I'm new to GrapheneOS.

I've been reading through the grapheme forums and trying to figure out the best way to download apps. There are two main options I'm looking at - Sand Boxed Google Play or Aurora Store via an annoynomous accounts provided by Aurora. I understand there is fdroid, github and several others, but I have questions regarding these two.

Some have mentioned security concerns with the Aurora Store anonymous accounts, but fail to mention what those concerns are. Can someone enlighten me? What are the security concerns with getting apps with the anonymous Aurora accounts? Are those apps somehow always tide to that annoynomous account? I thought the account was just to download the app and that was it. Does it use that same account for updates? Is that account somehow tied to the app? Like if I download an email app with the anninomoys aurora account and then sign into the email account, are they somehow tied together and my identity revealed?

People keep calling the google play store "sand boxed," what exactly doe that mean? Of you get apps that way, is it really that much more secure to put those google play accounts into their own user profile? If so, why?

Wouldn't it just be simpler to download apps via arora store with a dummy accounts and keep everything on one profile?

Sorry for the typos, this keyboard sucks.

    greenwood

    Google services are sandboxed, that means it runs as a standard app rather than an administrative process. It can be uninstalled, disabled, or its permissions changed like any other application.

    Aurora is insecure, it doesn't use a reduced CA set and doesn't properly verify metadata. Your account could be banned if you use a google account to login on aurora.

    It has no privacy benefits compared to an anonymous google account.

    Disclosure: I use Aurora

        greenwood

        CA: Central Authority

        Mostly just out of laziness, but security wise I'd recommend Google play store

            raccoondad

            raccoondad CA: Central Authority

            It's Certificate Authority. See the Wikipedia page. It's used to encrypt your network traffic (https). In general it's more secure for an app to use certificate pinning and to only trust a reduced set of CAs, since there are some untrustworthy CAs out there and it also makes it harder for an attacker to install an custom root certificate to be able to decrypt and manipulate your connection.

                  I remember it was stated several times on this forum that Aurora does not perform a signature (signing key) check when downloading/installing an app. (Neither does Obtainium though.) It's main advantage is being able to download from the Play Store without creating an account.

                  Regarding Play Store there is this article on how to create a fake account:
                  https://cascade.weblog.lol/how-to-create-and-use-a-google-account-anonymously-on-grapheneos

                  I personally use Aurora in the profile I want to remain private simply b/c I found it impossible to create a Google account anonymously. They always prompt for phone number and temporary numbers are not accepted. The paid site for phone verification in the article I linked has like 5-15% success ratio according to themselves so I did not want to waste money for something that may not work at all.

                    Byku "Neither does Obtainium though"

                    Obtainium automatically prompts you to share the APK with apk verifier.

                    Other than that, what would obtainium be checking?

                    • Byku replied to this.

                        No one questions the fact that Play Store (and Accrescent) is the only recommended secure way of gettings apps to enrich user experience but more privacy inclined members of this community seek alternatives to preserve as much of that privacy even at the cost of lowering their security standards and I am truly glad these discussions are starting to take place here.

                          raccoondad Problem with AppVerifier is half my apps are not in its database and there are false positives when its database gets outdated. It would be ideal if the storefront app did this instead.

                              SgtSurehand No one questions the fact that Play Store (and Accrescent) is the only recommended secure way of gettings apps to enrich user experience but more privacy inclined members of this community seek alternatives to preserve as much of that privacy even at the cost of lowering their security standards

                              Can't have privacy without security.

                              In any case, many apps from Play Store contain Google proprietary blobs. Installing those apps from Aurora will not make those blobs go away. In other words there is plenty of opportunity for Google to collect app usage data regardless of the app store being used.

                              SgtSurehand I am truly glad these discussions are starting to take place here.

                              My impression is that privacy discussions around Aurora Store are always taking place here, with at least one new thread on the topic being created every week.

                                    I am trying to replace most apps with open source from Fdroid. If Fdroid doesn't have what I'm looking for, I attempt to use a web app - by adding the web app shortcut to the home screen from the web browser, and then using Aurora store next, and then google play as a last resort.

