[deleted]
[deleted] I understand that point. And it also makes me curious too, because he also speaks a lot about the importance of security.
My question is, why would he be recommending them if they were insecure?
[deleted] I understand that point. And it also makes me curious too, because he also speaks a lot about the importance of security.
My question is, why would he be recommending them if they were insecure?
[deleted] he also states that he and his clients all have this setup with F-Droid and Aurora Store.
There is no ideal solution at the moment.
All the available options have downsides. Anyone telling you there is one best way is making a judgment based on their own preferences, and others may have good reasons to disagree.
Beyond that, why not try asking him to explain his recommendations, rather than asking other people to speculate?
Probably9857 You make a good point. I wasn't aware that I could contact him directly, but I will look into it - appreciate that :)
We can only speculate. But if I had to guess, the reason would be usability. Creating and maintaining Google burner accounts would be an extra annoyance for his clients.
lost_cause Creating and maintaining Google burner accounts would be an extra annoyance for his clients.
I have personally not found that to be difficult, at all. After creating a Google account with Play Store, no additional work is required to maintain the account. Signing up is also easy. I've written about creating a Google account without providing personal info here: https://listed.to/p/vznkmwrV5w
The fact that an account is needed just to install apps is annoying, though, I agree with that.
As to why this author recommends specific app stores, I think that is up to them to decide if they would like to elaborate on that.
fria his books have 4.5+ ratings on Amazon, he surely can't be so terrible, eh Fria?
fria I guess it just really depends on how one wants to setup their GOS device.
Michael Bazzell's setup seems more simple for a lot of users.
And he made another couple points about using just these 2 stores.
He says at least once a week that he gets an angry email saying that he shouldn't be recommending these stores, and receives a link to an article (the same one we see everywhere from almost 3 years ago), about a "Confusing UX" and so on.
He states that he doesn't trust anything fully, and he knows there can be malicious acts with any store.
And that for a setup that allows you to move on wirh your life from your mobile device without much tinkering, F-Droid and Aurora are optimal for him and his clients.
I understand a couple of his points, I was curious about what the community thought of it all.
I may send him an email about it, let's see if I can find his details lol.
fid02
I haven’t tried this method yet, since I read one of your comments last month, but what about pseudonymous non-burner accounts, that is, accounts to buy apps?
Are you able to buy apps?
I’ve been successful in redeeming Google Play Cards and buying apps, but that involves asking Google support to redeem it for me, which is less than ideal, to say the least.
I don't understand why lots of you worry about providing your phone number rather than worrying about systemic surveillance related to the use of Google Play Services. Protecting yourselves from tracking is hard enough already even without their use.
[deleted]
Why not worry about both? Those are not mutually exclusive.
A phone number tends to end in the phone contacts of more people than you gave it to, and… I already know that if I give my phone number to a family member, my officially registered phone number will be siphoned by WhatsApp – and Google or Apple – in the following minute, and people tend to use real names in the contact list.
That seems to me to be quite pervasive and systematic.
Giving my phone number to Google would only make things worse, especially since it would be bound to a device.
Our own App Store, Accrescent and App Verifier are highly recommended by GrapheneOS.
For apps in the Play Store, sandboxed Google Play Store is the most secure way to obtain them and many of them depend on sandboxed Google Play anyway. Making a purpose-specific Google account for this is very useful. If you're obtaining apps from the Play Store, you're trusting the Play Store to package and sign those apps regardless and many of those apps choose to include the Google Play SDK and libraries anyway.
We cannot recommend Aurora Store at the moment due to security issues. There is some initial work on addressing it but the main issue of not verifying signatures. The default account sharing is a potential problem but not the main issue, and it's likely to stop working at some point anyway.
We cannot recommend F-Droid due to major security and trustworthiness issues. We don't recommend adding this as another trusted party instead of using developer builds. You do not truly avoid trusting the app developers since they build whatever is released with near zero scrutiny and even serious review would not realistically catch issues.
Perhapse more Apps (Mirrors) in the App Store would help? Just a thought.
GrapheneOS thanks heaps for the explanation, I'll keep it in mind!
GrapheneOS We cannot recommend F-Droid due to major security and trustworthiness issues. We don't recommend adding this as another trusted party instead of using developer builds. You do not truly avoid trusting the app developers since they build whatever is released with near zero scrutiny and even serious review would not realistically catch issues.
gplay doesn't scrutinize application developers either. And as far as trustworthiness goes, F-Droid packages a source code archive that matches the builds. That is a heck of a lot more trustworthy than the unreproducable crap you get elsewhere.