I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?
Accounts that post “verifying code” can also be sock puppet accounts, so it is always good to double check for yourself if you know the programming language, or check the account history to see if they have verified other software from different writers that aren’t all connected to each other. Nothing sketchier than a verification ring, where accounts all verify for each other.
This is only an issue if it’s only been reviewed by one or two coders with zero history on the repo’s host. This is rare for anything that is remotely popular.