sailfishos / docs.sailfishos.org

Source for the docs.sailfishos.org site
MIT License
13 stars 37 forks source link

[Flaw] Cease sending users to malware distributing sites (here: APKPure)! #401

Open Olf0 opened 7 months ago

Olf0 commented 7 months ago

Jolla still suggests to use APKPure (apkpure.com, apkpure.net), despite APKPure having lost the fight against malicious APKs (e.g. "fake apps", "typo-squatting apps") years ago. While APKPure was and still is one of the best curated, alternative sources for Android apps, simply downloading and installing apps from APKPure's web-site or via the APKPure client app is outright dangerous; only with much know-how, experience and checks & balances (e.g. tediously cross-checking hash values of downloaded APKs with the ones from other alternative app sources; i.e. one must not use the APKPure client app) an APK from APKPure can be assumed to be genuine.

Hence please do stop advertising APKPure and …

  1. … eliminate all references to APKPure at jolla.com, i.e. on the "Services and Support" page (one reference) and in these Sailfish X installation guides (i.e. all of them, except the three for the Xperia X):
  2. … eliminate all references to APKPure at docs.sailfishos.org:

Mind that F-Droid.org and the Google Play Store (via Aurora Store app) are the only two major sources of Android apps, which are not significantly compromised by malware, e.g. "fake apps", "typo-squatting apps" etc.

P.S.: BTW, at a few places APKPure was misspelled as "APKpure".

P.P.S.: See also a similar issue report for Aptoide; eliminating both issues in one go likely requires less effort.

Olf0 commented 7 months ago

Point 2 in the initial message is resolved by PR #404.