Pulser_G2 · Jun 4, 2013 at 10:00 am

Say Sayonara to the Play Store – Part 1

cropped-fdroidheaderThe Play Store

As promised, the first in our series of “Say Sayonara to Google” articles is about the Play Store. Love it or loathe it, the Play Store is popular. It is so popular, in fact, that it is often berated for the poor quality of apps contained within. While Google is making strides to improve this via their Bouncer malware screening platform, at the end of the day, the Play Store is built on fairly shaky security grounds.

The first security issue with the Play Store is that of remote control. Imagine someone told you the following:

I am able to remotely install arbitrary software to your phone or tablet, which can make use of any permissions available to an app, without prompting you on your device. So I can get access to your GPS location, or access files on your SD card, or access your contacts, and upload all this through the internet

If that were said, I’d hope you would be rather concerned. It’s also true; anyone with access to your Play Store account (i.e. your Google Account) can remotely install software onto your phone from the web interface. And while the Android platform itself has some precautions recently put in place (e.g. since ICS, apps cannot trigger themselves to run until you (the user) have run them once), this is hardly foolproof. Simply install a rogue app with the same icon and title as an app the user already uses, and you have a 50% chance they will open it. Most users would not panic at seeing a second copy of the icon, with power users presuming it a launcher bug.

The attacker who has access to your Play Store web account also knows what apps you have installed (making identification of a suitable app to spoof trivial). While this remote install feature can also be handy if you lose your pre-ICS phone, the ability to remote install software onto your Android device should probably raise a few concerns in the security-conscious mind.

Introducing F-Droid

fshotnew2-180x300

F-Droid is a catalogue of alternative applications, all FOSS (Free, Open Source Software). By default, F-Droid doesn’t contain any applications with ads or attempt to make use of user tracking via analytics engines and the like. It also hides applications that encourage non-free add-ons, and even which promote or make use of non-free network services or require such other applications in order to function.

Applications you download from F-Droid are (for the most-part) compiled from sources by the F-Droid servers, directly from the source code repository provided by the project. While this does entail a level of trust (though again it is worth noting all the F-Droid server software is fully open source too!), it’s also easy to download the application directly from the developer, or to compile it yourself from source (a link is given to the source).

You can see what is available in the F-Droid catalogue using their web interface, and take a look at what’s available. While the variety of apps available is nowhere near that available on Google Play, the quality of Open Source equivalent apps is often well in excess of their commercial rivals. Some apps worth a look include K9 Mail Beta (which has been recently updated to Holo UI) and Agit (an Android git browser).

Either way, the choice of free, Open Source applications is not to be sniffed at, with F-Droid offering an ever-expanding variety to choose from, all delivered using the open source client and built on the Open Source server. If you are a developer who makes Open Source applications, perhaps consider adding your app to the F-Droid repository.


_________
Want something on the XDA Portal? Send us a tip!

Pulser_G2

Pulser_G2 is an editor on XDA-Developers, the largest community for Android users. Developer Admin at xda-developers, interested in everything in mobile and security. A developer and engineer, who would re-write everything in C or Assembler if the time was there.
Mathew Brack · Mar 26, 2015 at 10:09 pm · 3 comments

LG G4 Note Leaks

T-Mobile employee and XDA user s3rv1cet3ch has leaked images that he claims are of the upcoming LG G4 Note, LG's answer to the Samsung Note series and 'big brother' to the G4.  LG CEO Cho has been quoted as saying at a press meeting that the company would unveil the next flagship smartphone, G4, in the second quarter, and another high-end product in the second half. With the second quarter now just days away we could finally have a few hints of...

XDA NEWS
Mathew Brack · Mar 26, 2015 at 06:07 pm · 3 comments

HTC M9 Roundup: Availability and Prices

The HTC One M9, Available in both 'Gold on Silver' and 'Metal Gray' colors will be available for sale in stores across the US on April 10th, however most carriers are starting preorders tomorrow on March 27th. No matter which network you order yours from you will be covered by HTC's new Uh-Oh service. Throughout the day today we have seen just as many announcements from carriers regarding pre-order information and prices for Samsung's new flagships the Galaxy S6 and S6 Edge. If...

XDA NEWS
Mario Tomás Serrafero · Mar 26, 2015 at 05:15 pm · 1 comment

OnePlus Late March AMAA Roundup

OnePlus is one of those companies that appear one day and next thing you know, they are all over the internet. Their original OnePlus One phone was a major success in the mobile space due to its low price yet remarkable specifications - the ultimate goal of the company and their “Never Settle” slogan. We love talking about “the little OEM that could”, not necessarily because they are good or bad, but because their business and marketing strategies are very...

XDA NEWS
Share This