                                    Im thinking about eliminating the Aurora store by creating a burner google account and then using play store exclusively.

                                    If play store and all apps are individually sand boxed, then why would I need a separate profile for apps from Google Play?

                                      fid02 typical uniform dismissive response that doesn't bring anything new to discussion always pushed by the same three names, instead of actually diving deeper into how and why both frontends for "Google app repository" are rather similar than different.

                                          SgtSurehand typical uniform dismissive response that doesn't bring anything new to discussion always pushed by the same three names, instead of actually diving deeper into how and why both frontends for "Google app repository" are rather similar than different.

                                          I can't see how you're "diving deeper" into this topic yourself? You haven't provided any perspective that is actually substantive. Not clear how I'm supposed to engage with criticism of being repetitive.

                                          Word to the wise: If you want someone to engage constructively in a discussion, best not be rude to them.

                                              fid02 if you consider my previous post rude you must be a fine specimen with very low threshold for rudeness.

                                              To me using Aurora Store very much makes sense since I am not-your-average user and wouldn't use it to download all sorts of privacy invasive stuff, just apps that work well without Play services and its model protective mechanism and that add a whole lot of value to the use of my mobile device. I generally try to avoid apps with known trackers and if they contain them, I tend to revoke network access. In my opinion Play services is one of the most privacy invasive pieces of software ever created because it is designed to work with infrastructure upon which it was built and all apps are more or less dictated to talk to it.

                                              I have long since realized you do not represent view I seek so I do not wish to engage with you anymore on this matter so forgive me this one last reply, but there may be people who have similar interest as me and wish to explore security dowsides of Aurora in exchange for privacy benefits.

                                                  SgtSurehand if you consider my previous post rude you must be a fine specimen with very low threshold for rudeness.

                                                  Labelling other people in the way that is being done here is not something I'd generally consider polite, no.

                                                    greenwood

                                                    Using the play store with a burner account created without a phone number provides you the best security and privacy combination vs using aurora. Some apps also require play services so if your using that app you might as well just use the play store. I haven't seen any other privacy gains to using Aurora other than not having to create your own google account. I wouldn't recommend fdroid tho. There isn't any security or privacy gained by using that store. It would be better to use obtaininum to get the apps directly from github or developer. Eliminates a low security third party. I personally use that plus play services and store. I have play in owner profile with android auto and a few apps I can't get open source like a bank and then have all the privacy friendly apps in my private space. Separating helps ensure apps don't try and communicate with google play services or other apps and can also allow for separate VPN connection. Apps can mutually communicate with each other which is how play services talks to apps about notifications and such. Profiles stop that. Hope that helps.

                                                      This is helpful.

                                                      Can you have play services and stote on owner profile and then push apps to a seoerate profile that doesn't have play store or services? Would that be an acceptable way to have all apps on one profile without play services? Is that profile still secure?

                                                      OR

                                                      My thinking regarding aurora store - I get the apps without a Google account and without play services installed, therefore I don't even have to mess with profiles. It all stays on stays on owner. Additionally the aurora store keeps those apps updated. Is my thinking valid here? Or are those apps still going to talk to each other some how? What security do I loose here?

                                                      Sorry for the typos. I'm still getting used to the keyboard.

                                                        greenwood If play store and all apps are individually sand boxed, then why would I need a separate profile for apps from Google Play?

                                                        1.) If you want to give Google services permissions without access of some kind, or to disable google services easily by exiting the profile.

                                                        2.) Exploit mitigation in case somehow serviced was exploited and somehow also escaped sandboxing

                                                        3.) Prevent intercommunion between apps, including google services.

                                                          greenwood Would that be an acceptable way to have all apps on one profile without play services?

                                                          That works, the apps can't be improperly installed (mismatched signing keys) since app signing keys and updates are global.

                                                          Once you update on one profile, it updates them all. So you can use said google services user to push and update applications.