xuid0 anonymous phone verified account for Google
I believe anonymous Google accounts to be a myth. Being fingerprinted by app list alone (assuming you used an Android phone and Play Store with a regular account before) and all your anonymity is out the window.
I'm not about to engage in this discussion any further. Who you are threat modelling as your adversary matters in this quite a lot. I'm not comfortable discussing this on a Publicly accessible forum here.
xuid0 Why not use Google Play store app Sandboxed with GrapheneOS perhaps using a anonymous phone verified account for Google?
I would have thought this would be a lot better than using Aurora Store at all?
Yes, I too would like to know what's the better choice between these two: Aurora or Google Play sandboxed? Pros/cons/why...
K8y
I would highly recommend joining: https://grapheneos.org/contact#community
The links are for Discord, Matrix which are both bridged via Software to the same Public channels is my understanding. You would be better asking this question there.
I hope this helps.
K8y Sandboxed Google Play is the most secure way to install apps from the Play Store. Aurora Store currently does not verify the apps it installed are authentic and come from the Play Store.
Additionally, you are not avoiding Google whatsoever by using Aurora Store. Google still gets the list of apps you are installing/updating because you connect to their servers (Google gets IP and device information) to install/update apps.
It is also highly probable that apps you install from the Play Store contain Google libraries that are sending data to Google anyway.
So what are you actually achieving by using Aurora Store?
(There are some valid use cases for Aurora Store such as if a developer has their app's Play Store listing as requiring Play Integrity even though it actually doesn't enforce it. You would be unable to install such apps from the Play Store on GrapheneOS but will be able to do so on Aurora Store)
I will just put this here: https://privsec.dev/posts/android/f-droid-security-issues/
DeletedUser88 For instance, not wanting to install Google Play Services. Or not having to make a throwaway account, which can help if Google starts asking for a phone number of something. It has its security benefits, but there are privacy benefits to not installing play services at all as well.
DeletedUser87
thank you for replying and your advice was excellent.
Worked a treat.
Perhaps a silly question but even graphene's sandboxed Google play app requires a sign in still???
I mean some of these questions would be better answered in the public Matrix channels for GrapheneOS (which are found on GrapheneOS.org main page under Chat). So the community can ask other questions like more clarifying questions rather than a yes or no.
You can create an Anonymous Google account and use it with Google Play Sandboxed on GOS yes it will work.
You do not need to give it credentials of your own Google account. I do however sign in with Credentials of my real identity Google account, but I adjust the Permissions settings and network access etc for any related apps I have installed. I hope this helps (it also might not be correct just what I do).
K8y Perhaps a silly question but even graphene's sandboxed Google play app requires a sign in still???
It is important to understand that "sandboxed Google Play" does not mean "Google Play which has been tricked into not tracking users", because that is not possible.
Running Google Play in the standard Android app sandbox means that Play doesn't have special privileges -- that it would have on a regular vendor Android device -- for accessing app data, reconfiguring the system, etc.
But if an app has been written to contact Play and ask for the details of the currently-signed-in Google account, and there isn't a signed-in account, then the app may refuse to run.
Quite a lot of interesting information there in some of those well informed replys. A bit off piste to my request but informative. Thanks for your replys.