Automatic Aurora-Store Update / start of Aurora-Store ?

upstage4186

pxlkng Could you explain how Aurora store reduces privacy please?

Also, I think it's a more complex situation than you're making it out to be, e.g. if I install WhatsApp with play services installed beforehand, it will automatically register with FCM for notifications, but if I skip play store/services and install via Aurora instead, WhatsApp will poll for notifications, skipping Google's servers. Unless I'm mistaken?

And how do you know which apps will communicate with Google store/services via IPC. AFAIK, there's no way to know so maybe it's just better to use Aurora and cut Google out of the equation altogether?

(These are genuine questions btw, I'm not just trying to argue rhetorically :))

pxlkng

upstage4186 Could you explain how Aurora store reduces privacy please?

It has security issues. For example it doesn't properly verify the authenticity of downloaded apps and has no working or reliable auto-updates, leaving users potentially without critical security updates for their apps.

There is no privacy without security. Reduced security means reduced privacy.

upstage4186 use Aurora and cut Google out of the equation altogether

Aurora Store does not do that. It does not avoid Google. Many apps from the Play Store bundle Google libraries that run independently even without Play Services and facilitate the same amount of tracking and data collection, which is not much in the first place due to the strong app sandbox (also remember Play Services runs fully unprivileged and has no elevated access or system integration).
And those apps that do not bundle Google libraries will not suffer any privacy degradation from being downloaded from the official Play Store as they will just not talk with Play Services. (IPC requires mutual consent)

upstage4186 Unless I'm mistaken?

I'm not entirely sure how FCM is implemented with WhatsApp, but I would expect it is done like with Signal, only using FCM to wakeup and then polling for the actual message content itself. And even if the message content is sent over FCM this doesn't really matter, as WhatsApp uses E2EE and Google will not be able to read anything. So using WhatsApp with FCM therefore should have no tangible privacy impact expect maybe some minor metadata leaks (like time when messages arrive).
Using FCM is also better on the battery.

upstage4186 I think it's a more complex situation than you're making it out to be

Not really. The project is officially recommending against Aurora Store and to use sandboxed Play Services instead, if you have to use Play apps or Services in the first place that is.

upstage4186 And how do you know which apps will communicate with Google store/services via IPC

As already mentioned IPC requires mutual consent. There would be no reason for a FOSS app that has no Google libraries included (e.g. Molly FOSS) to talk with Play Services. And even if they would talk, it can decide what data it gives Play Services (or any other app it talks with).
Apps doing IPC doesn't mean that they can just access all data of one another. They have to decide what they want to share with the other app.

DeletedUser313

pxlkng

Would you recommend using a dummy google account for sandboxed Play Store to avoid linking the main account to the device?

upstage4186

pxlkng It has security issues.

I see. I don't know much regarding the issue of authenticity but tbh, I've been using Aurora for a while and not had any problems with auto-updating.

pxlkng Aurora Store does not do that. It does not avoid Google.

So, what if I have an app that bundles Google libs, but deny it network access, but also have Google play/services installed which DOES have network access as required. I think the concern is, would they be able to communicate via IPC and then as a result, leak data from the network-blocked app?

pxlkng There would be no reason for a FOSS app that has no Google libraries included (e.g. Molly FOSS) to talk with Play Services.

In an ideal world where I could use only FOSS apps, this would be great, but unfortunately I have to install chat apps, apps for banking, work, etc. I know there's Private Space and extraneous user profiles, but sometimes its more ideal to install certain shady apps (like chat apps that need to be active all the time) in the main profile. Not having Google Play in this profile would be awesome.

Viewpoint0232

pxlkng There is no privacy without security. Reduced security means reduced privacy.

Many people parrot that line but it's just not true. Of course, more security is better than less security, but the more secure option is not necessarily the more private option. If you live in a house without curtains but ten locks on the door you're not more private than if you live in a house with curtains but only one lock on the door.

Aurora Store is clearly more private than Play Store because 1. you don't need a Google account and 2. you don't need to install Play Services.

pxlkng You can just create an anonymous Google account

It's not trivial. They'll either want your IP (no VPN/Tor) or your phone number. It seems to be really unpredictable whether they demand a phone number or let you skip that step.

Delaney If "degoogling" is impractical, then to those people who want that, there is little reason to use GrapheneOS

I wouldn't say that. By default, GrapheneOS doesn't make any connections to Google, doesn't come with any Google apps etc. It's fully degoogled by default beyond the unavoidable fact that you need use Google-branded hardware and that Android itself is made by Google. The only ways to be more degoogled on a smartphone would be to get a GNU/Linux phone like the Pinephone (but then you have many other downside, most of all a lack of apps) or to get an iPhone (but then you just swap Google for Apple).

GrapheneOS gives you the choice what you want to do: no Play Services and no Play Store apps, no Play Services and Play Store apps from Aurora Store, sandboxed Play Services and Play Store apps from Aurora Store, or sandboxed Play Services and apps from the Play Store with Google account.

pxlkng

DeletedUser313

Depends on your preference and "threat model". You're not linking any account to the device, though, as Play Services does not have access to hardware identifiers. See https://grapheneos.org/faq#hardware-identifiers

For how to create an anonymous account refer to my second message in this thread.

pxlkng

upstage4186 for a while and not had any problems

Security is proactive, not reactive. It working now doesn't mean it can't break at any moment. It is just not secure or reliable and has shown this many times in the past, where users noticed after months they have been missing updates.

