How can I trust the apps in the Jolla Store?
My Jolla Phone being delivered last week, I searched the Jolla Store for some apps I need or like to have. But there's no information provided on the privileges an app needs to work. Jolla does not even inform customers about the tests apps need to pass before they become available in the store. So I doubt they are checked for viruses, spyware and so on.
Furthermore I can't download the installation files and upload them to an online malware scanner before I install the apps. There's also no way to install the apps into a sandbox first and observe their behaviour with a tool myself.
So by now I have only installed some of the apps offered directly by Jolla. (If I decided not to trust the company I shouldn't use the phone/Sailfish OS at all.) But Jolla only offers very few apps and I feel I need some more.
So what are my possibilities to find out whether to trust or not to trust a specific app available in the store?
Please don't get me wrong. This is no offense. I like my new Jolla Phone. And I do also appreciate the hard work of developers offering useful apps in the store. I am just used to being careful with what I download. And on a mobile phone it seems to me to be even more important to take care about that, because I am not able to protect my personal data on the phone as well as on my computer.
Hi, welcome to TJC @Laura
Your worry is really unwarranted.
See this thread from here on TJC; https://together.jolla.com/question/17308/sailfish-os-protection/ and here; https://jolla.zendesk.com/hc/en-us/articles/202497256#antivirus and sublte mentions of 'no need' from here; http://comments.gmane.org/gmane.comp.handhelds.sailfishos.devel/2817
Regards,
Spam Hunter ( 2015-12-19 23:05:23 +0300 )editThanks for the links, Markkyboy. I've spent some time in reading the sites.
"There are multiple concepts [for protecting Sailfish OS] available that can be taken into use if problem arises. And some of the enablers are already in the firmware. So we should be able to react quickly if need be."
It's good to know that Jolla is prepared to fight against malware that is trying to infect the system even before any is developed.
Laura ( 2015-12-20 00:47:43 +0300 )edit@Markkyboy,
Really? Have you forgotten Flashlight, the first Sailfish malware that appeared in Harbour just weeks after the launch?
In fact, there is no security in Sailfish whatsoever. Just like there is no security in Linux as such. The only "security" to speak of is security through obscurity: you are "secure" only because no one considers Sailfish a target worth the bother of attacking. The moment they do, there is nothing to stop them.
pichlo ( 2015-12-20 16:54:27 +0300 )editNope, didn't hear about that one, I guess I would have mentioned it if I had.
Spam Hunter ( 2015-12-20 19:55:46 +0300 )editFlashlight isn't categorised as malware, because it only sent usage statistics. This is in accordance with Jollas appstore rules. https://together.jolla.com/question/10925/add-rights-management-for-native-apps/https://together.jolla.com/question/10956/provide-some-basic-or-not-so-basic-app-usage-stats-for-the-developers/
@pichlo: Why do you think there's no security in Linux?
Laura ( 2015-12-20 20:20:53 +0300 )edit