Oh true, that’s like a complete takeover
I will never ever look for banking app in OpenRepos. And I have no evidence of problems, just being paranoic. In fact, I am affraid of anything but official store when talking about any mobile OS. Still, I am a Linux user for years, even a developer and do not have such fears on desktop. Desktop is easy, a zilion of people have tested every app before you and I fully understand and respect root/user permissions etc. On SFOS, well, only few users reports about the apps and usually and least one of them has problems. Always. On desktop, if I really do something very stupid, I think, I am able to restore the system without losing the user data. I have never read that somebody has bricked his desktop, but there are many reports about users that do this with their phone. Well, maybe I am just to old for mobile devices, they did not exist in my youth.
You are aware that Win10 updates brick desktops mostly?
Do you really believe Jolla does an in-depth analysis of every app they receive as binary package before accepting it to the store?
I’m almost certain should a potential bankng app eventually “go rogue” it won’t be found out by store compliance testing but with end users who will flood the comments section with warnings and also contact the store/openrepos admins to disable the account.
I also believe the threat to be quite low at this point. SFOS is a niche market and will be overproportionally used by geeks or at least people who made the delibarate decision to flash their phones to SFOS which also requires someone to be computer literate to some extent. That does not eliminate the threats by itself but makes SFOS users not the ideal targets for fraud of any kind I guess. Especially if you have millons of Android users around who largely don’t know what they are doing to chose from.
You name a few. Wikipedia is asking for donations every year.
We have had this discussion before .Then Jolla introduced Flattr, which was not a success.
To my opinion paid apps can improve the quality.
I have several very good Sailfish apps on my device. Have paid for them.sometimes .Others are eh, crappy. Let’s be honest, gererally spoken the best apps are in iOS and Google Play. Think also of beautiful games like The Room, or the games by Amanita Design .Also the contradiction between open.source and private is unnecessary. Open source is better, but doesn’t need to be free of charge. And free apps that are closed (Whatsapp e.g) can be rejectable also.
I have always hoped that Jolla/Sailfish could be a European based system. However, we need therefore a European paying system. I have read that the Central Bank is thinking of a European creditcard. That could give a boost to tech.
Aren’t there two types of ‘safe’? Apple and Google apply safety rules, yet their apps , especially the Android versions contain many trackers. ExodusPrivacy shows them.
But you are right, there should be a controlling unit for the Jolla app store. I and many of us don’t like to be tracked.
I don’t like being tracked any more than the next guy, but we need to be realistic about what Jolla can do as a company. Like I said the other day, we’re talking about a group that couldn’t even afford the FCC certification process, so there’s little chance that they can adequately police the Jolla Store to the same degree that Google and Apple can police theirs.
We all accept risks when using any mobile devices, they can all be tracked to some degree. I think this is a “lesser evil” argument where we need to get Jolla to realize that they have a viable revenue stream option right in front of them…
I absolutely agree, but that’s a dream.
That may be true for Apple and Google. Some are willing to pay, others make their money from the number of users. How about Jolla? A payment structure costs a lot of money and has to be maintained.
How many SFOS users are we talking about here? At a price of over $ 1,000 there would be no Jolla smartphone because it doesn’t have an apple on the back cover.
I think we can be happy not to be too much in focus. Success is interesting for bandits.
Nothing proves that. Enough dangerous malware finds its way into the stores. This is mostly an automated process. Nobody analyzes the code in detail.
Please can you show me some malware inside the Jolla store? I am waiting…
Have you reported this malware apps to Jolla??
As with the Harbour help I see this tasks in checking a new Harbour app:
- check the rpm package again the naming and path convention (automatic)
- verify that only used allowed libraries (automatic)
- confirm the compliance with the UI guidelines (manually)
- see what happened when using the app (manually)
- check power consumption (part of using app)
- and maybe all the things I have forgot.
What does the automatically tests mean for “malware”:
- the rpm should not install somewhere and overright system files
- the restriction of libraries protect you for apps making phone calls, sending expensive sms, sending mails, transmit your contacts to some spam provider and so on. This restriction is one reason for publishing on OpenRepos. In OpenRepos you will not see this restriction. So an app can do useful thinks (like running in background, starting itself) and “malware” shit (sending all your contacts to a bad girl)
Total security will never reached. But the Harbour testing are much better as nothing (like in OpenRepos). And of course: after publishing an app in OpenRepos and Harbour all the user will done a live testing by using. So an app published some time ago can have a higher trust level.
PS: “Harbour” is the name of the Jolla portal for app publisher. After an app is sending to Harbour and tested by the Jolla QA team you can find this app inside the store.
We go offtopic here, but ok, I add my thoughts:
From time to time I dump the traffic on my router and have a look at all the tracking and IPs / which app sends to whom…
By far worst is Win10, it sends GB of stuff, mostly to domains owned by Microsoft (like microsofd.com, tfosorcim, msfd, no more chance to block everything)
followed by my wifes googletrackerphone, android apps, firefox tracking…
I never found anything suspicious from SFOS though.
Oh, that’s a misunderstanding. I mean Apple and Play stores. The Jolla store isn’t interesting enough.
Yes, wise words all together. Nobody can compete with Big Tech, simply because there is so much money behind it.
Today I read that Biden hired Jessica Herz form Facebook, Cynthia Hogan from Apple and Eric Schmidt. Quite alarming. Don’t like it at all.
So, I stick to Sailfish as long as I can, being an ordinary ‘user’. It is just too elegant to let go.