I don’t know if this is a thing that exists, but I’ll describe my idea.
Is there a site, forum, or community where people can request for open source projects to be vetted and knowledgeable people from the community who have been vetted themselves take up the requests that interest them?
I ask for people like me who are not technical. We only have so many ways to gauge the trustworthiness of an application. Is it widely used in the privacy space? Is it widely used at all? Is it open source? What’s the history of the project; do they have any scandals? What red flags are there that are important to know about depending on your threat model? All of these are good questions that should be asked by anyone, but they have one thing in common - they are not asking about the code itself. Because I can’t code, I can’t tell whether something is safe or not. I need other people to tell me.
This is not a problem for popular applications. As an example, Bitwarden is open source, has been audited, and as recently as last week has been poked at by security researchers. But what about smaller projects that don’t get the same amount of attention?
Here’s an app that has peeked my attention: Trail Sense. It’s a compass and survival app that, according to their GitHub, “must not use the Internet in any way, as I want the entire app usable when there is no Internet connection”. Super cool, right? But is it safe? I want to say that it probably is, but with only 10,000+ downloads in the Google Play store, this is an instance of an app being unknown enough to fly under the radar, which means I don’t know if it’s gotten the attention of people who could take a look under the hood and verify that it’s all good.
Side note: Trail Sense looks really cool and I don’t mean to throw any shade at them at all! Literally everything about the app gives me a good vibe from a security and privacy perspective. Just using it as an example.
If there was a forum where technical people hang out that also had a mechanism for submitting applications for review, folks like me could quietly ask for apps to be reviewed with the hope that someone will take a look, maybe provide a report on what they see, and then that report can be logged for future reference. Ideally I’m imagining something more formal than just a reply that says “looks good”.
Exodus seems to be the closest thing to what I’m looking for - they literally have Trail Sense listed, which I only checked after I wrote all of this, lol. But it doesn’t seem to have a way of requesting applications to be reviewed; only a way to submit your own analysis. Also, it’s limited to Android apps whereas I may have questions about desktop apps or browser extensions. There could also be more to discuss than just trackers and permissions.
So is there any place like that?