• General
  • Switching from iOS, confused about App Stores and Profiles

I'm switching from iOS, with the goal of reducing my exposure to surveillance capitalism. I've never used an Android phone, and multiple app stores and profiles are confusing me. I don't use many apps, even on iOS, so I'm hoping the switch to GrapheneOS will be relatively easy. However, I don't know if I need Google Play, and if I do, if it is best in the owner profile or secondary profile(s). Please help an old fool!

On top of all these questions, I still don't understand what are the privacy benefits to using Aurora Store over Play Store if I use a single-use fake email address with the latter?

App examples:

1) I can install Signal Messenger directly from their website (APK), give it permission to self-update, and it supports its own notifications system. If this is correct, then I don't need Google Play? Any downsides to installing Signal this way instead of with Google Play?

2) I've read that Protonmail works without Google Play, but if I want notifications then I need to install Google Play. If this is correct, and I want notifications, what is the privacy disadvantage to installing it in my owner profile where I run Signal? And if Protonmail and Google Play are in my owner profile, should I then just install Signal from Google Play, too?

3) I use Spotify--a lot. Yes, I know it conflicts with my threat model described above, but I knowingly choose to use it because I value music discovery that comes from my listening data. Since it's a non-FOSS app, should I install it in a secondary profile, even if I use it all day long? Or, if I already am running Google Play in the owner profile (to get Protonmail notifications), then is there a privacy disadvantage to having Spotify in the owner profile, too?

TL;DR: What are the privacy threats to having Google Play on the owner profile? Are these threats mitigated with putting Google Play in secondary profiles? Does Aurora Store offer additional privacy benefits compared with using Google Play with a single-purpose email alias?

Thank you for your help!

    coffeefun What are the privacy threats to having Google Play on the owner profile?

    First of all, sandboxed Google Play is perfectly fine to be used in the Owner profile. Unlike on stock Android, sandboxed Google Play on GOS is a regular app bound by the same sandboxing and permission model as any other app.

    That's said, some people (myself included) prefer not to use sandboxed Google Play, I'll list my personal reasons:

    • I don't really need it
    • Google Play can technically phone home about what it sees on your device such as when you receive a notification, list of installed apps, timezone, installed languages and so on. It's not a fact that they do it but technically they can (given Google Play Services have Internet permission)
    • Extra software increases attack surface. Also, given Play Services can receive notifications it creates an extra attack channel
    • Play Services can communicate with other apps via RPC with mutual consent. For example, apps can potentially leak some data via Google Play Services even though the app itself doesn't have Internet permission.

    Using Play Services in another user profile limits some information that Play Services can access but not all of it. It helps to limit RPC to only apps installed in the same profile, access to files (although similar effect can be achieved through scoped storage permissions feature on GOS).

      I am relatively new here too in terms of Graphene but if you never used android I would suggest to slow down a bit. I don't know your background but if you have a normal life next to IT its probably better to do the move in steps.

      First of I would recommend staying with the Sandboxed google framework that provides the ability for most of the apps to have notifications. And In general it helps to have a really easy experience. After all you don't wanna rage quit when something just does not work and its too complicated to fix it fast.

      So, I think the best option is in this case is to install the Google Framework plus the Google play store with the Graphene OS installer built in. The only permission you have to give is internet access to the Framework and nothing else never even have to log into google on any of these apps. Make sure to also set the battery use to be unrestricted for the framework.

      After this, your phone should have no issues with installing most of the android apps.

      Since Google play store is not needed you can use F-droid for open source projects (try here first) or you can use Aurora store in antonymous mode to install anything from the google play store.

      Hope this helps.

        evalda I see your point and true, you always have to trust someone. Honestly there is no perfect way to do this. Sanity has to allow some level of risk. I think it always depends on the person.

          Sprout5888 that's fare, people should use whatever they think suits them best. I wouldn't recommend less secure options tho...

          Better ways to install apps on GOS are Play Store, Aurora or downloading apk directly from developer (and setting up RSS feed to update it manually unless the app can update itself).

          Honestly I trust F-Droid a lot more than other app stores. The scripts that audit the code may not be perfect, but the fact that it is open sourced means the repo maintainers, devs, and other contributors are looking through it too

          The Google Play Store, on the other hand, is a minefield of spyware and malware. This is nothing new, it has always had this reputation, but it never stops or even seems to slow down.

