• General
  • Allow apps to only update itself and not install other apps

This would be a very niche feature for sure. There are apps with the ability to update themselves (Newpipe, Grayjay etc.) and I like to use that over Play Store or Droid-ify because availability or delay reasons. Those apps should never be able to install anything else than updates for themselves though.

Is that a feature worth considering in the future? I have no idea how much effort this would be. Also it's already very sandboxed on AOSP and especially GOS. For harm to happen, a user would need to manually go through installing a malicious app and said app needs to break out of the sandbox.

Just an interesting idea. Any thoughts?

Isn't that already the case? Even when an app is allowed to install / update apps, it still prompts the user for permission to install / update a specific app for the first time. Or am I missing something?

    sustained5314 yes that's what I meant on the user error part. The informed user would see that the app is not the same and probably not install it.

    It would merely be one additional security level to have a pop up like "you can't install this from that source". Similar to when you forbid apps to be installed on a user profile and if you change your mind, you have to go back to owner and unlock the ability again.

    I know it's a very niche idea and on the big scale it won't make much sense to put work into it regarding security. It would however be one more dial to fine tune the system to one's threat model. GOS is by far the most accomplished system when it comes to this kind of control and agency. A nice to have feature if you will.

    4 days later

    I think it could be nice to permit apps to only update without installing new apps. The current permission is misnamed, instead of "Install unknown apps" it's actually as if it was named "Install & update apps". This is useful, for example, to keep an untrusted app store on the device, to update apps that can only conveniently be updated through it while verifying the initial installation using AppVerifier from Accrescent or using a downloaded APK (trying to install/update from the APK and see if it succeeds or fails).

    I'm a bit afraid though of certain apps being auto-updated without my consent, I disable auto-updates selectively for certain apps in app stores in my phone. Currently, as far as I know, the OS always prompts to explicitly get user approval for updating if the installer source is different, even if the APK signature matches. Might still be useful to have this.

    5 days later

    What's the recommended way to update apps on graphene? I tried updating one I downloaded through aurora but it didn't work. It said there was a problem with parsing the package.

    Then another I downloaded from google play didn't update, the blue update button didn't work.

      K8y It said there was a problem with parsing the package.

      This sounds like either the APK was broken while being transmitted to your device, or was broken on the server. Did you try downloading again? If it still fails, try clearing the cache for Aurora Store to force it to redownload rather than reusing the broken APK.

      Please note that Aurora Store has issues (including security issues). You can look for explanations that other people have already written about its issues if you're interested.

      K8y Then another I downloaded from google play didn't update, the blue update button didn't work.

      Can you please explain a bit further what happened? Was the blue update button available and tapping it failed to update, or was there no blue update button at all? Was there any error message? For what it's worth, I sometimes get an error when trying to download an app in Google Play Store, and just immediately retrying once or twice fixes it for me, I don't even have to wait a few seconds to retry.

      K8y What's the recommended way to update apps on graphene?

      Security-wise, the recommendation is to use a well-regarded app store (not F-Droid, not Aurora Store, not Obtainium, etc.) for the initial installation of apps, and then whatever is most convenient to you to update them. However, I recommend only updating Google Play from either Google Play Store (broken since a November 2024 update to GrapheneOS with no way to change it for now) or the built-in GrapheneOS App Store. The built-in GrapheneOS App Store is special because it's part of the OS and verified using verified boot, and thus if you install Accrescent or Google Play Store from it then they're verified by the GrapheneOS App Store which is, in turn, verified by verified boot. And then any apps you install from these app stores are verified by these app stores, which are verified by the GrapheneOS App Store, which is verified by verified boot. This provides strong trust because you're relying on something you're already trusting (GrapheneOS), that has been programmed to recognize the correct thing it should trust (the built-in App Store, which recognizes the correct Accrescent and Google Play Store, which recognize the correct apps).

      • K8y replied to this.
      • K8y likes this.

        Watermelon thank you for your thorough answer. So you recommend just update through the google play store (despite it being broken since Nov 2024)?

          K8y What I meant is that the updating of Google Play itself through Google Play is broken, not that the updating of all apps through Google Play is broken. I apologize that it wasn't clear. You can update your normal apps through Google Play as usual. But to update Google Play itself I recommend using the GrapheneOS App Store, or (if it'd ever be fixed) using the Google Play Store's self-update ability (that's not something exclusive to GrapheneOS, so you can look this up online easily), and never using third-party APK sites or Aurora Store.

          • K8y likes this.