Summarizer

Open Source Necessity

Strong demand for open-sourcing due to security concerns around notification access, requests for F-Droid availability, mentions of trust issues with closed-source apps accessing sensitive data like OTPs and 2FA codes

← Back to Show HN: DoNotNotify – Log and intelligently block notifications on Android

Users are overwhelmingly calling for the application to be open-sourced and hosted on F-Droid, primarily due to the high-stakes nature of granting a third-party app access to sensitive notifications like private messages and 2FA codes. Many commenters argue that the mobile landscape is a "cesspool" of user-hostile behavior, asserting that only audited, transparent code can mitigate fears of "side-channel" data leaks or future pivots toward adware. While the developer has offered their word regarding privacy and some find the intense demand for open-sourcing to be slightly dramatic, the community consensus views transparency as a non-negotiable requirement for trust. Ultimately, for those who avoid mainstream app stores, open-source availability isn't just a preference—it is the only way to ensure the tool remains a utility rather than a security vulnerability.

16 comments tagged with this topic

View on HN · Topics
I would love to use this, but I don't want to allow a third party app with closed source to read all my notifications. This can read OTP passwords, full messages, etc. so it must be open source for me to consider it. I would donate/pay for this if it was open source on F-Droid. Kudos to you for building it. I put off building this exact same application so many times it's not even funny. Too bad I'm too lazy to maintain something like this.
View on HN · Topics
This is correct, but it is still a slippery slope. At some point the dev ends up adding internet permission (might be for legit reasons too), and lo and behold you are sharing your data. For something as sensitive as notifications, I really can't trust anything but open-source app which is vetted by a few seasoned people and hosted on F-droid.
View on HN · Topics
If the permission is added in retrospect wouldn’t you still need to opt in? fwiw i completely agree that oss is the way to go here
View on HN · Topics
I’m interested in what you’re suggesting. Who are those auditors you trust? Does f-droid imply things have been audited?
View on HN · Topics
It's hard to rule out intentional side channels without access to source.
View on HN · Topics
Fair enough, you only have my word on it (that it doesn't send any data to the Internet). But you do have my word :) Another person requested that the app be open-sourced as well. I will look into that.
View on HN · Topics
I'm going to join the list of voices requesting open source here. If you're not planning to charge money for this, there are several benefits starting with increased trust. Mobile apps are a cesspool of user-hostile behavior, and I have a strong preference for not giving closed source apps access to sensitive data.
View on HN · Topics
I would greatly appreciate it, if this was open source :) Especially since this will be able to read 2FA codes sent by SMS. (I get that SMS 2FA codes are not perfectly safe to begin with, I personally don't love them either, but they are still used on a bunch of services) Just makes me sleep a little better.
View on HN · Topics
It took me a moment to find, but Alertly claims to do something similar while being open-source. Last commit was made two years ago though. https://f-droid.org/packages/com.example.notificationalerter https://github.com/lightningcpu/Alertly
View on HN · Topics
It's something i've also vaguely thought about building myself, because god damn uber, how many times do you need to send me an advert for uber one? just tell me when my car is here. so congrats to the author of this. I do agree that I'd prefer it open sourced too, it feels a bit risky it having access to all your notifications.
View on HN · Topics
Looks interesting. Good work. Do you have plans to open source the code?
View on HN · Topics
I guess I'm surprised that Android would allow one app to read/manage/block notifications from all other apps. I mean, I'm happy to have that kind of control over my phone, but it also seems like it could be viewed as a giant security hole? (Which would be a bit ironic given that Google is actively stamping out the ability for users to install apps that come from outside their walled garden.)
View on HN · Topics
As others pointed out: This >needs< to be open source, no way i touch another abandonware/ adware android project.
View on HN · Topics
A little dramatic? You can stop using it if it becomes something you don't like.
View on HN · Topics
Having never had a google account or used the "play" store, but having only used android phones(so far) I would try this from fdroid, etc. I have a workarounds that dissables all notifications except for pm's, the trickiest ones bieng for the varios google (dis)services. The other main workaround is to use webpage sign ins rather than apps through an oddball browser that breaks anything........hmmmm, too agressive, which luckily comes in another flavor that I have set up for banking, and certain other sign ins. But what I would realy realy like a cache cleaner that would wipe EVERYTHING , or better yet a detailed list of all running services and cached data AND bieng able to see the network. could be called WTFIGO, or FIGO for short
View on HN · Topics
when will it be available through fdroid?