DeletedUser313

pxlkng

So it would be linked to a profile rather than a device then

upstage4186

I agree with pxlkng, Aurora Store tends to have delayed updates. There are also times where the installation fails and I have to try repeatedly

upstage4186

pxlkng Security is proactive, not reactive. It working now doesn't mean it can't break at any moment.

Well yeah, true of any complex system, but it seems other users do indeed have auto-update issues so I guess it's something I need to keep an eye on.

I would love for you (or someone else) to address the IPC issue, though. If an app with google libs embedded and google play services can talk, the app does not have network access but play services does, could this be a potential privacy leak vector.

You mentioned in your first post that:

pxlkng It has security issues and no privacy benefit over sandboxed Play Services.

So far, it seems that it DOES have a privacy benefit. I guess I'll need to balance that out against the potential security drawback(s).

grayway2

pxlkng it's not enough. Going public public places and creating a Google account from there is just the first steep. You have then to be on always on VPN before sign in on that account from your owner profile. Once you download an app, you have to push it on an another profile.

The risk of getting his google account locked for suspicious activity or connection is not negligible.

pxlkng

DeletedUser313

I think not even necessarily that, only to the unique install of Play Services. If you would reinstall Play Services in the same profile I think it should see that as new, at least that is my understanding.

pxlkng

grayway2 Once you download an app, you have to push it on an another profile.

No, you do not have to do that.

pxlkng

grayway2 You have then to be on always on VPN

You also don't have to be on always on VPN.

grayway2

pxlkng what's the point to create an anonymous google account if they have later your home WiFi address or the one from mobile operator ?

grayway2

pxlkng Apps that will talk to Play Services are those that have Google libraries bundled anyways, so it doesn't make a privacy difference.

What makes you think that it does not make a difference ? If we could today prevent apps to communicate each other, it would make a hugh difference.

I could use apps with google libraries build in without linking what I do on them to the Google account I use on a profile.

pxlkng

grayway2

I've only said you don't have to. It all depends. Maybe its on a profile that you only use on public WiFi, at all, and therefore don't need any VPN.
All a question of how its used and what the requirements and preferences are.

Some may even create the account from their home network or on mobile data because they don't care about Google having their IP.

But you can't say you have to have one.

grayway2

pxlkng I'm not so sure that apps from profiles are not doing any connection to the internet even if in bfu state. They maybe can use the connection from owner profile and connect but I'm probably wrong

Rand-Uzer

Here is why you should NEVER use google playstore or for that matter ANYTHING google. I would rather put a gun to my head than use any google product. You have a DEGOOGLED phone, DEGOOGLED is a big hint here so why go to the effort to DEGOOGLE a phone then turn around and download playstore or anything google?
You might as well just buy a cheap phone if you want to use this criminally convicted corporations spy products.
[removed]

https://www.forbes.com/sites/daveywinder/2025/03/18/60-million-malicious-google-play-downloads-as-331-apps-bypass-security/

and here ...

https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/

Mod note: I've removed some of this post because it's rude.

DeletedUser495

Rand-Uzer you can not compare running sandboxed Google Play to using it in priviledged mode on a vulnerable hardware. But I do have my issues with it. It could be the most secure app store in this part of Milky way, but my issues are not related to security.

Delaney

Rand-Uzer I would rather put a gun to my head than use any google product.

Lmao

pxlkng

Rand-Uzer

GrapheneOS is not about degoogling, which is a very idealistic term often sacrificing security and privacy.

There are areas where it benefits security and privacy to avoid Google (privileged Play Services) and there are areas where you want Google for security and privacy (Pixel phones, AOSP, etc)

A GrapheneOS phone is not degoogled. It is still hardware manufactured by Google and you are still running proprietary Google firmware, as well as AOSP which is made by Google and Linux which has heavy contributions from Google.

Please do not spread such idealistic FUD/misinformation.

Rand-Uzer read these 2 articles

This is in no way specific to the Play Store, everything has such issues and malware exists everywhere.

GrapheneOS

Rand-Uzer Using Aurora Store implies using the Play Store and installing apps from it which are generated and signed by Google. You aren't avoiding the Play Store, Google services or Google code by using Aurora Store. It is a frontend to a Google service providing Google generated / signed apps. The reason Aurora Store isn't recommended is because it doesn't check the signatures of the apps it downloads.

Please avoid spreading baseless, unsubstantiated claims here.

pxlkng

Delaney

pxlkng GrapheneOS is not about degoogling, which is a very idealistic term often sacrificing security and privacy.

There are areas where it benefits security and privacy to avoid Google (privileged Play Services) and there are areas where you want Google for security and privacy (Pixel phones, AOSP, etc)

A GrapheneOS phone is not degoogled. It is still hardware manufactured by Google and you are still running proprietary Google firmware, as well as AOSP which is made by Google and Linux which has heavy contributions from Google.

« Previous Page Next Page »