Did not expect to see @fdroidorg in a presentation by Google, but this guy from Google Play Protect had it in his slides as an example from where they get apks to analyze in order to find malware.

@ConnyDuck @fdroidorg Must be. Because if they only looked there (and not at e.g. their own door), they're quite unlikely to find something of what they're looking for (good for us).

@jlelse @ConnyDuck @fdroidorg Yeah, F-Droid Ltd. And the guy running it sits in … Australia, the folks maintaining it i … Austria, France, Germany and many other places. We're quite suspicious looking, aren't we? 🤪

@jlelse @ConnyDuck @fdroidorg No, not down. Just much slower as slow as usual. Takes ages for the TLS handshake alone 😱 But after about 1..2 Minutes, the page is loaded.


Will they open source their malware chasing tech?


@61 @fdroidorg the tools they use for reverse engineering are almost all open source, but they probably never will open the code of Play Protect, they are Google after all

@ConnyDuck @fdroidorg Considering that FDroid personally build and sign everything on FDroid, it's interesting that they called out FDroid of all places. Pretty FUD..

@cathal it was just one amongst other appstores listed

@ConnyDuck @fdroidorg That's kinda messed up and sounds a little bit actively malicious.

@trash @fdroidorg you can turn Google Play Protect off on your device though

Correct me if I'm wrong, but this looks really dirty...
Google play has waaaaaaay more dodgy apps than F-Droid has apps in total.
I knew one so called "corporate" MDM solution that was automatically marking malicious any app with signature different that from Google Play: built an app from sources? Doesn't give a sh..t — marks malicious.
Corporate sector doesn't recognize anything different from google play...

Sign in to participate in the conversation - because anarchy is much more fun with friends. is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.