{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreieuv7wqtpghpoulwgyimhj5wpoy2d4tgjbzqxh5uoro7e3tc3w3qy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mnx6dekd6ae2"
  },
  "path": "/t/if-not-able-to-stop-using-whatsapp-how-important-is-it-to-download-it-from-the-play-store-vs-whatsapps-website-itself/38435#post_13",
  "publishedAt": "2026-06-10T15:31:00.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "As per FDroid itself",
    "developer trust is required regardless",
    "the insane amount of malware distributed through Play Store"
  ],
  "textContent": "There is a good-faith argument to make against:\n\nrandomperson:\n\n> Even if not perfect, Google or the F-Droid-Team can do a much better job vetting and monitoring the apps and their developers, than I can\n\n  1. As per FDroid itself, do not assume that an app is secure because it came from these third-party repos. Apps are given basic security checks on first upload, and a weaker automated scan for subsequent updates\n  2. Attack surface is effectively increased. You arent _shifting_ trust from the developer to the FDroid/Play teams, as developer trust is required regardless. You are _adding_ infrastructure to your stack\n\n\n\nPlay is far more opaque than FDroid on their process, but given the insane amount of malware distributed through Play Store, its contents are certainly subjected to far weaker checks\n\nSo the argument would boil down to: you need to be verifying a trusted developer regardless of installation source, in which case, you can reduce complexity & attack surface by installing the app directly from said trusted developer\n\nProbably more of a ‘subject to your threat model’ situation than an objective right/wrong call",
  "title": "If not able to stop using WhatsApp, how important is it to download it from the Play Store vs WhatsApp's website itself?"
}