[deleted]
AttemptUndertook you just answered your own question. I don't use Google Play in order to get just that extra bit of privacy.
Spoofing install sources for non-Play Store installed apps...
Apps can see other apps in the same profile. It's not any different with Google Play, as they're in the same sandbox as all other apps.
[deleted] I don't use Google Play in order to get just that extra bit of privacy.
Technically Google could fingerprint you based on your throwaway account, but even if you don't sign into an account, I am assuming they have other device level identifiers that they could use to fingerprint you. Is that accurate?
If that is true, for folks like myself that use Play Service and Store for notification purposes (which I would think is a large user base) there is absolutely no advantage to using Aurora store.
AttemptUndertook I am assuming they have other device level identifiers that they could use to fingerprint you. Is that accurate?
Regular apps don't have access to device identifiers. https://grapheneos.org/faq#hardware-identifiers
Don't think of Google Play on GrapheneOS as different in any way. Everything that applies to regular apps applies to it too.
[deleted]
matchboxbananasynergy I heard this over and over. You can't see past the proprietary code, can you? Assume zero trust.
[deleted] That's not how it works, what code is behind it doesn't matter. The sandbox is forced onto apps, whether they like it or not. They have no say in that matter. The play store on GrapheneOS is just another ordinary app so the exact same restrictions are imposed onto it.
- Edited
[deleted] Aside from the fact that you think closed source code cannot be inspected, which is false, it simply doesn't matter for what I'm trying to explain.
Regardless of the app's source model, it's still constrained by the same rules. The sandbox is open source, what apps are and are not allowed to do is open source, it's known, it's not an unknown thing.
You can use whatever you want, but let's please try to maintain accuracy when discussing these topics that are so often subject to misinformation.
edit: just noticed a fellow mod had already replied.
[deleted]
Thank you both for your time spent, I will try to process information given with my limited capabilities.
I have been a regular user of Aurora Store in the past, but hearing GrapheneOS' arguments for its insecurity, and knowing the fact that the Play Store on GrapheneOS is forced to run in the regular app sandbox, I struggle to see even the minor privacy benefits of using Aurora Store rather than Play Store. You do not need to give out your phone number and residential IP address in order to create an account.
If the aim of exclusively using Aurora Store instead of Play Store is to 'degoogle', i.e. to avoid Google apps and services as much as possible, then I personally believe that using Aurora also goes against such aim: consider that Aurora downloads directly from the Play Store, which is run by the company that one's trying to avoid. It makes more sense to get apps directly from the app developers, using something like Obtainium, and alternative app stores such as Accrescent, if the aim is to remove Google from one's life.
Thank you for that explanation. Can the Play Store see my IP address?
The only thing that I can think of (with my limited technical knowledge) is that if I use a throwaway account with the Play Store on GOS and I log into my personal Google account on another device on the same network, Google might be able to connect the two based on both logins coming from the same IP. I am assuming they won't be able to tell for sure that it is the same person, but perhaps they know that both logins came from the same house hold. Is this a valid concern?
AttemptUndertook Can the Play Store see my IP address?
It must be able to see you IP address as part of network traffic. You would need something like TOR or a VPN to prevent that.