Pulser_G2 · Jun 4, 2013 at 10:00 am

Say Sayonara to the Play Store – Part 1

cropped-fdroidheaderThe Play Store

As promised, the first in our series of “Say Sayonara to Google” articles is about the Play Store. Love it or loathe it, the Play Store is popular. It is so popular, in fact, that it is often berated for the poor quality of apps contained within. While Google is making strides to improve this via their Bouncer malware screening platform, at the end of the day, the Play Store is built on fairly shaky security grounds.

The first security issue with the Play Store is that of remote control. Imagine someone told you the following:

I am able to remotely install arbitrary software to your phone or tablet, which can make use of any permissions available to an app, without prompting you on your device. So I can get access to your GPS location, or access files on your SD card, or access your contacts, and upload all this through the internet

If that were said, I’d hope you would be rather concerned. It’s also true; anyone with access to your Play Store account (i.e. your Google Account) can remotely install software onto your phone from the web interface. And while the Android platform itself has some precautions recently put in place (e.g. since ICS, apps cannot trigger themselves to run until you (the user) have run them once), this is hardly foolproof. Simply install a rogue app with the same icon and title as an app the user already uses, and you have a 50% chance they will open it. Most users would not panic at seeing a second copy of the icon, with power users presuming it a launcher bug.

The attacker who has access to your Play Store web account also knows what apps you have installed (making identification of a suitable app to spoof trivial). While this remote install feature can also be handy if you lose your pre-ICS phone, the ability to remote install software onto your Android device should probably raise a few concerns in the security-conscious mind.

Introducing F-Droid

fshotnew2-180x300

F-Droid is a catalogue of alternative applications, all FOSS (Free, Open Source Software). By default, F-Droid doesn’t contain any applications with ads or attempt to make use of user tracking via analytics engines and the like. It also hides applications that encourage non-free add-ons, and even which promote or make use of non-free network services or require such other applications in order to function.

Applications you download from F-Droid are (for the most-part) compiled from sources by the F-Droid servers, directly from the source code repository provided by the project. While this does entail a level of trust (though again it is worth noting all the F-Droid server software is fully open source too!), it’s also easy to download the application directly from the developer, or to compile it yourself from source (a link is given to the source).

You can see what is available in the F-Droid catalogue using their web interface, and take a look at what’s available. While the variety of apps available is nowhere near that available on Google Play, the quality of Open Source equivalent apps is often well in excess of their commercial rivals. Some apps worth a look include K9 Mail Beta (which has been recently updated to Holo UI) and Agit (an Android git browser).

Either way, the choice of free, Open Source applications is not to be sniffed at, with F-Droid offering an ever-expanding variety to choose from, all delivered using the open source client and built on the Open Source server. If you are a developer who makes Open Source applications, perhaps consider adding your app to the F-Droid repository.


_________
Want something on the XDA Portal? Send us a tip!

Pulser_G2

Pulser_G2 is an editor on XDA-Developers, the largest community for Android users. Developer Admin at xda-developers, interested in everything in mobile and security. A developer and engineer, who would re-write everything in C or Assembler if the time was there. View Pulser_G2's posts and articles here.
Mike McCrary · Jul 27, 2015 at 03:19 pm · 2 comments

A Helpful Guide to Music Streaming Services

With the launch of Apple Music, music streaming services have recently gained a lot of consumer interest, and as usual, Apple's foray into the market has caused disruption, as competitors scramble to introduce new features and modify their pricing structures in order to better compete, and as fresh users new to the market continue to evaluate and decide which service would suit them the best.   While many people are quick to denounce all streaming services as being a variable of...

XDA NEWS
Aamir Siddiqui · Jul 27, 2015 at 12:59 pm · 1 comment

New Android One Device Dead On Arrival

Today, Google announced the second generation of Android One devices, with the new Lava Pixel V1. The Lava Pixel V1 is made in collaboration with Lava International Limited, a handset company in India which competes in the domestic market against other competitors like Micromax, Karbonn and Spice. The device features a premium looking design, with a plastic back emulating a metal look and thin bezels on the front. The spec sheet of the device includes a Mediatek MT6582 processor clocked...

XDA NEWS
Aamir Siddiqui · Jul 27, 2015 at 12:21 pm · 6 comments

OnePlus 2 Leaked, Actually Prettier Than Expected

The OnePlus 2 launch event is mere hours away, and we have been treated to clear, hands on pictures courtesy of XDA Member chinaleakking, who claims to be a beta tester for the OnePlus 2. So without much ado, let's get on with it! The OnePlus 2 was spotted earlier when it paid a visit to TENAA, and the general reaction that followed was that the device looked bad. However, with these clear pictures, it should be no surprise that the...

XDA NEWS