decided to use Obtainium to install apps - please advise on these issues

nervousball

Hi all,

Decided to move over to Obtainium - I heard mixed opinions about aurora (fails to verify signatures) also it constantly failed to download/update apps for me whilst delivering loads of errors..then I find out app is installed after a while.. and some talks about f-droid safety…I’m not tech savvy when it comes to phone software so won’t argue with you guys - I agree, all these app stores have pros and cons..Obtainium seems very straight forward to keep up to date versions once I set things up initially..

I did some digging and played around, watched some guides, including side of burritos videos..

I will now provide my app setup and hopefully someone could shed some light into it:

I currently use:

Stock Graphene App Store;
Accrescent; (although very limited options)
AppVerifier - to verify apps (obviously);
Obtainium

What I still have and in the process of migrating over to Obtainium:

Aurora Store;
F-Droid;

I’m aware that It is total my responsibility to provide source link, so I will be using GitHub’s official repositories to the best of my knowledge, as well - added apps to Obtainium via Crowdsourced configurations (https://apps.obtainium.imranr.dev/)

Now the issues I’m facing:

1. I still use aurora and f-droid and apps that I’ve added to obtainium were already installed on my phone..so obtainium on some of them states: “a pseudo-version is in use”. I assume this is existing app with previous/existing version that was installed via alternative, e.g. f-droid App Store? But then, some apps that are already installed on my phone DOESNT state “a pseudo-version is in use”. So this gives me extra concerns about the app versions that I downloaded off aurora…
Shall I just uninstall, and install via obtainium? Im thinking on doing that for all apps once I find right source URLs and signature keys
2. Verification - if I’m struggling to find app via app verifier (as it might not exist in database) AND I couldn’t locate SHA-256 certificate on GitHub, is there another place I could look for this to verify authenticity of the app?
3. Okay now most important question - as many of you, most likely - have some apps that aren’t FOSS and couldn’t be found on f-droid etc. such as banking apps..as in a nutshell, obtainium isn’t really an App Store, right?
So if I wanted to install apps such as Barclays, Lloyds etc - and cannot find them, do I:
4. Download .apk files via aurora manually and try to verify it via app verifier? And/or try to somehow locate signature if it isn’t in database ? If I try GitHub I don’t think I can find them unless I need to go to their API docs and do some API calls…which I think might be not best method here

So as you can see I want it to make it safe secure and straightforward, but the more Im trying to do this - the more confused I get and this isn’t really convenient…

Unless.. I would create a separate grapheneOS profile and use google play store there with fake account used only for apps that I’m struggling obtaining via obtainium ?

What are your thoughts on this? Thank you and sorry for long read - just thought best to explain all situation in more detail

Lilac6044

nervousball So, I would go as far as to say that more 'ink' has been spent on the topic of how to install apps, than any other single topic on this forum. It is a very polarising discussion and I would suggest reading through the myriad of threads to make your own decision.
For what it is worth, I personally have a 'fake' Google account and download everything via Google play store.

Chipper

I dont use any store, other than accresent, and the built in one, similar to you.
I use obtainium for everything else. Im not familiar with the error your describing in question one, however if you are going to run multiple stores as well as obtainium (obtainium is not a store it is essentially a tool for automating manual installs/updates.) being clear on which app is being used to install and manage (update) each app will matter, particularly if the store detects installed apps and offers to manage updates for you.
However i have had issues when i first started using Obtanium as prior to that i was manually installing and updating my apps from there particular websites (whether it was github or direct downloads from the app developers websites)
You need to make sure you completely remove an app including deleting caches etc (im unsure if just uninstalling an app clears all the caches or not, i suspect it proberly does however i always made sure i force stopped, disabled, cleared storage, cleared cache, and finally uninstalled, when i removed existing apps, cause it seems more thorough) prior to installing it with obtainium.

Regarding the verification, everything i install i have been able to get the keys to check but i do know with many it isn`t common (for me that would and is a deal breaker, id just find something else or do without.) and while i dont know if there is a trusted repository of keys or not, I personally dont like the idea of adding another 3rd party into the mix requiring ultimate trust. thats i guess the benefit of a store, particularly the play store which cant really be faulted from that perspective.
One option you have, (which i have had to do with one major app i needed, when they decided to stop offering it precompiled through github, and instead move the apk to fdroid with only source on github)
is to build the apk yourself from source if it is available, and i wont lie as a non programmer this was a steep learning curve but i managed to plow through and now have a virtually isolated compilation image, on a physically seperate predominately airgapped machine, which i spin up when my daily version checking script informs me a new version exists..

I cant really comment much on 3, when i decided to come to graphene it was after having already made the decision a year prior to degoogle, and the purchase of the phone and installation of gos was a major improvement from what i had been doing, so by that stage i was already comfortable using web based interfaces for things i couldnt get apk`s for, but yeah prior to that being accustomed, to app this, app that, banks, superannuation, goverment, tax, games etc etc etc it was a big change that required accepting in alot of cases less convienience/functionality, but i will say that now after 6 years, im never in the position where i feel like im missing out on anything or where there is something i would like to or need to do and cant.

Regarding having a fake playstore account on a seperate profile thats entirely up to you and what you are prepared to accept, I just dont accept googles terms and conditions, and for me its that simple but i get that is quite a hardline stance for most people. The main problem i see with doing so is your fake profile is subject to all the standard tracking any profile is, and you are gong to need to keep it for updates etc so over time it will build up the same data on you that any profile would.. of course not linked to prehaps your more commonly used identities but google is everywhere nowdays and in particular over the last year i have watched there ai analytics appearing on many more websites i visit were its not just the old school cookie based analytics, but there new ai analytics which from my understanding makes correlation using fingerprinting pretty standardised across so many domains that remaining vigilent and protecting yourself from that is almost impossible even without a google account. (luckily if you employ grainular script blocking with an extension such as noscripts you can at least have insight into which domains are attempting to load this stuff and choose to actively block it.)

nervousball

Chipper you are the legend, thank you for your time sharing this

Graphene1

Just to give another option.

https://zapstore.dev/

Built by a dev on Nostr. Seems to have more apps than other stores and doesn't require an account.

So your own research though as some apps are sign by the app developers, others by zapstore themselves.

DeletedUser396

I use the app website or github and download them directly.
The minimal apps I use, have check boxes within the app for automatic updates. Which is fortunate and both work.
Just go to where Obtanium would go and do it yourself.

Banking apps, I cant comment, I dont use banking on my phone at all.