this post was submitted on 13 Sep 2024
82 points (98.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54746 readers
222 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

qBitController is a free and open-source app for controlling qBittorrent from an Android device.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 2 months ago (2 children)

I understand the developer may be known and trusted

But I do not have the expertise to do my own thorough code review

[–] [email protected] 6 points 2 months ago (1 children)

What does Google play do to remediate it?

[–] [email protected] 2 points 2 months ago

They do basic checking for known malware.

[–] [email protected] 15 points 2 months ago (2 children)

If that's of your concern, you can't download the play store version either. It is the same app, has the same signature.

[–] [email protected] 11 points 2 months ago

as if the play store only contains safe APKs right?

[–] [email protected] 2 points 2 months ago (2 children)

Excuse my ignorance and correct me if I'm wrong

But does the play store not do some sort of scanning itself?

[–] [email protected] 15 points 2 months ago

Even worse. Many apps have google signature instead of the developers. They upload their key and give it to google. Horrible practice. Nowadays, fdroid gravitates towards reproducible builds with the dev's own signature and google is going the other way round. Gravitating towards an unsafe "best practice" ...

[–] [email protected] 8 points 2 months ago (1 children)

Potentially, but that doesn't really matter, as you can match the signatures of the two versions and see that they are the same. You cannot fake that and have one version have different code, it's not possible.

[–] [email protected] 3 points 2 months ago

Thanks for the insight :)