this post was submitted on 30 Oct 2021
8 points (100.0% liked)

Security

4966 readers
4 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
gary_host_laptop@lemmy.ml
8
An analysis of the /e/OS app installer (nervuri.net)
submitted 2 years ago* (last edited 2 years ago) by Canard@lemmy.ml to c/security@lemmy.ml
0 comments fedilink hide all child comments
 

"Apps", the /e/ app installer, downloads applications from CleanAPK.org, an intermediary which provides apps that originate from F-Droid and elsewhere.

Since apps are not downloaded directly from F-Droid or Google Play, the installer takes certain measures to protect against tampering. Unfortunately, these measures can be bypassed in the majority of cases. This means that CleanAPK.org (or whoever compromises it) can get maliciously modified apps installed on /e/ users' devices, either when the user is installing a new app or during the update process.

Edit: This website is mentioned in the last release notes of /e/ OS v 0.19-q: https://gitlab.e.foundation/e/os/releases/-/releases

you are viewing a single comment's thread
view the rest of the comments