this post was submitted on 30 Oct 2021
8 points (100.0% liked)

Security

5014 readers
7 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
 

"Apps", the /e/ app installer, downloads applications from CleanAPK.org, an intermediary which provides apps that originate from F-Droid and elsewhere.

Since apps are not downloaded directly from F-Droid or Google Play, the installer takes certain measures to protect against tampering. Unfortunately, these measures can be bypassed in the majority of cases. This means that CleanAPK.org (or whoever compromises it) can get maliciously modified apps installed on /e/ users' devices, either when the user is installing a new app or during the update process.

Edit: This website is mentioned in the last release notes of /e/ OS v 0.19-q: https://gitlab.e.foundation/e/os/releases/-/releases

you are viewing a single comment's thread
view the rest of the comments