I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?

    • /home/pineapplelover@lemm.ee
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      This is why lots of open source projects critical for privacy and security are audited. ProtonVPN, ProtonMail, Mullvad, Signal, Matrix, GrapheneOS, and more. Are audited and are very big projects with many eyes upon them. The more eyes, the more secure it will be.

      • dustojnikhummer@lemmy.world
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        Yes, those are much more trustworthy than audited closed source projects. Just saying that “anyone can check” doesn’t mean “someone will check”

    • GVasco@discuss.tchncs.de
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Well if the app is actively maintained the code is checked every time someone makes a push request to the main code base. You still have to trust the managers of the repository (code base) to verify every push request thoroughly, however, it’s in the best interest of the repository managers to do so to maintain trust in the project and it’s users.

    • DogMuffins@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Well, not exactly.

      Some open source projects have many contributors, and while they’re working on fixing bugs and adding new features, the chances that no one would notice say, a key logger or crypto miner are very slim.

      Other opensource projects are maintained by large sophisticated organisations who would monitor security in some fashion. They would monitor for obvious things like transmitting data at the very least.

      That’s not a 100% guarantee of security, but it’s not as reckless as just hoping someone will check.