this post was submitted on 14 Jan 2024
44 points (86.7% liked)

Privacy

31975 readers
239 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
44
submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]
 

This is warden, just a better ui for exodus.
The app is over 2 years old but i feels like its worth a try

Warden: https://apt.izzysoft.de/fdroid/index/apk/com.aurora.warden

all 15 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 10 months ago (1 children)

This app wants root and despite being open source according to that link, isnt in the official F-Droid repo. I'm skeptical about trusting it.

[–] [email protected] 5 points 10 months ago (1 children)

Warden is on Izzydroid, alternative fdroid repository

It wants root so it can disable trackers

[–] [email protected] 4 points 10 months ago (1 children)

It's reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they're granting administrative access to their devices.

Izzydroid's security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.

Is there more reputation information about this app available?

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

It's from the same devs of aurora store, aurora droid

And really, so much talking and scepticism around a free and open source app, you can go and check the source, or at least read a review about it (though the app wasn't update

OP is recommending a cool app to spark a conversation, but all the replies are just complaints

Cool people made a cool app, cool people are hosting an alternative fdroid repo so it's easier and faster for devs to publish their projects for the world to see, and cool people found this app and decided to share with other people

But those people are just behaving like boomers and saying that everything around is fake, dangerous, and so on

If somebody cares for security, why would that person even have root in the first place, same with fdroid, if you care for security you shouldn't use fdroid

Sorry if i'm being to rough, everything i said is not really addressed to you, i'm just being pissed by people not appreciating somebody's will to start a nice conversation

P.s. the last update of this app was like 3 years ago, if somebody cares for security, they should never install an app that old, it's not even about root or some policies

[–] [email protected] 5 points 10 months ago (1 children)

I'm not complaining. I'm asking for some evidence this app is trustworthy.

Security is not binary. Having root can be bad for security, but it doesn't have to be especially if you're careful about what apps you grant root to, which is the point of my original comment. Having root can also be a security benefit because it offers more opportunities for detecting and blocking harmful and privacy-invasive apps, as this app does (if it's trustworthy).

I don't think F-Droid with the official repositories is a negative for security either; I suspect it's less likely to contain outright malware than Google Play, and I'm sure the average app on F-Droid is less likely to be privacy-invasive. Adding random repositories suggested by strangers on the internet can be a different story, and asking who can vouch for the one suggested in this thread seems like a reasonable mitigation to me.

[–] [email protected] 1 points 10 months ago (1 children)

My last comment wasn't really addressed personally to you, sorry i sounded like that

Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more

It means you have your bootloader unlocked, you have secure boot disabled which allows for persistent malware. Just having root by itself opens up many more remote, zero click, or just very dangerous exploits

F-droid is not secure, some of the issues had been resolved, but it's still not recommended for best practices

Of course, everything depends on the thread model

I personally really like fdroid and izzy, and other custom repos. And root is a cool thing, although i don't have it on my daily driver(but have on my test phone)

[–] [email protected] 2 points 10 months ago (1 children)

There may be some other comments being unfair. People shouldn't complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.

Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more

I think it's more like two:

  • If an app granted root privileges is compromised, the damage it can cause is much greater
  • The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn't easier for users to add signing keys and re-lock the bootloader

F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices

This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don't disagree with the design complaints in theory, but in practice it doesn't hold up. I've seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.

I'm reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.

Of course someone with high-value secrets on their device or who's likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.

[–] [email protected] 2 points 10 months ago (1 children)

Agree, agree, agree

But have some sidenotes to add 😂

The bootloader has to be unlocked for most approaches to gaining root;

Did you know you can root grapheneos, and lock the bootloader? 😂 pretty dangerous stuff to do, but possible!

concludes that most users are better off getting apps from Google Play.

In general, screw google play, and screw google, or any big corpo, it's not even about security, but about them being bad companies and bad services

And the same about windows, joy is the most important thing, if software is full of trackers and just designed poorly, why would anyone want to use it 🫠

[–] [email protected] 2 points 10 months ago

I did not know that it was possible to have root on GrapheneOS with a locked bootloader, but there have been ROMs with SU functionality built in, and adding their keys would be a straightforward way to have root and a locked bootloader.

[–] [email protected] 7 points 10 months ago

You can also try exodus and is more relevant

exodus

[–] [email protected] 3 points 10 months ago

There are other apps on F-Droid that use Exodus that do sort of the same. At least they do not ask for root.

[–] [email protected] 2 points 10 months ago

Tor, metamask, two gcams(no network permissions), librera(i tried avoiding using it because of this in the past), and element, schildi, openweather 1000027182

[–] [email protected] 2 points 10 months ago

Don't have any stats but I do use tracker control. Having a Xiaomi tablet, I like that I can also extend functionality to system processes as well (at my own risk obviously).

[–] [email protected] 1 points 10 months ago