          Even the apps that are not blatantly malware sometimes have undesirable features that are not disclosed on the Google Play Store, where on F-Droid I have sometimes passed on an app due to a disclosure of unneeded telemetry or ad content.

            BluishHumility I see what you mean but we should separate choosing an app vs way to install it. You can find apps on f-droid web site, read about it and if you like the app, download it from developer's website.

              Still, I would defer to the F-Droid version as it notifies whenever an update can be pulled down. I would be less inclined to trust a clunky RSS job with this than a trusted maintainer's F-Droid repo.

              In the end, each person must choose for themself what method they are most comfortable with--as this discussion reveals, there are many factors to consider and no one method which is universally best.

              • [deleted]

              coffeefun I'm switching from iOS, with the goal of reducing my exposure to surveillance capitalism. I've never used an Android phone, and multiple app stores and profiles are confusing me. I don't use many apps, even on iOS, so I'm hoping the switch to GrapheneOS will be relatively easy. However, I don't know if I need Google Play, and if I do, if it is best in the owner profile or secondary profile(s). Please help an old fool!

              On top of all these questions, I still don't understand what are the privacy benefits to using Aurora Store over Play Store if I use a single-use fake email address with the latter?

              Greetings another old fool:-)
              It can be very overwhelming once you start noticing privacy issues here and there. But let's not drown in despair :-) If you're not in a real danger and just want to minimize the data that could leave your device, than you can test what is a viable option/ settings for you.

              You stated that you need notification, than Play services it is, or migrate to services that have a working solution without Google. Protonmail doesn't have notification system that wouldn't depend on Google, yet. There are some apps that have working solution without Google: Signal, Fairmail, Tutanota.
              It is highly recommended to read https://grapheneos.org/faq and https://grapheneos.org/usage, but for this case especially this would be helpful: https://grapheneos.org/faq#notifications

              As for Aurora vs Play store, in Aurora you do not have to use any account at all. Once you install Aurora, give needed permissions it would welcome you with the list of your apps and you can install whatever you want. If you would prefere Google play, I would recommend going through the gmail settings and turn off everything and set it with your phone so that nothing is backed up to your gmail (automatic sync OFF).

              Because you haven't used Android, I would recommend starting with one profile and familiarize with the system and settings. Adding new profile and learn how to be comfortable with multiple profiles can come later.
              Good luck.

                evalda

                Thanks for your advice! Yes, I agree, I prefer not to have any Google apps on my phone (even sandboxed), as my goal in using GrapheneOS is to avoid surveillance capitalism.

                For a follow-up question, I am curious what is the best way to install Protonmail (and their other apps) and keep them updated with the latest versions. It appears I have 3 options to install: 1) download the APK from their website; 2) install from Aurora Store; and 3) install from Play Store.

                For the direct download APK, how does it stay updated? I understand this option won't have email notifications. How does it update and does it notify when an update is needed?

                For Aurora Store, is it correct that I won't receive email notifications? Also, is there a privacy advantage to using Aurora Store instead of Play Store? Specifically, does Aurora Store have the privacy risks you describe above about sandboxed Google Play? And, does Aurora Store update apps installed from that store?

                For Google Play, I understand that I will receive email notifications for Protonmail, but with the privacy risks you mention above. I am willing to abandon notifications in exchange for increased privacy, so I think this would be my last option for using Protonmail.

                Thank you so much for your help!

                  Sprout5888

                  Thanks! I agree, getting overwhelmed can result in defeat. I'm working to educate myself as much as possible to help prevent that from happening. I'm going slowly, a little bit at a time, until I feel comfortable replacing my iPhone as my daily driver.

                  coffeefun
                  Hi, Im sure evalda will answer those queries but just regarding the apk direct from a developers website (say for example Proton) you would just need to check their website everyday and the version number to know when there is a new update available. When there is if you just download that one it will overwrite the older version you have. Hope that helps.

                    Why protonmail?
                    If you use a proper email client (fairemail preffered, or k9mail less preferred) with an IMAP service, then you get push notifications without needing google services at all.

                    My personal choice would be to avoid anything that requires google services for notifications, since any data that is fed through google... they know about. They don't necessarily know the content of the message if its encrypted, but they can certainly know details about the message.

                      evalda

                      Thanks for your comments about F-droid. I've been reading about this debate. My preference is to choose the most secure installation method. From my limited understanding, it seems like the RSS has better security, but is more involved / less intuitive for the end user. I'll search for tutorials on this process.

