Is FOSS really safe? - eviltoast

I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?

  • Kissaki@feddit.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    You shouldn’t see trustworthyness or trust as a binary system of full or nothing.

    You should assess - to your and the products possibilities - and then weigh risk and necessity and value.

    Source exposure makes it more likely people may look at it, without cause or when something seems surprising or questionable. Source available alone doesn’t mean you’d see concerns though - you’d need an obvious platform or publicity.

    FOSS may be funded and implemented by voluntary work or paid or sponsored, with or without control by the involved parties.

    Security scanning is a best effort weighing known and similarity and suspect parts against false positives and user and publisher inconvenience and hindrance. It can’t be perfect.

    Android Play Store security scanning can only scan for some things I’d consider security relevant and likely largely ignores questionable behavior that does not endanger device security.

    Established projects are more trustworthy than those that are not. Personal projects with a clear goal are more trustworthy because of likely hood of good intention and personal interest than those who seem obscure or unclear.

    Don’t trust blindly.

    Safety is a big topic and theme. So such a broad question can only be answered with broad assessment and overview.