F-Droid

Want the Universe?

Posted on May 30, 2024 by paulali

TWIF generated on Thursday, 30 May 2024, Week 22

F-Droid core

Back in October 2023, we’ve talked about vulnerability patching and listed some 7 apps that might have been affected. Truth is, there were not one but three separate issues, with their own CVE identifiers, that needed to be looked into. And the apps list is too long to print here, about 130 apps were investigated.

In no particular order:

Most of the apps were fixed, but there are still apps that were never tackled, we recommend you to peruse the lists and check your devices, auto updates since F-Droid Client 1.19 should have you up to date, but it never hurts to check and manually update the outliers.

What if an app you depend on is still not fixed? We also linked to the upstream issues, feel free to give your 👍 there for the developers to see and hopefully expedite a fix.

As with past TWIFs, we ask you to please update your Android too. While the VP8 and SOCKS5 vulnerabilities were fixable by a library update in the apps, the Android system itself has a WEBP library included and that was vulnerable too, it can’t be updated by us or apps devs, but only via a full Android OS update.

Community News

While manufacturers boast how their smart devices can hold the whole world inside, they are mostly just talking about running a browser to connect to the Internet. So here comes Celestia, a 3D interactive planetarium, which truly brings the Universe to your pocket, with moons, stars and everything (known so far). The app package is huge, as expected, at more than 380Mb, so make sure you have enough system storage space to install. It can even get more space objects from the Internet so you can always explore the latest ‘world’ out there. Currently the app description and pics are missing, a fix is already submitted.

Can you recall companies trying to add screen recording or scanning features? Where those free software or open source? Would you trust their promises? We digressed, anyway, Hypatia, A real-time malware scanner, was updated to 3.12 adding, besides the usual translations and database updates, a new ability: scan screen content for malicious links. The developer explained a bit how this works in a Fedi post. It uses the Accessibility Services, which are rather sensitive as they can record your screen and more, so to enable this feature for Hypatia on newer Android versions, you need to first go to Android Settings, Apps, Hypatia, upper right three-dot menu, Allow restricted settings. Then in the app, open upper right menu, toggle “Link Scanner” on and follow the dialogues. Note: Depending on Android version, in our testing, you might need to visit these screens several times until the restricted menu is visible and the permission is granted so the accessibility service can be activated for Hypatia. 🤷

Developers of wallabag were quick to react after the downgrading so the app is back up to date again at version 2.5.3.

Newly Added Apps

7 more apps were newly added
  • Easy Notes - A simple modern notes app with material design
  • Jigsaw - A Jigsaw Puzzle Game
  • Mixer Controller - Access digital audio mixer’s via WebUI
  • Password Monitor - Ensure your password safety by scanning for potential breaches
  • Plant-it - Client app for the self-hostable Plant-it Server
  • RTTT - Recursive Tic-Tac-Toe game
  • TicTacToe - Classic game. Play offline, with friends

Updated Apps

128 more apps were updated

Thank you for reading this week’s TWIF 🙂

Please subscribe to the RSS feed in your favourite RSS application to be updated of new TWIFs when they come up.

You are welcome to join the TWIF forum thread. If you have any news from the community, post it there, maybe it will be featured next week 😉

F-Droid is powered by your donations!

Connect

mastodon
@fdroidorg@floss.social

News