Fossify apps

John564479

Greetings,

I have a quick question; I recently went all in on GrapheneOS and absolutely love it! Im so glad this project exists! However Im not a fan of the default apps. I respect the bare bone concept dont get me wrong but I found them to be a bit too bare bone. I recently discovered "Fossify" apps on F-Droid/Aurora store and I'm amazed. These apps seems to be as pure as it gets in terms of privacy but also have super nice features like backup of sms, call log, change the app to pure dark mode etc. What are peoples thoughts on these apps (calandar, messages, phone, contacts, clock etc)? As they only seem to require permissions that actually makes sense according to exodus (which is very rare these days) and do not require any internet access, can there be any safety/privacy issue with using these apps over the default graphene apps?

[deleted]

John564479

I think they are great and use several of them.

Aeon

I personally use a couple of the Fossify Apps (Gallery, Calendar, Clock, Contacts, Messages, Voice Recorder) and I like them.

I have installed the apps with Obtanium directly from their Github.

Fossify is a Fork of the Simple Mobile Tools Suit of Apps. The Fork happened because Simple Mobile Tools got sold to an adtech Company. https://discuss.grapheneos.org/d/9310-simple-mobile-tools-bought-by-zipoapps

One of the main Contributors made the Fossify fork.

Like with all apps you install you will increase your attack surface and depending on your personal thread model you have to weigh if those apps are okay to use for your own personal use case.

Others here on the Forum will have more advice for you once they see your post :-)

John564479

Thanks for quick reply regarding this. This might be rhetorical but does offline/local app actually increase attack surface? In terms of fossify, is it possible that the messages app actually sends/leaks data to the developer via hidden SMS messages and/or get a copy of sms?

Aeon

John564479 This might be rhetorical but does offline/local app actually increase attack surface?

To a certain degree, yes. But the app being offline with no network access will reduce their attack surface, it will not be zero though.

John564479 In terms of fossify, is it possible that the messages app actually sends/leaks data to the developer via hidden SMS messages and/or get a copy of sms?

The possibility always exists. But people would find out about it as Fossify is Open Source and then it would be gone, similar to how Simple Mobile Tools got abandoned by users as soon as it got sold to an adtech company.

The question I would ask: What benefit would the developer have, to get all those sms and data? Would it be worth loosing their reputation?

Check out the Fossify Github and read through their general discussion and issues https://github.com/FossifyOrg
to get a feel how the devs are.