[Replicant] Replicant risks

amuza amuza at riseup.net
Wed Oct 16 18:08:23 UTC 2024


On 6/10/24 18:18, John via Replicant wrote:
> On Tue, 1 Oct 2024 00:53:57 +0200 Denis 'GNUtoo' Carikli via Replicant
> wrote:
>
>> First the browser component shipped by Replicant is outdated, so it's
>> probably trivial for a website to take control of the phone. The
>> system browser component is used in a lot of applications shipped by
>> F-Droid.
> Is it not possible to use an alternative better browser? (which?)
>
>> But it doesn't stop here as there could be unpatched vulnerabilities
>> everywhere in the system, including in things like the SMS application
>> for instance.
>>
>> So even if the phone is not connected to Internet there are still
>> risks.
>>
>> Denis.
> But such risks exist in all Android versions, no?
> So, perhaps the even more important questions related to that are:
>
> - How does Replicant compare to alternatives security-wise?
> - What can be done to improve things without sacrificing freedom?
> _______________________________________________

Thank you Denis.

John, the browser I use is Mull.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5D8558EEA9F27D9E.asc
Type: application/pgp-keys
Size: 10317 bytes
Desc: OpenPGP public key
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20241016/40d8616e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20241016/40d8616e/attachment.sig>


More information about the Replicant mailing list