Basis of trust for mollyim-android

DeletedUser28

F-Droid is the "official" source for Aurora and can update the store

PMUSR

Thank you. Thats the way I helped a friend to install Aurora from.

monero4freedom

beammer335d What platform do you suggest to buy into Monero?

Check out: localmonero.co , monero.com , your local crypto ATMs (you can buy ltc, and then swap into XMR using swappers like trocador.app

beammer335d Sorry and Wallet

desktop: feather wallet
android: stackwallet, mysu wallet, or anonero wallet

boldsuck

monero4freedom Check out: localmonero.co, monero.com, trocador.app

...is overpriced. You can place limit buy orders on Kraken (KYC) or bisq.network. Bisq is based on Bitcoin, Haveno is based on Monero. Haveno.exchange (testnet, currently still in development)

native Monero Community wallet, feather wallet is particularly suitable for Tor. Feather Dev is also a developer at Monero & owner of xmrguide.org
android: moneroju and Cake wallet are more involved in the Monero community. (Or dev's also make PR to the Monero code.)

beammer335d

monero4freedom

Thanks. Have been reading up on a lot, have only 7rigs online ATM

TheGodfather

PMUSR Where to download Aurora store that notify or update itself?

If you download the APK from the official website, it will likely be self-updateable.

PMUSR

TheGodfather

TheGodfather If you download the APK from the official website, it will likely be self-updateable.

I have read somewhere that the APK from their official website is not self-updatable but that might have changed? Im not sure. I helped a friend with installing it from F-Droid. Was that bad?

other8026

CuriousGeorgeWOW Cargo isn't finding an sqlite3 library, so it fails to build. You might want to search how to include a path to the correct .dll file for Windows.

I've removed your post since it isn't related to GrapheneOS or mobile privacy or security. I'd suggest you ask this question in a Rust community since they are likely to have more people in their community who build Rust programs on Windows. This forum might be best: https://users.rust-lang.org/

CuriousGeorgeWOW

other8026 thank you for the direction. i'll have a look into that

d11n

matchboxbananasynergy Molly has its own F-Droid repository. it's already available via GitHub with a self-updater,

Does self-updater feature work over proxy (Molly setup) now or does Molly know by default which IP connects to their server like GrapheneOS does?

kjerehea

How much damage could a bad actor cause if they got hold of the Molly devs passwords, and uploaded a dodgy apk on GitHub? I guess Google Play Store might deny the change request if it's obviously bad, but I think GitHub has no checks at all?

I guess the question also applies for all apps. I'd be surprised if all currently benign popular apps will forever stay benign, especially if the devs retire and sell the app to bad actors.

Is the main defence to wait a few days before updating apps, especially if they are from GitHub?

23Sha-ger

kjerehea Is the main defence to wait a few days before updating apps, especially if they are from GitHub?

The XZ backdoor involved a developer actively backdooring the project over a span of 2 years.
So if we take the the worst case scenario, this will not help.
A more proactive approach is to monitor all commits for sensetive apps, however it's not practical to do for all apps, I try to do it for sensetive apps like Molly. Not because of distrust, this is how I discover new functionality.

« Previous Page