LazyT
So that theres a chain of trust for users to install a secure app store that isn't Google Play. It's fine and I don't get where you got this idea that "appstore should contain only GOS apps and Google parts". That's not your decision and GOS has never indicated this was the case as far as I'm aware.

LazyT Why was this added?

Accrescent was added the GrapheneOS App Store to provide an easy, secure way of obtaining it. Accrescent is GrapheneOS's main recommendation for an app store other than sandboxed Google Play which is already mirrored. GrapheneOS recommends that people contribute to Accrescent if they care about mobile privacy and security because existing Play Store alternatives are fatally flawed.

Please note that my response is based on the following tweets from the GrapheneOS official account:

    Shall we badger the app developers of the apps we want on there or is it on Accrescent to add apps? Bitwarden, Proton apps, Standard Notes, Mulvad etc are the main ones that spring to mind. I'd say Nostr and Bitcoin apps as well but they seem to be heading down the zap.store route (although I'm not confident that's any different to Obtainium really other than the social element and I'm not sure on the app signing situation)

    I think it's a fantastic idea to have a secure method of obtaining apps (without a google account) personally and is a much needed addition to GOS.

    The app library just needs fleshing out which is fairly clear.

    Now it's in your face that this is a thing on GOS I'm confident the libary will grow as attention is now on more developers and GOS users.

    Not sure why the negative comments.

      Graphene1

      It's up to devs to add their apps on accrescent, and to maintain them.

        Manna
        How, when the registration is closed?

        https://accrescent.app/docs/guide/getting-started/new-app.html

        Sign-up is not yet available to the general public and is only permitted for allowlisted GitHub accounts. This choice was made to ensure that all developers on Accrescent are willing to tolerate the lackluster user experience, console bugs, and frequent policy changes resultant of Accrescent being in its early stages. If you are not allowlisted and are still interested in publishing on Accrescent, you may contact us at contact@accrescent.app to request being allowlisted.

          wuseman

          Yes, registrations are currently limited (just need to ask, it's not really close), but the question (as I understand it) was : to add an application, should I contact the developer or accrescent?
          It's up to the app developer to do it. Accrescent will only give permission to publish apps, they don't publish apps themselves.

          I was in favour of making Accrescent the "official" store of GrapheneOS. But I think the move might have come too early in the life of Accrescent since it is for now very limited in terms of offer. I hope its offer will broaden quite fast ...

          Works pretty descend for an alpha. But I think it needs more apps. I don' t like PlayStore or f-droid.

            12 days later

            This is such a great news, thank you @lberrymage for doing this awesome project! Can't wait the updates, I hope this will become the future of private and secure alternative app stores. Such a missing space here to fill. Best wishes for doing this!

            2 months later

            treequell Hi, I have a question, I'm going crazy to find a way to install apps without verifying manually by myself (which also means I don't have a package manager at the moment apart Accrescent), but then I see that Google Services is in Accrescent, so, is it kind of safe to install them despite I don't want Google to collect all the info?

            My goal is to have a package manager, so am I supposed to install Google Play right after?

            xxx It depends, in my case I need to close the app every time I click on an app, it would be unusable for a first time deployment where you need to install many apps (or if you just browse them), you would go crazy to install apps and kill the store every time... For some reason I can't go back, or moreover there is no button.
            Though this initiative is great, I hope it improves.

              steve66th

              some reason I can't go back, or moreover there is no button.

              It's assumed that users will use system navigation (i.e. gesture or 3-button navigation) to navigate backward through the app, which is why there's no back button. We can reconsider this, but it is currently possible to navigate backward through the app.

                • Edited

                lberrymage

                Right: It works with the back gesture. But a back button like in GrapheneOS Store would help/make sense.

                Thanks both, but I'm still a bit confused, at the moment, the whole point is to install Apps from Google?
                I don't see other ways if I keep using Accrescent, unless I use other repos like Aurora.

                Though is not clear to me how this protects me, I see that the GServices in GrapheneOS are sandboxed, does it mean that every app requesting GServices will be sandboxed too?
                I just need to avoid Google collecting info from my phone.

                  • Edited

                  steve66th does it mean that every app requesting GServices will be sandboxed too?

                  Every app is sandboxed, period. If its requesting GServices, then its using IPC to communicate past the sandbox with mutual consent. If this is a concern, isolate the app(s) in a separate profile from GPlay or avoid the app altogether. An IPC restriction (app communication) feature is being worked on that will allow concerning / troublesome apps to still exist in the same profile as GPlay.

                    App Developer says: regarding accrescent store, it has privacy issue where it asks for email address from GitHub, so that's why SimpleX Chat has not been added yet.

                    Out of curiosity, is it a good idea to install packages manually and the verify from GrapheneOS with Appverify??

                    I don't use many apps as of today so it may suit my needs, though it always says that is present as a signature but not verified, I guess that it takes a lot of time to verify all the developers out there, right?
                    Anyway, so far so good.

                    Dumdum thank you for that, most of apps also run with containers, which in theory are isolated...
                    I wonder how a VPN app could work, I guess that at least they don't use containers, but a process in user-space, sad that there is no console/terminal stock app :D .

                      steve66th If the apps you use are open source, I would advertise Obtainium to install them. Obtainium will install them, but also take care of updating them.

                      steve66th I believe Obtanium works well with AppVerifier, you can share from Obtanium straight to it before installation, if I'm not mistaken.

                      I am not sure if the devs of AppVerifier are concentrating their efforts on adding every single app to the internal database and keeping that updated (not that the hashes change that often but it does happen occasionally), I may be wrong though.

                      You can obtain the hashes for apps from other places too, like from the developer or from a friend who has the app installed already, or even from this forum. I would be happy to give you the SHA-256 hashes of any app that you want to install, if I already have it installed. Though I don't think it would be appropriate to do that in this thread as that is pretty far off-topic from OP's original question.

                      Out of interest though, would you mind explaining what you meant about apps running with containers and wondering how a VPN app could work? Not sure what you meant there. Sounds like you're used to how desktop OSes run. If you want a terminal app, there are some options, with the closest to a desktop experience being Termux, though there are some very big security issues with that one so I wouldn't recommend it unfortunately. I know there are others, but I'm not sure which is the best in terms of security.

                        roamer4223 I was just wondering how VPNs work on Android, considering that most of the apps are containers, and unless you configure the VPN in the VPN software provided by the OS, it would be a just a container and it would suffer all sort of problems, like leaks.

                        In theory, you need admin priviledges on a desktop to configure a VPN usually, and if you don't, you may expose yourself to leaks, especially in a multi-user environment, which is very common when using a smartphone, though this goes beyond the thread.

                        • de0u replied to this.