It’s reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they’re granting administrative access to their devices.
Izzydroid’s security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.
Is there more reputation information about this app available?
I’m surprised users find the app store that compelling for a one-time “install” with updates not a factor. Do they cite any other reasons for wanting a different approach?
I’m coming at it from the opposite side; social media isn’t a reasonable alternative to RSS, but people often use it as such. RSS is as you say, for getting updates from specific sources without being at the mercy of a third-party’s recommendation algorithm.
I’m not very aggressive about disabling[0] notifications. I don’t install apps that try to sell me stuff or otherwise manipulate me though so it’s rare I get unwanted notifications.
Quite a few commercial apps have perfectly good websites, and I use those in preference to apps most of the time.
[0] Technically just not enabling; Android now requires them to ask for permission before sending any
They can be my really close friends or family and ask me for an account, which I would actively discourage (join something well-run like .world) but eventually allow if they really wanted to.
I did not know that it was possible to have root on GrapheneOS with a locked bootloader, but there have been ROMs with SU functionality built in, and adding their keys would be a straightforward way to have root and a locked bootloader.
There may be some other comments being unfair. People shouldn’t complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
I think it’s more like two:
If an app granted root privileges is compromised, the damage it can cause is much greater
The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn’t easier for users to add signing keys and re-lock the bootloader
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don’t disagree with the design complaints in theory, but in practice it doesn’t hold up. I’ve seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.
I’m reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.
Of course someone with high-value secrets on their device or who’s likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.
Nobody is interested in finding an RSS feed. People are interested in getting updates when writers they like post new writing, when bands they like post new tour dates, etc…
One of the use cases I have in mind is styling an RSS feed as a web page and including a short explanation of how to use it. That comes with a need to suggest specific software.
Texas can however make it illegal to have drugs in your system while in Texas
I’m not sure that’s actually a crime in Texas (please link a law if you know of one), and using it as evidence of prior drug possession is legally iffy as this Ohio case shows. In your example of consuming cannabis in California before traveling to Texas, it would be an even more difficult case for Texas prosecutors.
I don’t want the parole thing to confuse the issue
It does though; parole can include restrictions like “pass random drug tests”, “don’t drink alcohol”, etc… that can’t be imposed on people without a prior criminal conviction. It’s probably best to leave parole out of the discussion entirely.
the concern is ipso facto the termination.
When it comes to an abortion outside the state, the laws I’m aware of concern travel for the purpose of abortion. An alternate purpose for the travel could be useful as a defense, but that’s best delivered by one’s lawyer after charges are filed.
Unfortunately, Flym seems to be discontinued (according to its F-Droid entry). Google Play won’t install it on newer versions of Android because it’s built for older versions. I can’t use it for this use case for that reason.
That’s true in the sense that if a very sophisticated organization directly targets your family chat for surveillance, they’re going to find a way to access its content no matter what communication method you use.
Threat modeling is core to security, and that kind of threat probably isn’t the issue here. Mass surveillance, both government and corporate is, and neither is likely to secretly install malware on a family-members phone that can access the contents of the group chat. Doing that to large numbers of people would get them caught; they save it for valuable targets.
Governments openly forcing the install of spyware, as I’ve read China does in some cases would be an exception; you cannot have a secure conversation involving a device so compromised.