Aurora app install and updates buggy

Nomadic

Hi,

Since setting up this pixel 8 on graphene, I noticed the initial app install process was painful compared to google play store. For example, when trying to bang out dozens of app downloads at once, I noticed it keeps hanging and it seems like the little prompt asking if network access is okay or not for the app might be a part of it?

And now when I am trying to update a good ten apps at once, a lot of them hang for so long and I find myself constantly trying to update them manually several times until it finally decided to update.

What's the deal here? Is it Aurora or is it a graphene issue?

pml

Nomadic initial app install process was painful compared to google play store. For example, when trying to bang out dozens of app downloads at once

I've confirmed that installing many apps in unison causes the app to slow, if not hang.
Something that seems to help is installing the apps in pairs of three works best.

Nomadic seems like the little prompt asking if network access is okay or not for the app might be a part of it?

While the dialog you are referring to likely causes this issue, I don't believe this is because of a GrapheneOS feature.

Nomadic And now when I am trying to update a good ten apps at once, a lot of them hang for so long and I find myself constantly trying to update them manually several times until it finally decided to update.

This may be caused by the same issue as the one listed in my previous reply.

Nomadic What's the deal here? Is it Aurora or is it a graphene issue?

I'd say it's an Aurora issue.

pml

Aurora Store is not recommended, but in case you would still like to use Aurora, I will see if I can replicate your issue

Nomadic

pml Fair enough. So if Aurora is not recommended? What is recommended? I'm seeing wildly different options on this and don't know what to believe.

pml

Nomadic For the best security, Sandboxed Google Play is recommended.
If you would like to avoid Google, then Obtanium is a good choice if your apps can be downloaded outside Google Play

Keep in mind no option is correct, you are free to choose whichever you'd like

Nomadic

pml Is this the consensus from the graphene developers as well? Specifically, that sandboxed Google play is better than f-droid and even aurora?

I am out of the loop on these new bits of info. However, I am not new to open source software, and I was always under the impression that f-droid was superb. Not exactly sure why now it's not necessarily a safe source now and that a sandboxed Google play is better?

I'm also curious, if I delete aurora and f-droid and use Google play and obtanium moving forward, do I need to re-install all the apps I installed from those previous sources because I don't see updates showing in google play for apps I installed from aurora etc. Would be nice to not have to go through the entire process of downloading all my same apps a second time.

pml

Nomadic

Nomadic Is this the consensus from the graphene developers as well? Specifically, that sandboxed Google play is better than f-droid and even aurora?

It is, yes

Ammako

The popup is because any app installed by a non-system app needs user confirmation for the first install. Afterwards, updates can be done without having to confirm, as long as the app is "owned" by that app (by either having been installed by it, or having been updated by it last.)

You can see "App installed from Aurora Store" under the "Store" header in an app's info, this means the installation is "owned" by Aurora Store and future updates can be done unattended if you wanted.

It's not just Aurora Store, by the way. Any alternative app store you may try will do that. Though some might handle being told to wait for user input better than Aurora does.

For Google Play, I don't think it will show apps in the list unless they were explicitly installed by it. You'll have to either uninstall and reinstall through Play Store, or if you wait for them to have updates, you can manually visit each app's page on Play Store and update through it. Then they will start showing up in the list within Play Store and you will be able to see future updates there.

Nomadic

Good info. I'll be sure to consider everything I learned here, thanks!

Vagabond8630

There are tons of threads about the best app install method discussions on the forums you can refer to, including this recent one.

For normal apps, using the Play Store with an anonymous account offers the best balance between privacy, security, and convenience. For FOSS apps*, I use F-droid to browse available FOSS apps, then use Obtanium to download them directly from source, which alleviates the security issues of F-droid (more on that below). If the app isn't downloadable via Obtainum for whatever reason, then I use F-Droid Basic with a custom repo if possible, then if all else fails, only then F-Droid Basic to download it from the main F-Droid repo.

However, I am not new to open source software, and I was always under the impression that f-droid was superb. Not exactly sure why now it's not necessarily a safe source now and that a sandboxed Google play is better?

F-droid is amazing for privacy, but it does have some security issues. This is a great write-up on the security issues of F-Droid, and PrivacyGuides also has an informative section on the security issues of F-Droid:

Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards.

As indicated in the other post, the *FOSS app refers to:

Apps that are only available on public repos/F-droid and not on Play Store
- ex: NewPipe
For users who want to avoid as much Google code as possible
- ex: Google Firebase Messaging that is included in Bitwarden's Play store version but not in the F-Droid version
Apps that offer better experience on the F-droid version
- ex: Apps that require in-app purchase on the Play Store version, but offer the full functionality on the F-droid version, such as Tasks.org