Pulser_G2 · Jun 4, 2013 at 10:00 am

Say Sayonara to the Play Store – Part 1

cropped-fdroidheaderThe Play Store

As promised, the first in our series of “Say Sayonara to Google” articles is about the Play Store. Love it or loathe it, the Play Store is popular. It is so popular, in fact, that it is often berated for the poor quality of apps contained within. While Google is making strides to improve this via their Bouncer malware screening platform, at the end of the day, the Play Store is built on fairly shaky security grounds.

The first security issue with the Play Store is that of remote control. Imagine someone told you the following:

I am able to remotely install arbitrary software to your phone or tablet, which can make use of any permissions available to an app, without prompting you on your device. So I can get access to your GPS location, or access files on your SD card, or access your contacts, and upload all this through the internet

If that were said, I’d hope you would be rather concerned. It’s also true; anyone with access to your Play Store account (i.e. your Google Account) can remotely install software onto your phone from the web interface. And while the Android platform itself has some precautions recently put in place (e.g. since ICS, apps cannot trigger themselves to run until you (the user) have run them once), this is hardly foolproof. Simply install a rogue app with the same icon and title as an app the user already uses, and you have a 50% chance they will open it. Most users would not panic at seeing a second copy of the icon, with power users presuming it a launcher bug.

The attacker who has access to your Play Store web account also knows what apps you have installed (making identification of a suitable app to spoof trivial). While this remote install feature can also be handy if you lose your pre-ICS phone, the ability to remote install software onto your Android device should probably raise a few concerns in the security-conscious mind.

Introducing F-Droid

fshotnew2-180x300

F-Droid is a catalogue of alternative applications, all FOSS (Free, Open Source Software). By default, F-Droid doesn’t contain any applications with ads or attempt to make use of user tracking via analytics engines and the like. It also hides applications that encourage non-free add-ons, and even which promote or make use of non-free network services or require such other applications in order to function.

Applications you download from F-Droid are (for the most-part) compiled from sources by the F-Droid servers, directly from the source code repository provided by the project. While this does entail a level of trust (though again it is worth noting all the F-Droid server software is fully open source too!), it’s also easy to download the application directly from the developer, or to compile it yourself from source (a link is given to the source).

You can see what is available in the F-Droid catalogue using their web interface, and take a look at what’s available. While the variety of apps available is nowhere near that available on Google Play, the quality of Open Source equivalent apps is often well in excess of their commercial rivals. Some apps worth a look include K9 Mail Beta (which has been recently updated to Holo UI) and Agit (an Android git browser).

Either way, the choice of free, Open Source applications is not to be sniffed at, with F-Droid offering an ever-expanding variety to choose from, all delivered using the open source client and built on the Open Source server. If you are a developer who makes Open Source applications, perhaps consider adding your app to the F-Droid repository.


_________
Want something on the XDA Portal? Send us a tip!
Jimmy McGee · Mar 5, 2015 at 06:00 am · 1 comment

RAVPower RP-WD02 – Android Accessories Review

There are so many Power Banks out there. However, they are not all the same. Some sacrifice weight for capacity. Others do the opposite. Some come with two ports and some come with more, while others come with less. Some are just batteries with a case around it, but others have some unique features. In this episode of XDA TV, Producer TK reviews the RAVPower RP-WD02 Wireless Filehub & Portable Travel Router. This device is the successor to the RP-WD01...

XDA NEWS
GermainZ · Mar 4, 2015 at 07:09 pm · no comments

A Look at the Telegram+ Situation

Most of this article doesn't only apply to Telegram+ -- it just happens to be an example that got a lot of coverage elsewhere, with many authors or commentators putting the full blame on Google, Telegram, the Telegram+ developer or even WhatsApp Inc (eh?). In this article, we'll try to look at the different aspects to provide a clear view of what actually happened, and what can (and hopefully will) improve with regards to developers in general and the Play...

XDA NEWS
Aamir Siddiqui · Mar 4, 2015 at 12:11 pm · 2 comments

Multi Boot: The Fall of Nandroid?

Ever since custom recoveries and roms became popular, nandroid backups have been the fall back method for all android enthusiasts, irrespective of their confidence levels. They allow easy backup and restore in case things go wrong, which happens invariably when a modification is being tested. With that being said, how relevant are Nandroid Backups to this day? Back in 2011, when the world of Android was being awed by the likes of the Samsung Galaxy S2, a little modification made its appearance...

XDA NEWS
Share This