14 Apr 2021 |
_hc | jochensp: ^ | 21:31:02 |
_hc | also, did you see fdroidserver!904 | 21:31:11 |
[gibot] | [server] !904: `fdroid build --test` keeps unsigned APKs in tmp/… - https://gitlab.com/fdroid/fdroidserver/merge_requests/904 | 21:31:12 |
jochensp | _hc: https://gitlab.com/fdroid/fdroidserver/-/merge_requests/905 | 21:38:48 |
jochensp | I saw the MR, had no time to look into it yet | 21:39:09 |
jochensp | and thanks for the dev status! | 21:39:14 |
jochensp | (oups, should have pulled first :D ) | 21:40:59 |
cdesai | somebody pointed out https://f-droid.org/packages/io.nandandesai.privacybreacher/ | 23:19:30 |
cdesai | One of the things it does, "Get a list of all the apps installed on your phone.", is now guarded behind a permission for API 30 apps | 23:19:49 |
cdesai | https://developer.android.com/training/package-visibility | 23:20:23 |
cdesai | Google Play won't let just any app have that permission, https://support.google.com/googleplay/android-developer/answer/10158779?hl=en | 23:21:22 |
cdesai | I think we should at least try and flag apps / maybe give things like these their own anti feature, or something else. | 23:22:10 |
15 Apr 2021 |
| izzy left the room. | 01:57:36 |
| huss joined the room. | 02:02:04 |
Sylvia | I guess the main question is: does this permission show up in the install dialog screen | 07:04:29 |
Sylvia | If Android doesn't warn the users we should maybe yeah | 07:04:59 |
_hc | cdesai: f-droid.org is a very different context than Google Play. There is human review of every new app, and all the source code is available. So when APIs which have legitimate uses, we don't need to automatically flag them. | 07:26:58 |
_hc | the Google Play approach is about having as many apps as possible with as little work as possible, so they try to cheaply work against malware. | 07:27:50 |
_hc | and therefore are willing sacrifice a lot of useful apps in the process | 07:28:11 |
_hc | if an app in f-droid.org uses that API for tracking people, then it would be marked with the Tracking Anti-Feature | 07:28:59 |
_hc | Also, Google is a corporation, so they are legally required to maximize profit. | 07:29:55 |
_hc | I could see issuebot flagging that permission so reviewers pay attention to it | 07:30:39 |
_hc | * cdesai: f-droid.org is a very different context than Google Play. There is human review of every new app, and all the source code is available. So when APIs which have legitimate uses, we don't need to automatically flag them with Anti-Features | 07:32:45 |
FestplattenSchnitzel | How about doing today's meeting at the BBB instance https://senfcall.de/en/? | 10:35:40 |
Passiing | In reply to @eighthave:matrix.org stencil: no we only want human translation. So the Bangla contributor is doing that. You committed it though? | 11:07:20 |
_hc | how can i tell? | 11:14:53 |
_hc | I speak 2 or 3 languages, and can navigate another 5 or so related languages. That leaves out most of the langauges | 11:15:28 |
Passiing | Getting link wait | 11:15:32 |
_hc | supported by fdroioclient | 11:15:36 |
_hc | plus I only read the latin alphabet | 11:15:55 |