• Off Topic

  • Just got a pixel and installed GrapheneOS - best way to install apps?

Hi - still in the process of learning, but I have been reading up on Graphene for a while after becoming more privacy conscious and finally decided to pull the trigger and purchase a Pixel.

Just installed Graphene without any issues, went through a couple YT tutorials and read up on the important settings and I think I'm satisfied in that regard. Haven't downloaded a single thing yet.

Now, one thing that confuses me is the amount of google-play alternatives. To my knowledge there's F-droid, Aurora store, Neostore, Geostore..or I can just use google play itself? What's the best option here / where can I read up what the best option is for my personal use?

For the time being, the main apps I need are;

Telegram (I know of the X and FOSS version but unsure which is best for me. I don't mind as long as I can use my current account like usual without losing any messages/chats).
Signal
Session
VLC Player / decent alternative
winzip / decent alternative
Orbot
Some sort of notes app
Proton email

Possibly a crypto wallet such as Exodus, & other banking apps

So with all that said, what's the best way to download these apps? Which of the installation apps is best?

Thanks!

    soon404

    this might not be very helpful but graphene does not choose what to use to install apps.

    you can use just one source or two, just keep in mind using more methods to install apps will increase the attack surface.

    What method you use to install apps will depend on your thread model and preference.

    So what I am using is GooglePlaystore for most apps (I need the Playstore for my banking apps) and Obtanium to install the Fossify apps as they where not on the Playstore yet when they forked from smt and did their first app release.

    Using the Google Playstore for installing apps is one of the most secure methods. There a lots of things Google does that are not great, but they are very very good when it comes to security.

    The Aurora Store is a front for the Google Playstore that allows you to download apps without google account. I dont use it myself as

    F-Droid is an Appstore like the playstore but is focused on Open Source apps. I dont remember all the details on top of my head but I know that there are some problems with their security. I often see the recommendation when using F-Droid to use the droidify app instead of F-Droids own app.

    Obtanium: an app that for installing apps and keeping them updated when downloading the app from a website such as github or directly from a developers website.

        Aeon Thanks for this, it did help. It seems like for my preference & usage, F-Droid may not be the best option as it is slow for telegram updates (which is the application I'll be using probably the most).

        I've also seen I can download directly from the app website instead, does this have any advantage to using Aurora (which is the option im leaning towards to download all of these apps)?

        • mmmm replied to this.

            soon404 I've also seen I can download directly from the app website instead, does this have any advantage to using Aurora (which is the option im leaning towards to download all of these apps)?

            Depends on the app. But if you choose this method, use Obtainium so you can easily keep abreast of updates.

                mmmm Hmm I see, I'm reading up on it right now. Any opinion on what the best option is for the apps I mentioned? Telegram, Session, Orbot, a VLC player, file unzip app?

                Probably going to just use regular google play for my banking and other stuff.

                  soon404 GrapheneOS recommends people use the Play Store instead of the alternative app stores that fetch their apps from the Play Store. You can read more about this here: https://discuss.grapheneos.org/d/11849-spoofing-install-sources-for-non-play-store-installed-apps/2

                  Simply install Google Play Services from the app called "Apps", accept the installation prompts, and interact with the notifications shown to you. Then launch the Play Store and install your apps as you normally would.

                      soon404 Just installed Graphene without any issues, went through a couple YT tutorials and read up on the important settings and I think I'm satisfied in that regard.

                      Please be aware that people on YouTube make all sorts of suggestions about configuration. It is probably best to resist any recommendation to remove any permissions from, or disable, any app that shipped as part of GrapheneOS.

                          fid02 I've read and understand now, here's my issue though - the throwaway google account needed seems a bit..counter intuitive. Doesn't really seem like there's a way to make a completely anonymous one.

                          Besides, won't having play store installed on the device just have it in the background.."spying"? Or won't it know my activities on apps and therefore be able to technically profile who I am?

                          I've seen people say to download them on a different profile but I don't really understand the benefits of this, still a big noob lol

                              de0u Thanks for this. The only ones I changed were to reboot when not unlocked after certain period of time, pin scrambling, a couple wifi & bluetooth settings etc.

                              • de0u replied to this.

                                  soon404 The only ones I changed were to reboot when not unlocked after certain period of time, pin scrambling, a couple wifi & bluetooth settings etc.

                                  Good.

                                  Note that you might wish to set your home Wi-Fi network to "per-network randomized MAC" because some older or lower-quality Wi-Fi routers have DHCP implementations that behave poorly if devices change their MAC addresses many times per day.

                                      de0u What does this do? Sorry, I'm still quite new to this so the terminology is something I'm still learning lol

                                      As I understand, that setting generates a new MAC address every time i connect to the internet or?

                                      • de0u replied to this.

                                          Aeon summed it up pretty well, and I have a similar setup.

                                          • FOSS apps
                                            • Installed via Obtanium if possible, F-Droid Basic if not
                                          • Non-FOSS apps
                                            • Installed via Google Play store using anonymous GAccount within Work profile via Shelter in owner profile

                                          To create an anonymous GAccount, you can follow this method by @fid02.

                                          The GOS community recommends using the Play Store, but if you are willing to sacrifice security for privacy, or do not want to use sandboxed Google Play services, you could use AuroraStore's anonymous account to download proprietary apps. But be aware that this decreases your security, is often unreliable, and therefore not generally advised.

                                          For notes, I love Logseq, which is an open-source note-taking app that is more than just a notes app. It comes with a bit of a learning curve, as it's more of a personal knowledge management tool rather than just an application to store notes, but it's extremely powerful.

                                              Vagabond8630 Appreciate this - i've seen a lot about people using solely google services on a different profile instead of their main one. What does this do as oppose to just downloading it on my main one with all my other apps?

                                                  soon404 There are three options, described here. Does that help? Or is it possible to ask a question about that text?

                                                      de0u Hmm I see, I think I understand now. The default setting generates a random new MAC address for every network i connect to (including my home one whenever i connect), whilst the "per network randomized" option generates only one for each network?

                                                      • de0u replied to this.

                                                          soon404 Yes. The default is fine for many people (at home or about), but it is useful to be aware of the home-router case.