Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Cryptomator for Android will not be fully open source, but its encryption code is 100% open source. We can't make the app fully open source for two reasons:
I think this will not happen for the desktop app, as it doesn’t cost anything and the copycats have no direct financial benefit from copying it. People who build the app for their own use from source could be sure everything is clean. But the same time we put all those people at risk, who don’t have the skills to do so. Those people might fall for an unofficial app that looks the same.
Publishing the encryption code is the best we can do for now, if we want to prevent the aforementioned. We will keep all encryption code (for all platforms) open source for all time. By doing so we prevent vendor lock-ins and allow people to review or build 3rd party applications on top of the encryption. If there will be other ways to earn money with the product and some "official" badge is added to the relevant App Stores, which guarantees that an app is built from source in a controlled environment, we might reconsider our decision.
Also your arguments are also valid for the desktop app. The desktop app could also be faked and - in contrast to the Android app, which has to pass different security levels (just take e.g. the fact that most users only [can] install apps from Google Play) is much easier to distribute. I also doubt such bad copies would be allowed at FDroid, so the only way where these things could spread are dubious APK hosting sites and you should not download APKs there anyway
All in all it's time to uninstall Cryptomator. It is a great project, but this is just the wrong way.
I'm surprised that people who claim to understand the legitimacy of making money with open source software believe that "Free" in FOSS means "at no charge". If that's your expectation, I perfectly understand that it's easy to blame the developers. But this attitude kills the FOSS ecosystem. We are perfectly happy with a lot of people who love our work and support us, financially or otherwise.
You probably "misunderstood" both points. We're not afraid of fake copies of the desktop app, as it's for free anyway and there is little financial benefit for people faking it. This does not work for paid apps, though. We have seen this in the past with other popular apps that have been copied and republished with minor modifications under almost the same name. This is a risk for the everyday non-technical user.
Thus, the best compromise is the "open core" model with the relevant parts licensed under a FOSS license and only the user interface being proprietary. This is nothing we made up but a rather standard approach by many open source software vendors.
To quote the relevant section in your linked article:
See Open Core article.
Thanks for giving Cryptomator a try anyway. Farewell!