Follow

Sometimes we get concerned inquiries about apps in targeting old SDK versions. Targeting newer SDK versions does strengthen the sand-boxing, but it also breaks features used by apps. Google puts those kinds of restrictions in because users don’t trust proprietary apps, since most are constantly trying to steal user data. F-Droid reviews all apps from source to prevent that, so we don’t need to break features to gain privacy.

@fdroidorg I also believe it's a way for them to make the experience worse on the old Android versions.

Fragmentation isn't good, I know, but I don't want to sacrifice old devices just because Google said that old SDK is deprecated.

@fdroidorg
When I had an older phone I appreciated this very much.

@tuxflo see eg here: android.izzysoft.de/articles/n – but keep in mind this is not the complete picture (I didn't include everything working behind-the-scenes but rather focused on the app review process for new apps entering F-Droid).

@fdroidorg
Forcing later SDK versions on #Android also has the effect of junking older devices, obliging new purchases, contamination, exploitation .. and not least., using the latest (closed) proprietary code from google.
Thanks @fdroidorg for helping to avoid all that.

@fdroidorg but there is a difference between targetSDK (what Google requires; also applies more recent security features) and minSDK. Bumping minSDK makes an app unavailable for older device. TargetSDK doesn't not do this - it is information that will be used by the compiler and the Android runtime on device supporting it (and apply the additional limitations).

So, bumping targetSDK is a valid thing also for #Fdroid.

@dennisguse @fdroidorg It's not only valid, but a good practice encouraged by #FDroid. But the point in OP is that apps in F-Droid have way less risk of containing malware/spyware. Increasing sandbox strength likely will not yield much reduction of net risk for users, because when you look at F-Droids incident track-record you'll find that risk is generally rather low.

@uniq @fdroidorg I still don't agree l. TargetSDK upgrades are one thing should happen and it shouldn't be too much effort. And also dependencies should be updated regularly anyhow due to security risks.

Arguing that the #Fdroid ecosystem is open-source (which is great, but security is not implicit) and there were NOT TOO many security incidents is not really an argument.

If something didn't got any updates for several years, it is likely a security risk. I won't use it.

@fdroidorg Thanks for everything you do, Android would be unusable without F-droid
Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!