I know open source programs can be better in terms of privacy and security. At least potentially. For example if a messaging app is open source, everyone can see codes of this program on Github. If the program has backdoor, anyone can see it.
But how can we be sure, codes of app on Google Play Store is same as codes of Github? Could it be compiled in a different code has backdoor?
In: Technology
Yes, this is a potential issue. This is why the concept of a reproducible build exists.
The idea is that you specify exactly how a program needs to be built, provide a specific environment, and structure the process in such a way that every time you build, the result is the same. This for instance means the program can’t contain anything like timestamp saying when it was built, or a build number embedded into it.
This way anybody could rebuild the app and verify it matches what’s on the Play Store. Of course not everyone is going to do this, so there is some trust involved. But in these cases things can be verified by random volunteers that aren’t all part of the same group/company, which makes anything fishy noticeably harder.
Latest Answers