I am on GrapheneOS, but this concerns Android as a whole. From the options of Fdroid and GitHub (Obtainium) which is the safest way to install and app?
From the GrapheneOS forums, I see many people recommending GitHub over Fdroid as it is straight from the source. I know its true, but if a developer adds a ‘not-so-safe’ piece of code or introduces tracking, Obtainium would automatically update my app without letting me know about the changes. But from what I have seen from Fdroid they usually pause or cancel the update or app if these changes were to take place (Example, Simple Gallery or Mull for Android).
So I am confused. Whom should I trust more, Fdroid with their own app builds or the Developers on GitHub?
Also I have seen that Obtainium when used with a VPN to fetch app updates, will get rated limited by GitHub. Also I don’t really like GitHub as a code repository, with their tracking and rate limiting. I don’t know if Fdroid tracks user.
Why would you blindly trust any developer?
No one said blindly. But why would you use the app if you don’t have trust.
Because if I only used apps from trusted developers, I wouldn’t use any apps at all. What reason do you have to trust them? Are they all made by your personal friends?
So then you trust the app enough that it provides the function you need from it? Trust doesn’t have to be an all or nothing ordeal.