this post was submitted on 08 Dec 2023
22 points (100.0% liked)

Free and Open Source Software

18013 readers
26 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

@foss In reference to this post- https://lemmy.ml/post/6374732

For Molly, I kept seeing this popup by Google when downloading Molly FOSS from fdroid.

Should I be concerned? What should I do to ensure I am downloading Molly from a trusted source if Fdroid isn't an ideal place (due to misleading names as depicted in the referenced post)?

top 11 comments
sorted by: hot top controversial new old
[–] Ganbat@lemmyonline.com 22 points 1 year ago (2 children)

This is kinda like Windows with the "We don't recognize this application" message. Letting it scan will probably just help other users avoid this annoyance in the future. You can also shut off play protect from the play store settings.

[–] BearOfaTime@lemm.ee 3 points 1 year ago (1 children)

It still does this with app scanning turned off, unfortunately.

[–] Ganbat@lemmyonline.com 4 points 1 year ago* (last edited 1 year ago)

Oh, wow, that's absolute bullshit from Google in that case.

[–] 0x4E4F@infosec.pub 2 points 1 year ago

Yeah, I have it turned off by default.

[–] otter@lemmy.ca 17 points 1 year ago (1 children)

Play Protect gives a lot of false positive warnings for me, and I usually just ignore them

FDroid is one of the safest, but you may need to go into settings -> repositories to check which repos are being used. What is checked off when you do that?

[–] brie 6 points 1 year ago

The repo a specific app comes from can also be checked by opening the list of versions, then clicking on one of the versions to show the details.

[–] appel@whiskers.bim.boats 13 points 1 year ago (1 children)

Of course, google is trying to dissuade you from using other app stores, nothing more. You might be able to download and install it from GitHub using obtainium if you really want to verify the origin of the app.

[–] xor@lemmy.blahaj.zone 16 points 1 year ago* (last edited 1 year ago) (1 children)

Eh, I think there's definitely some legitimacy to doing a virus scan for applications with unrecognised signatures

Not everyone knows how to (or even can for many apps) manually verify the authenticity of their apks

And plenty of non-technical people will just install random shit from the internet without thinking

[–] BearOfaTime@lemm.ee 3 points 1 year ago* (last edited 1 year ago)

And yet most malware comes from the Play store.

[–] BearOfaTime@lemm.ee 4 points 1 year ago

This BS is one of the last straws pushing me away from Google.

Running DivestOS, you can install MicroG as a user app in a secondary profile. So it runs only when you want it to. You can install play store there too, and again it only runs when you want it to.

That should limit this nonsense until I can replace my paid for apps with something else.

Shut up Google. Most malware comes from the play store.

[–] monkE@feddit.ch 3 points 1 year ago

It's fine if you downloaded it from official place. Sometimes warnings are shown for apps which are patched or forked from original. If it's the offical place then don't worry