Open yuroyami opened 6 days ago
yuroyami
commented
6 days ago @IzzySoft I’m mentioning you to blacklist any library coming from this individual. Although they claim otherwise, the entire codebase is closed-source, and there are a plethora of violations to open-source licenses. This raises enough red flags for me to suggest you keep an eye out for this especially that there could be many apps using it already.
IzzySoft
commented
6 days ago Thanks for the notification, @yuroyami! I've checked, and none of the apps at IzzyOnDroid is using this library. Further, this repository does not declare any license, which alone already makes it "non-libre" (no license means "all rights reserved").
To have an "early warning", I've added it to our scanner signatures with the corresponding flags.
yuroyami
commented
5 days ago @IzzySoft Perfect. Thanks for the prompt response. They’re publishing their artifacts on Maven Central under the MIT license, so I didn’t initially check the license here. I realize now that could be a violation at least from Maven Central’s perspective. While it's unlikely they'll be removed from here, it might be worth a try for me to get them taken down from Maven Central.
IzzySoft
commented
5 days ago If it's mislabeled with a license that does not apply: yes. Does Maven Central accept proprietary artifacts? Then maybe they should at least label them properly. If not: yeah, removal would be due.
It is advisable that you not use any of the libraries from this GitHub account in any of your apps. Most of them use unreasonably dangerous permissions, they might be mining your data or resources.