Aurora Store Security Concerns?

raccoondad

greenwood If play store and all apps are individually sand boxed, then why would I need a separate profile for apps from Google Play?

1.) If you want to give Google services permissions without access of some kind, or to disable google services easily by exiting the profile.

2.) Exploit mitigation in case somehow serviced was exploited and somehow also escaped sandboxing

3.) Prevent intercommunion between apps, including google services.

raccoondad

greenwood Would that be an acceptable way to have all apps on one profile without play services?

That works, the apps can't be improperly installed (mismatched signing keys) since app signing keys and updates are global.

Once you update on one profile, it updates them all. So you can use said google services user to push and update applications.

schweizer

raccoondad It has no privacy benefits compared to an anonymous google account.

This is completely wrong. If you use Aurora with the anonymous option then google does not get your list of installed apps which they can use for fingerprinting. Aurora knows what you download but they cannot link those downloads to your daily activity as google can through playservices.

You can create a google account with a fake name but as soon as you want to buy an app they will require some data that is linked to your official ID.

Aurora is not the solution for that but it is false to claim that google play store can be used in a privacy friendly manner when you need paid apps.

other8026

schweizer This is completely wrong. If you use Aurora with the anonymous option then google does not get your list of installed apps which they can use for fingerprinting. Aurora knows what you download but they cannot link those downloads to your daily activity as google can through playservices.

As far as I can tell, it's not "completely wrong". Depending on settings in Aurora, it looks like Aurora does send a package list to Google to figure out which apps can be updated, even when you select the anonymous option. So it is possible to fingerprint users.

Also, Google knows Aurora exists. It wouldn't be surprising if they know which accounts are anonymous Aurora accounts.

At the end of the day, Aurora is just a different frontend for Google Play that's objectively less secure than Google Play.

schweizer You can create a google account with a fake name but as soon as you want to buy an app they will require some data that is linked to your official ID.

Aurora is not the solution for that but it is false to claim that google play store can be used in a privacy friendly manner when you need paid apps.

Who's making that claim? It should be obvious that if you provide Google with your personal info when using an anonymous throwaway account, it will no longer be anonymous.

raccoondad

schweizer you can't buy applications on anonymous google accounts on aurora anyways, so I fail to see your point. My statement isn't wrong, and I will stand by it.

DeletedUser495

other8026 Aurora does send a package list to Google to figure out which apps can be updated, even when you select the anonymous option. So it is possible to fingerprint users.

Aurora in fact does send a list of installed apps so this pseudo-anonymous identity can be fingerprinted but you don't get the same level of consistent tracking only Play services can support. Many IDs don't get collected thanks to AOSP and GrapheneOS own mitigations.

other8026 At the end of the day, Aurora is just a different frontend for Google Play

I will bet you any money that if I install the same set of apps from Google Play in one profile and from Aurora in another and extract their signatures, checksums will be identical on all counts. So what does verifying signatures by Google Play trying to prove (or how does that make Aurora less secure)?

Reasoning that Aurora doesn't do auto updates is meaningless, it doesn't work in the same way since it is session based. You still get notified of updates.

other8026 It wouldn't be surprising if they know which accounts are anonymous Aurora accounts

That is hardly relevant since those accounts would share characteristics from a pool of users with different devices, which is at worst confusing the analytics.

raccoondad

DeletedUser495

"So what does verifying signatures by Google Play trying to prove (or how does that make Aurora less secure)?"

MITM attacks using bad CAs would make this not the case, as just one attack vector example. Why not use all websites w/ HTTP, most of the time, they would give the same information regardless. Why should SSH do server key checks? Etc. Etc.

Attestation of data is the reason digital signatures in the first place exist, it creates a method of trust. The trust Aurora gives applications is not as well made compared to Google Play Store.

"Reasoning that Aurora doesn't do auto updates is meaningless, it doesn't work in the same way since it is session based. You still get notified of updates."

This is a manual process to create a new session

locked

Byku and AppVerifier , they are slugish at updating the databases for some reason. WhatsApp continues to show up in red with an exclamation. Not sure why it's so difficult. It defeats the purpose, not to be able to update database on a timely manner. Just saying.

skywing

Aren't Playservices also a privacy issue in terms of notifications?
Aren't one giving Google more information that way, than with Aurora, because most (all?) notifications are handled by Playservices, when installed?

greenwood

skywing very good question.

DeletedUser495

raccoondad I don't know every last detail about how authentication to anonymous account (yet still real Google account) takes place and so don't you but you expect the jury to believe it takes place over highly insecure http which is not the case.

It was never claimed Aurora is more secure(!) than directly using Play and that it should be generally used but there are legitimate use cases when you don't want Big Brother physically present on your device even though he can still observe your toileting habits from afar through a dirty window from a high speed train. This will definitely not give him as good picture about you as he would like.

raccoondad

DeletedUser495 "expect the jury to believe it takes place over highly insecure http which is not the case."

I never said this? I explicitly said it would be over HTTPs (well, implicitly, 'MITM attacks using bad CAs would make this not the case,' which would reference HTTPs, not HTTP without SSL/TLS)

I don't really know why you assumed I am referencing HTTP in this, which wouldn't make sense, but to clarify, MITM attacks over HTTPs using a bad CA would allow for an attacker to inject themselves into the connection. This is why Google Play Store uses a reduced CA set.

« Previous Page