Safety of Unknown Apps

Okayhello

Do you install unknown apps? Specifically the note app in Accrescent, but really wondering if I should ever allow this, or if being sandboxed makes it safe?

dhhdjbd

In theory everything can happen.

But in reality is the Accrescent app store one of the safest App Stores out there and recommended by GrapheneOS and others.
I often see that it is recommended to get the Apps from the Accrescent apps store, and if they are not avaible, only then to look in playstore.

(See reply 17 in this post https://discuss.grapheneos.org/d/14303-accrescent-store/17)

So getting a note app (both are offline apps anyway as far as i know) is pretty safe from there. You do not need to.give them network permission.

(I did not find the source code for the easynotes, but for the other beautytxt https://github.com/soupslurpr/BeauTyXT
)

(also you can get Appverifyer from Accrescant too, to check other apps. This app is used alot can be trusted)

Xtreix

dhhdjbd (I did not find the source code for the easynotes, but for the other beautytxt https://github.com/soupslurpr/BeauTyXT
)

To add information, Soupslurpr, the developer of BeauTyXT, AppVerifier and Transcribro is a contributor and member of the GrapheneOS project who worked on Network location, I think his applications are trustworthy and I use them.

Okayhello

What does an app verifier do? I've never used one and have never had reason to think I need to?

Also, I'm not impressed with the 2 notes apps on accrescent. If I get one i like from the gplay store and remove network permissions, then nobody (google or the app) would be able to read my notes, right?

Learning lots here, so thank you!

DeletedUser232

Okayhello You can either search for a note app on the play store or fdroid. I personally recommend Notally. It's offline and simple.

dhhdjbd

if you do not download some really obscure note taking app from the playstore, then yes you will be fine.
You can try the standard notes app. It is what i decided on, after a lot of recommendations. It is open souurce and they say they have been audited.
It does allow end-to-end encrypted online storage, but can be used offline without internet permissions just fine. I use the free version but there are paid features, i dont know if free version is enough for what you need (https://standardnotes.com/ https://play.google.com/store/apps/details?id=com.standardnotes)

I think AppVerifier explains it themself best:
https://github.com/soupslurpr/AppVerifier

AppVerifier is an app signing certificate hash viewer and verifier.
It enables you to easily verify that your apps are genuine with others!
AppVerifier takes the app's package name and signing certificates hash(es) and compares them to the ones you provided or the ones in the internal database to verify that your apps are genuine.
You can simply share the verification info to others and receive verification info from them and share the received verification info to AppVerifier and you will see the verification status.
AppVerifier does the heavy lifting for you

So it is a tool to protect you from getting the wrong version/ a maliciouse version of an app. It does nothing to make sure that the app itself is malicouse tho (because it is not possible like this)

But honestly it wasnt really a good recommendation on my part, since it is mostly used by people, which download apks from github etc. or obtainium.
(but ofc it can also be used for app store apps)

Okayhello

Thank you for all that info! I don't need top secret levels of security; I'm mostly looking to avoid my data being collected/analyzed and/or sold, especially but not only by big tech. Therefore, I went with the highest rated notes app in the play store - ColorNote.

Xtreix

Okayhello Therefore, I went with the highest rated notes app in the play store - ColorNote

Ratings on the Play Store are like ratings on extension stores, it doesn't mean anything about security and privacy, a bunch of invasive apps and extensions are rated highly, use BeautyXT on Accrescent if you want a private and secure note app, maybe EasyNotes.