PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-21 20:31:33 -05:00
Code

F-Droid targetSdk now 29, remove mention of abandoned clients, remove outdated info re: Droid-ify/Neo Store situation, link to info about 3rd party clients missing features

Browse Source 
Signed-off-by: randomwithnoname <184692997+randomwithnoname@users.noreply.github.com>
This commit is contained in:
randomwithnoname 2024-11-22 11:25:44 +00:00 committed by GitHub
parent 1ce4e7917a
commit 31e57e79ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/android/F-Droid Security Issues.md
View File

@ -78,7 +78,7 @@ allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
This is a mere sample of the [SELinux exceptions](https://android.googlesource.com/platform/system/sepolicy/+/refs/tags/android-12.0.0_r21/private) that have to be made on older API levels so that you can understand why it matters.
It turns out the official F-Droid client doesn't care much about this since it lags behind quite a bit, **[targeting the API level 25](https://gitlab.com/fdroid/fdroidclient/-/blob/2a8b16683a2dbee16d624a58e7dd3ea1da772fbd/app/build.gradle#L33)** (Android 7.1) of which some SELinux exceptions were shown above. As a workaround, some users recommended third-party clients such as [Foxy Droid](https://f-droid.org/en/packages/nya.kitsunyan.foxydroid/) or [Aurora Droid](https://f-droid.org/en/packages/com.aurora.adroid/). While these clients might be technically better, they're poorly maintained for some, and they also introduce yet another party to the mix. [Droid-ify](https://github.com/Iamlooker/Droid-ify) (recently rebranded to Neo-Store) seems to be a better option than the official client in most aspects.
It turns out the official F-Droid client doesn't care much about this since it lags behind quite a bit, **[targeting the API level 29](https://gitlab.com/fdroid/fdroidclient/-/blob/master/app/build.gradle?ref_type=heads#L42)** (Android 7.1) of which some SELinux exceptions were shown above. As a workaround, some users recommended third-party clients like [Droid-ify](https://github.com/Iamlooker/Droid-ify) or [Neo Store](https://github.com/NeoApplications/Neo-Store). While these clients might be technically better, theyre [missing features](https://infosec.exchange/@divested/111174351060422166), pooly maintained, and they also introduce yet another party to the mix.
Furthermore, F-Droid **doesn't enforce a minimum target SDK** for the official repository. Play Store [does that quite aggressively](https://developer.android.com/google/play/requirements/target-sdk) for new apps and app updates: