PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Italicize update tag and clean up wording

Browse Source 
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
This commit is contained in:
friendly-rabbit-35 2024-05-21 13:33:33 +00:00 committed by Friendly Rabbit
parent 2662515e6f
commit 6b25f066ea
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/posts/android/F-Droid Security Issues.md
View File

@ -127,10 +127,10 @@ Furthermore, F-Droid **[doesn't enforce a minimum target SDK](https://gitlab.com
There is little practical reason for developers not to increase the target SDK version (`targetSdkVersion`) with each Android release. This attribute matches the version of the platform an app is targeting, and allows access to modern improvements, rules and features on a modern OS. An app can still ensure backwards compatibility in such a way that it can run on older platforms: the `minSdkVersion` attribute informs the system about the minimum API level required for an application to run. Setting it too low isn't practical though, because this requires having a lot of fallback code (most of which is handled by common libraries) and separate code paths.
Keeping the **app ecosystem modern and healthy** is necessary, though it may seem bothersome. As shown above, F-Droid's lack of enforcement on this front sends the wrong message to developers (and even users). They should care about an modern and healthy app ecosystem, and this is why many of us think F-Droid's [relegation of this upkeep](https://gitlab.com/fdroid/fdroiddata/-/issues/2210#note_440967209) to individual app developers may be even harmful to the FOSS ecosystem. Backward compatibility is often the enemy of security, and while there's a middle-ground for convenience and obsolescence, it shouldn't be exaggerated. As a result of this philosophy, the main repository of F-Droid is filled with obsolete apps from another era, just for these apps to be able to run on the more than ten years old Android 4.0 "Ice Cream Sandwich". Let's not make the same mistake as the desktop platforms: instead, complain to your vendors for selling devices with no decent OS/firmware support.
Keeping the **app ecosystem modern and healthy** is necessary, though it may seem bothersome. As shown above, F-Droid's lack of enforcement on this front sends the wrong message to developers and even users. They should care about a modern and healthy app ecosystem, and this is why many of us think that F-Droid [relegating this upkeep](https://gitlab.com/fdroid/fdroiddata/-/issues/2210#note_440967209) to individual app developers may be even harmful to the FOSS ecosystem. Backward compatibility is often the enemy of security, and while there's a middle-ground for convenience and obsolescence, it shouldn't be exaggerated. As a result of this philosophy, the main repository of F-Droid is filled with obsolete apps from another era, just for these apps to be able to run on the more than ten years-old Android 4.0 "Ice Cream Sandwich". Let's not make the same mistake as desktop platforms: instead, complain to your vendors for selling devices with no decent OS/firmware support.
At the time of writing:
- Android 12 is the oldest Android version that is [receiving security updates](https://endoflife.date/android). (Last updated on May 20, 2024)
- Android 12 is the oldest Android version that is [receiving security updates](https://endoflife.date/android). (*Last updated on May 20, 2024*)
- [~80% of the Android devices](https://developer.android.com/about/dashboards) in the world are running **at least** 8.0 "Oreo".
*Overall statistics do not reflect real-world usage of a given app (people using old devices are not necessarily using your app). If anything, it should be viewed as an underestimation.*