←back to thread

Google bans Podcast Addict app over non-approved Covid-19 content

(reclaimthenet.org)
1525 points garyclarke27 | 6 comments | 18 May 20 07:37 UTC | HN request time: 0s | source | bottom
Show context
JeremyNT ◴[18 May 20 14:42 UTC] No.23222914[source]
If you are an end user who would like to avoid getting caught in this situation, you might want to switch to using F-Droid [0] as your primary source of Android software. The selection is more limited, but because everything is open source and distributed outside of Google's walled garden, you can be sure that it won't be arbitrarily removed because of the whims of corporate bureaucracy.

I write this not as a dogmatic free software proponent, either; I have bought apps on the Play Store in the past and would consider doing so if the experience weren't so poor. Dealing with the Play Store has gotten so frustrating (not just due to this issue, but also due to the difficulty of filtering out shovelware and spyware) that I only reach for it as a last resort now.

[0] https://f-droid.org/

replies(1): >>23223027 #
1. rjmunro ◴[18 May 20 14:49 UTC] No.23223027[source]
How does f-droid police "shovelware and spyware"? Or just outright malware? Surely they will remove it? In which case your favourite app might be "arbitrarily removed"?
replies(4): >>23223172 #>>23223205 #>>23224516 #>>23224754 #
2. goda90 ◴[18 May 20 15:00 UTC] No.23223172[source]
They try to scan for them, and have reporting options. Its open source apps only, so first, if its removed, then arguments can be made using the full source code as evidence one way or another. And you can always grab the code for your favorite app and build it yourself.

https://f-droid.org/en/docs/Anti-Features/

replies(1): >>23223553 #
3. cxr ◴[18 May 20 15:02 UTC] No.23223205[source]
F-Droid only carries FOSS. Technically, that wouldn't prohibit a malware vendor from getting their app into the catalog, but like the processes for package repositories for desktop distros, there's a lot of cultural, social, and procedural baggage associated with being the kind of project that gets distributed through those channels. Who's going to go through the effort? The whole point of shovelware is that it's a low-effort process.
4. UncleMeat ◴[18 May 20 15:27 UTC] No.23223553[source]
Open source doesn't change anything here. Bytecode has a extremely tight relationship with source so even if none of the code is open you can still strongly point to specific pieces of code that cause problems. The core issue with detailed explanations of the malicious behavior that trips over automated detection is that it enables malware authors to more easily hide malicious behavior.
5. ◴[18 May 20 16:25 UTC] No.23224516[source]
6. JeremyNT ◴[18 May 20 16:41 UTC] No.23224754[source]
Any app distribution platform carries with it a risk of hosting user-hostile software, so it is certainly not immune. Fortunately there are fewer incentives for trying to sneak such software into F-Droid which results in fewer (if any) straight up lies intended to trick users into buying misleading software or exposing their data for the sake of ad revenue.

This is of course the same issue we all face when opting to pull in an OSS dependency for our own projects (from npm or docker or rubygems or rust crates or...): we need to decide on our own how far to trust the software maintainers.

The android permissions model offers some degree of protection in both stores from hostile software. However, unlike the Play Store which offers only a couple of tags (contains in-app purchases / contains ads), in F-Droid any known "antifeatures" (i.e. association with paid services) are listed explicitly in the catalogue.

As for abandonware (or other software that F-Droid drops for practical concerns), users could still acquire the code and build it themselves, which means that a developer stepping away from a piece of software does not mean a user needs to say goodbye.