oxidant8751 how is Accrescent better than the options already out there
There are 10 apps on it. It could be the best of the best appstores, security and privacy and magic beans wise. But with only 10 apps and no sign of expansion, its hardly apt to make any form of comparison.
mmmm They will allow app submission eventually. Until then the stores can be compared just fine on a technical level
that can be as good as it wants. As long as there isn't a relevantly large number of apps in there, the benefit is relative.
unless GOS decides to use the store exclusively for their apps instead of their own store, then we would be forced to do so
AlphaElwedritsch The benefit is always relative. People make the choice to use F-Droid despite them having an infrastructure rivaling a 3 day DIY hobby project and being insecure. Im not implying they are wrong for making that choice though, as its theirs. Accrescent is something to be excited for without a doubt. Especially for GrapheneOS users since they value security more than most.
As far as I can tell, the main difference in terms of security between the official repository of F-Droid and Accrescent is that apps on F-Droid are build from source on every update, whereas on Accrescent they are directly uploaded by the developer. The advantage for F-Droid it that this ensures all app binaries correspond to their respective source code, which can be audited. The advantage for Accrescent is that app are updated instantly when the developer uploads them, whereas they can take up to a week to appear on the official repository of F-Droid.
I was too slow to edit my post, so I have to make a new one.
Which store is best depends on each user's threat model. If the threat is that an app developer could insert a backdoor in their own app, F-Droid is better. If the threat is that the F-Droid team could insert a backdoor in an app, or that an app could contain a vulnerability that may be exploited if the app is not updated for one week, Accrescent is better.
If a user is willing to verify that an APK is signed by its developer using an app such as AppVerifier, and doesn't care about 0-day exploits, all the apps that have reproducible builds on F-Droid are totally acceptable. Unfortunately, that's only around 5 to 10 percent of the apps on the official F-Droid repo (the rest are built and signed by F-Droid).
How does Accrescent compare to using developer F-Droid repos? For example, Molly from their F-Droid repo compared to Molly on Accrescent. I keep seeing that the official F-Droid repo should be avoided, but what about other repos?
What about izzyondroid and Obtainium?
One thing I did just notice is that the version of Aves Gallery I recently installed from Accrescent was out of date compared to what was available on the IzzyonDroid F-Droid repo.
I'm also unsure which version of apps I'm getting when I use Accrescent since they provide limited amount of info compared to F-Droid and Play Store. For example, there are multiple versions of Aves Gallery and Molly, each with different features.
Does anyone know why Obtainium doesnt support background updates? This is really annoying, especially on big apps.
Many noob users / uninterested people just dont update their apps manually. I do, and I find it satisfying and check release notes, but others dont.
As far as I can tell, after the 1.20 redesign of the F-Droid client, the only functional difference between Accrescent and a custom F-Droid repo may be the app signing key pinning by Accrescent, although it might not matter to you depending on your threat model.
https://x.com/GrapheneOS/status/1803185925112934533
F-Droid has far too many security and trust issues for us to recommend it. The vast majority of apps in the official F-Droid repository are built on their sketchy infrastructure and signed with their own keys. We're concerned about a future mass compromise of F-Droid users.
Yeah, 91% of the apps in the main F-Droid repository don't have reproducible builds, and are signed by F-Droid keys instead of the app developer's keys. This means that somebody with access to the F-Droid infrastructure could update these apps with malicious code without the developers and users noticing.
Sbpr What about izzyondroid and Obtainium?
Like Accrescent, the IzzyOnDroid F-Droid repo distributes builds directly from developers. The repo also implements app signing key pinning and other security measures. If I'm not mistaken, this makes using the IzzyOnDroid repo equally secure as using Accrescent (please correct me if I'm wrong).
Obtainium is not a repo per se, although they have started a crowdsourced list of app configurations in the last months. Apart from apps in that list, apps installed via Obtainium are not curated (they are not scanned for malware, etc.). If your threat model considers developers compromising their own apps as a threat, that makes Obtainium less secure than Accrescent, and less secure than the F-Droid official and IzzyOnDroid repositories. However, if your threat model considers compromised F-Droid repos as a higher threat, it would be more secure for you to install an app via Obtainium. Accrescent would in theory resist a compromised repo, unless the Accrescent client was also compromised to remove app signing key pinning.
If I'm not mistaken, there is an option for background updates in Obtainium.
It can be activated in the app under settings> Enable Background Updates. Background Update Checking Interval can be set with the slider above. Unfortunately this doesn't seem to work with all apps.
oxidant8751 that both F-droid and Aurora Store are insecure due to a variety of reasons
When reading F-droid articles you should always pay attention to what is meant. Mostly the F-Droid app and F-Droid main archive.¹ There are many F-droid clients that are better. & in each client you can use the repositories you want.
E.g. Molly, SimpleX, Cake Wallet, Monerujo, Tor (Browser, Orbot)
¹There have been many improvements in the last few months.
AlphaElwedritsch We're not going to be switching to using it from our own App Store. It's included to provide a way to get developer builds of apps for developers submitting their apps to Accrescent. We don't plan to provide the same service to app developers since Accrescent has it covered and multiple options would be counterproductive.
¹There have been many improvements in the last few months.
There have also been continued regressions in security and trust.
leo F-Droid's repository metadata is poorly designed and the security is poor. The security of anything built around an ecosystem of insecure scripts, clients, builds, etc. is highly questionable.
unless the Accrescent client was also compromised to remove app signing key pinning
No, the OS package manager is what implements the baseline pinning and downgrade protection. That's why having an app repository like F-Droid with poorly secured builds and keys by untrustworthy people is such a terrible idea. It means even already installed apps can be compromised.
GrapheneOS F-Droid's repository metadata is poorly designed and the security is poor.
Thanks, I didn't know about this.
unless the Accrescent client was also compromised to remove app signing key pinning
No, the OS package manager is what implements the baseline pinning and downgrade protection.
Sorry for my ambiguous message. I was referring to the fact that the Accrescent client verifies an app's signature even before the first install, compared to baseline pinning from the Android OS which only verifies an app's signature during app updates. If I understand this correctly, this prevents a scenario where a compromised Accrescent server could deliver malicious apps to people who are installing them for the first time with the Accrescent client. A malicious actor would therefore need to compromise the Accrescent client as well. Again, please correct me if I'm wrong, I am not at all an expert in this topic.
By the way, thanks a lot for making GrapheneOS and staying in touch with the community. I learnt a lot from the beautiful GrapheneOS documentation and from your posts on the forum!
GrapheneOS leo F-Droid's repository metadata is poorly designed and the security is poor. The security of anything built around an ecosystem of insecure scripts, clients, builds, etc. is highly questionable.
I donated to both GOS and F-Droid the same day. This was an error from me? They can use my donation to improve security?
