What is the best way to install apps on GrapheneOS? From my understanding the F-Droid app has some security problems. However, using third-party repo signing keys are controlled by the developers. Is that correct?
From a security standpoint the Google Play Store should be the best option, right?
Aurora Store is only valuable if I don't want to install any Google Play Services, right?
What about side loading the application? From my understanding this is fine after a manual certification check with apksigner. How do I verify certificates? I think the best approach would be to copy past the cert hash into a browser and see if it is mentioned on trusted sources like the developer website or social media site. Is that the best approach of verifying an app?
Are there other ways to install apps on GrapheneOS?
1) Apps app (perfect, limited)
2) Google Play Store (secure, not private)
3) F-Droid (security issues, privacy friendly, third party repos are developer controlled)
4) Aurora (only for accessing apps without Google Play Service installation)
5) Sideloading (secure and private if the app is verified with apksigner before first installation)
Additionally, is it correct that after the first app install a malicious different signed app would be ignored because GrapheneOS sticks to the TOFU trust model?
Is Obtanium a good choice to keep track about updates of a sideloaded app?