25
Accrescent in GrapheneOS App Store
(infosec.exchange)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
Despite the downsides of F-Droid, there's one thing they provide that other stores like Accrescent simply can't. F-Droid provides APK builds with the exact source used for the build available. There's a lot of trust involved, but this trust is in a single entity, rather than random developers. F-Droid has existed for a long time without adding malicious code to builds, so when they say "this source code produces this APK", they have years of history doing exactly that to back their claim.
A random app developer has no such trust built up. Stores like Accrescent, even if you download only FOSS apps, trust the app developer with building apps. It's less prone to one massive takeover, but APKs built by random devs are much harder to verify and check for malicious code than the source code. If F-Droid is taken over, it should be noticed relatively quickly, but affects everyone using F-Droid. If an app on Accrescent bundles malware, only users of that app are affected, but it may go unnoticed for a much longer time.
Not only that, more and more apps are reproducible nowadays