• Off Topic
  • Michael Bazzel recommends F-Droid and Aurora Store, "Insecure?"

  • [deleted]

Genuine question. I'm reading his book and he makes some good points about this.
Thoughts? Even his latest version of Extreme Privacy Mobile Devices still recommends these.

    • [deleted]

    [deleted] if the title of his book was Extreme Security Mobile Devices, he would not be recommending these two app stores, but something else.

      • [deleted]

      [deleted] I understand that point. And it also makes me curious too, because he also speaks a lot about the importance of security.

      My question is, why would he be recommending them if they were insecure?

      • [deleted]

      [deleted] he also states that he and his clients all have this setup with F-Droid and Aurora Store.

      There is no ideal solution at the moment.

      All the available options have downsides. Anyone telling you there is one best way is making a judgment based on their own preferences, and others may have good reasons to disagree.

      Beyond that, why not try asking him to explain his recommendations, rather than asking other people to speculate?

        • [deleted]

        Probably9857 You make a good point. I wasn't aware that I could contact him directly, but I will look into it - appreciate that :)

        We can only speculate. But if I had to guess, the reason would be usability. Creating and maintaining Google burner accounts would be an extra annoyance for his clients.

          lost_cause Creating and maintaining Google burner accounts would be an extra annoyance for his clients.

          I have personally not found that to be difficult, at all. After creating a Google account with Play Store, no additional work is required to maintain the account. Signing up is also easy. I've written about creating a Google account without providing personal info here: https://listed.to/p/vznkmwrV5w

          The fact that an account is needed just to install apps is annoying, though, I agree with that.

          As to why this author recommends specific app stores, I think that is up to them to decide if they would like to elaborate on that.

            [deleted] Michael bazzell has terrible advice I wouldn’t listen to anything he says frankly.

              • [deleted]

              fria his books have 4.5+ ratings on Amazon, he surely can't be so terrible, eh Fria?

              • fria replied to this.
                • [deleted]

                fria I guess it just really depends on how one wants to setup their GOS device.

                Michael Bazzell's setup seems more simple for a lot of users.

                And he made another couple points about using just these 2 stores.

                He says at least once a week that he gets an angry email saying that he shouldn't be recommending these stores, and receives a link to an article (the same one we see everywhere from almost 3 years ago), about a "Confusing UX" and so on.

                He states that he doesn't trust anything fully, and he knows there can be malicious acts with any store.
                And that for a setup that allows you to move on wirh your life from your mobile device without much tinkering, F-Droid and Aurora are optimal for him and his clients.

                I understand a couple of his points, I was curious about what the community thought of it all.

                I may send him an email about it, let's see if I can find his details lol.

                [deleted] there’s a lot of quacks that scam lots of people, amazon reviews don’t matter.

                fid02
                I haven’t tried this method yet, since I read one of your comments last month, but what about pseudonymous non-burner accounts, that is, accounts to buy apps?
                Are you able to buy apps?

                I’ve been successful in redeeming Google Play Cards and buying apps, but that involves asking Google support to redeem it for me, which is less than ideal, to say the least.

                  leafnose Are you able to buy apps?

                  I haven't heard of anyone having issues with buying apps with a credit card through Play Store? If you're wondering if buying apps requires providing a phone number, then I haven't heard reports of that, although I haven't tried myself.

                    fid02
                    It’s just that I don’t know how to get anonymous prepaid cards for my country, that’s why I took the Play cards paid with cash route.

                    • [deleted]

                    I don't understand why lots of you worry about providing your phone number rather than worrying about systemic surveillance related to the use of Google Play Services. Protecting yourselves from tracking is hard enough already even without their use.

                      [deleted]
                      Why not worry about both? Those are not mutually exclusive.
                      A phone number tends to end in the phone contacts of more people than you gave it to, and… I already know that if I give my phone number to a family member, my officially registered phone number will be siphoned by WhatsApp – and Google or Apple – in the following minute, and people tend to use real names in the contact list.
                      That seems to me to be quite pervasive and systematic.

                      Giving my phone number to Google would only make things worse, especially since it would be bound to a device.

                      Our own App Store, Accrescent and App Verifier are highly recommended by GrapheneOS.

                      For apps in the Play Store, sandboxed Google Play Store is the most secure way to obtain them and many of them depend on sandboxed Google Play anyway. Making a purpose-specific Google account for this is very useful. If you're obtaining apps from the Play Store, you're trusting the Play Store to package and sign those apps regardless and many of those apps choose to include the Google Play SDK and libraries anyway.

                      We cannot recommend Aurora Store at the moment due to security issues. There is some initial work on addressing it but the main issue of not verifying signatures. The default account sharing is a potential problem but not the main issue, and it's likely to stop working at some point anyway.

                      We cannot recommend F-Droid due to major security and trustworthiness issues. We don't recommend adding this as another trusted party instead of using developer builds. You do not truly avoid trusting the app developers since they build whatever is released with near zero scrutiny and even serious review would not realistically catch issues.

                        GrapheneOS

                        Perhapse more Apps (Mirrors) in the App Store would help? Just a thought.