• ᗪᗩᗰᑎ
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    I would trust GrapheneOS, but understand that everyone has their own tolerances for security and the Graphene project is probably at the highest levels.

    The GrapheneOS devs were right about F-Droid being less secure when they would sign other dev’s apps. This meant that if anyone were to hack F-Droid, they would get full access to every device using an app installed by them. This issue was fixed just last September.

    Now that F-Droid fixed this issue, the responsibility falls on each individual developer to secure their signing keys. Should an app’s signing key be compromised, it would now only impact users with that app installed. Security is about layers, not 100% foolproof solutions.