                      Thanks for your suggestion to check out F-droid's website. I've been left wondering how I will discover FOSS apps if the F-droid Store isn't secure. Thanks for clueing me in on what should have been obvious to me ;-)

                      As a side question, is there a curated list of recommended FOSS apps for GrapheneOS?

                      [deleted]

                      Thanks for your help! Yes, I'm not in any danger, just want to avoid surveillance capitalism. I don't necessarily need notifications in Protonmail, but it would be preferred. I'm willing to forgo notifications if it increases my privacy, which in this case, sounds like it will.

                      Other than not needing an account to use Aurora Store, does it provide additional privacy benefits over Google Play? What about security? I continue to wonder if Google still will be collecting data about my apps and usage if I use Aurora Store. As a metaphor, I imagine using Aurora Store instead of Play Store is like wearing motorcycle helmet into a store. They can't see my face, but they can see how tall I am, my gait, my voice, and so on. So with that other info they might be able to build profiles on me.

                      Thanks!

                        abcZ

                        Thanks for your advice! Yes, I agree, I don't want any Google services or apps on my phone. I use Protonmail because it presents a good value for me when combined with their other services: VPN, calendar, email aliasing. And coming from an iPhone, notifications was never an issue.

                        tango

                        Thanks for your help! Is this true for all direct APK installs? For example, I have read that the Signal APK can self-update. Is this correct? If yes, is the self-updating feature something that would be developer-dependent? That is, some APKs will self-update, while others no? Thanks!

                          @coffeefun Hey there, and welcome!

                          I will give you one piece of advice that I've been giving newcomers, especially people who are coming from iOS.

                          Forget about user profiles. Install GrapheneOS, use the owner profile only, and install Sandboxed Google Play and get your apps from the Play Store.

                          Given the fact that these apps are sandboxed like every other app on your system, with this simple setup you have a simple, pain-free and convenient way to use your device and your favorite apps while significantly increasing both your security and privacy compared to a similar setup on Stock OS.

                          User profiles do provide benefits, but things can get esoteric very quickly. If you're interested, I'm sure you'll read more about them and other things and participate here and you may end up using them down the line, but please do yourself a favor and don't overwhelm yourself. I see people repeatedly make that mistake and then think that GrapheneOS is difficult to use, when in fact they've just made their lives unnecessarily difficult all on their own.

                          Related to this, I have 2 of my previous posts to suggest, as they'll shed some light / provide some context on Sandboxed Google Play and user profiles:

                          https://discuss.grapheneos.org/d/2501-privacy-sacrifice-when-using-google-play-services/5
                          https://discuss.grapheneos.org/d/168-ideas-for-user-profiles/2

                          With that out of the way, outside of Play Store, recommending ways to obtain apps gets dicey pretty quickly. F-Droid is not a source I can recommend anymore for the reasons mentioned above and others. Another option is the RSS method. Obtainium is another option that attempts to make the RSS method a bit smoother. Keep in mind that for someone in your position, I don't recommend either of these approaches at this point.

                          The only alternative app source outside of the Play Store that I would recommend is Accrescent, however it's in very early alpha and only contains a handful of apps at the moment. It's the kind of thing to keep an eye out for, rather than something to use at the moment.

                          I hope this helps! Feel free to ask any follow-up questions. :)

                            matchboxbananasynergy

                            Thanks for your thorough response, and for the links to other threads! Based on your comments and others, it sounds like sticking with the owner profile is best in the beginning. I do have a few follow-up questions!

                            The significant increase in security and privacy from GrapheneOS over Stock OS was my main motivation for choosing the former, because it aligns with my goals of reducing my exposure to surveillance capitalism. A question I have is, what are the privacy pros/cons of using sandboxed Google Play on GrapheneOS compared with iOS? I assume that GrapheneOS without Google Play is better than iOS, but it's not clear what are the pros/cons with Google Play, with respect to privacy.

                            Based on your comment, and those of others, it sounds like the consensus is that F-Droid has security risks. I agree, the RSS alternative will require some time investment to learn. However, my goal is to move to FOSS apps, and I'm willing to learn, and I accept that this will have a learning curve. I hope that things progress to make things both secure and intuitive for older, non-tech people!

                            I noticed that you didn't include Aurora Store in your list of app sources. Is Aurora Store not recommended? By using it, do I gain any privacy benefits over Play Store? Do I lose any security benefits using Aurora instead of Play?

                            Thanks for your help!