Dumdum:

yes both those things are enabled.

Van-de-GraaffeeneOS:

I must have missed where those were discouraged amongst all the posts encouraging them.
There are two apps in particular that are banking apps that I could not find other places.
I am not interested in anything that involves logging in to google.. at all.
I am not familiar with Accrescent or Obtainium:

  • I will look into them.
  • what makes them better?
  • How privacy friendly are they?

    smjohnston

    Obtainium downloads applications directly from github

    Accrescent is available on the GOS app store and is just a secure play store with more apps than the GOS app store

      I can not find my banking apps on either of those.

        smjohnston then you can't install them, GOS isn't supported by your banks application. Use their web app, but you most likely can't use their android app.

          My banking apps are both available in Aurora Store... which is why I am using it. It would be great if I could find them in the stores you mentioned though.

          smjohnston

          GrapheneOS has never in recent time encouraged the use of Aurora Store. It is actively discouraged by the community and officially by the project, due to severe security issues with it, as well as the fact that it has no privacy benefit over using sandboxed Google Play Services on GrapheneOS, which is the recommended way of usage.

          You can search for Twitter posts by the project account mentioning Aurora Store. If you view through a couple, you will see that it indeed is not being recommended to be used, but to stay far away from it.
          You can also join the Discord or Matrix channels and ask for more information there.

          The only places that recommend Aurora Store are those that either spread misinformation or have been misinformed themselves. It is very difficult to get accurate and good security/privacy advise on the Internet. Places like YouTube or Reddit should best be avoided completely, as most advise and information there is misguided, inaccurate or outright dangerous.

          The gist is:

          • Aurora Store does not properly verify downloaded apps (dangerous)
          • Aurora Store has no working or reliable auto-updates (severely dangerous)
          • Aurora Store does not avoid any Google tracking, due to many apps on the Play Store bundling Googles libraries with them, which run on your phone even if you don't have Play Services installed and collect the same amount of data, as if you would have Play Services installed directly. (Which is not much to begin with, due to the strong app sandbox)

          Play Services run completely unprivileged and without any elevated system integration or access. You can use an anonymous Google Account without phone number or PII with it.

          If you want to really avoid Google or Play Services as best as possible, you cannot use any apps from the Play Store at all, this includes Aurora, as it doesn't make any privacy benefit or avoid any tracking, as described previously.
          Be aware though, that it is basically impossible to avoid Google as a whole, in the software world.

              pxlkng
              what can I do , if I don't want sandboxed play store and the app i want is only available in it?
              is there an safer alternate to aurora store?
              or should I create a user profile solely to update my apps across profiles?

                  OneKTN816 just use Aurora.

                  I could read the reasoning further above infinite amount of times but am not convinced.

                  Play Store is supposed to check apps for malicious code and sign them before publishing and any subsequent update so I am going to trust they are sticking to their word when Aurora pulls a package from Google servers after authentication.

                  Auto updates add zero value, i still receive notifications and prefer to update manually after reviewing changelog. I am not as worried about Google tracking all that much since any identifiers are tied not only to my device but also to the "anonymous account" used to download it by a pool of users which I believe hinders its tracking abilities.

                  I don't use apps that have compatibility issues. Whenever I need online service, I use web app instead of native app. Most of my apps work offline and there is no channel to collect the tracking info. IPC mainly works in regards to Play services.

                  I use always on VPN to mask my real IP.

                  I know, some will not agree and that is okay. I already give Google enough room to track me around the web when I browse with JS on, I have no need to support their business model any further.

                      5 days later

                      SgtSurehand
                      I got the same problem. I can not install apps from the neostore
                      did you find a solution?
                      thanks :)

                          thanks a lot for your answer
                          I was not able to install apps from the neo store
                          it's happening exactly what is described in the first post

                            bimbam I try to keep my setup as simple as possible, sourcing as many apps from Accrescent as possible, some apps from GitHub check out with AppVerifier but not all, hence I tried to enquire about updating its database with not a very satisfactory reply. So my app setup remains a work in progress almost 2 and half years since beginning with GrapheneOS. I will get there though :)