use a web browser on one of my nice computers for a superior Internet browsing experience.
Look, I get where you’re coming from, but there’s a difference between a $965B corporation whose sole purpose is to harvest your personal info for ads, and a solo dev who just wants to make their (and your) Lemmy browsing a bit less painful. They’re putting in a hellofa lot of time and effort into this thing, which means a hellofa lot of time not spent making money at a regular job. I’m more than happy to kick a few bucks here and there to keep something like that afloat, especially given how apps like Boost and Sync make me actually want to spend time on Lemmy. Encouraging fediverse adoption is a win for the whole ecosystem. You don’t have to use Boost, and if you do choose to install it, you don’t have to pay. There’s an inexpensive ad-free version alongside the ad-supported one for exactly that reason. But complaining about Boost because you hate “social media apps” is like yelling “Fuck Nestle” at the 12-year-old selling lemonade from their driveway. Different scale, different purpose.
It’s fine to not pay, but I’m glad that some people do support indie devs when they can. The world would be a lot bleaker without little passion projects like this dotting the landscape and filling in the gaps to help bigger projects like Lemmy take off.
Provided that the developer can either remove contributed code or seek copyright licences from every contributor it can be done. Whether this did happen or not is unclear, the developer appears a little arrogant about having written the majority of the code, showing little appreciation towards minor contributors. We cannot tell whether the contributors gave permission for their code to be re-licenced or if their code was removed.
Personally, when contributing to GPL projects I would expect that this kind of thing wouldn’t be possible. Using the GPL is a very philosophical choice of licence and is a move to say that you really care about your users
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.