Thanks! I agree, getting overwhelmed can result in defeat. I'm working to educate myself as much as possible to help prevent that from happening. I'm going slowly, a little bit at a time, until I feel comfortable replacing my iPhone as my daily driver.
Switching from iOS, confused about App Stores and Profiles
coffeefun
Hi, Im sure evalda will answer those queries but just regarding the apk direct from a developers website (say for example Proton) you would just need to check their website everyday and the version number to know when there is a new update available. When there is if you just download that one it will overwrite the older version you have. Hope that helps.
Why protonmail?
If you use a proper email client (fairemail preffered, or k9mail less preferred) with an IMAP service, then you get push notifications without needing google services at all.
My personal choice would be to avoid anything that requires google services for notifications, since any data that is fed through google... they know about. They don't necessarily know the content of the message if its encrypted, but they can certainly know details about the message.
Thanks for your comments about F-droid. I've been reading about this debate. My preference is to choose the most secure installation method. From my limited understanding, it seems like the RSS has better security, but is more involved / less intuitive for the end user. I'll search for tutorials on this process.
Thanks for your suggestion to check out F-droid's website. I've been left wondering how I will discover FOSS apps if the F-droid Store isn't secure. Thanks for clueing me in on what should have been obvious to me ;-)
As a side question, is there a curated list of recommended FOSS apps for GrapheneOS?
Thanks for your help! Yes, I'm not in any danger, just want to avoid surveillance capitalism. I don't necessarily need notifications in Protonmail, but it would be preferred. I'm willing to forgo notifications if it increases my privacy, which in this case, sounds like it will.
Other than not needing an account to use Aurora Store, does it provide additional privacy benefits over Google Play? What about security? I continue to wonder if Google still will be collecting data about my apps and usage if I use Aurora Store. As a metaphor, I imagine using Aurora Store instead of Play Store is like wearing motorcycle helmet into a store. They can't see my face, but they can see how tall I am, my gait, my voice, and so on. So with that other info they might be able to build profiles on me.
Thanks!
Thanks for your advice! Yes, I agree, I don't want any Google services or apps on my phone. I use Protonmail because it presents a good value for me when combined with their other services: VPN, calendar, email aliasing. And coming from an iPhone, notifications was never an issue.
Thanks for your help! Is this true for all direct APK installs? For example, I have read that the Signal APK can self-update. Is this correct? If yes, is the self-updating feature something that would be developer-dependent? That is, some APKs will self-update, while others no? Thanks!
- Edited
@coffeefun Hey there, and welcome!
I will give you one piece of advice that I've been giving newcomers, especially people who are coming from iOS.
Forget about user profiles. Install GrapheneOS, use the owner profile only, and install Sandboxed Google Play and get your apps from the Play Store.
Given the fact that these apps are sandboxed like every other app on your system, with this simple setup you have a simple, pain-free and convenient way to use your device and your favorite apps while significantly increasing both your security and privacy compared to a similar setup on Stock OS.
User profiles do provide benefits, but things can get esoteric very quickly. If you're interested, I'm sure you'll read more about them and other things and participate here and you may end up using them down the line, but please do yourself a favor and don't overwhelm yourself. I see people repeatedly make that mistake and then think that GrapheneOS is difficult to use, when in fact they've just made their lives unnecessarily difficult all on their own.
Related to this, I have 2 of my previous posts to suggest, as they'll shed some light / provide some context on Sandboxed Google Play and user profiles:
https://discuss.grapheneos.org/d/2501-privacy-sacrifice-when-using-google-play-services/5
https://discuss.grapheneos.org/d/168-ideas-for-user-profiles/2
With that out of the way, outside of Play Store, recommending ways to obtain apps gets dicey pretty quickly. F-Droid is not a source I can recommend anymore for the reasons mentioned above and others. Another option is the RSS method. Obtainium is another option that attempts to make the RSS method a bit smoother. Keep in mind that for someone in your position, I don't recommend either of these approaches at this point.
The only alternative app source outside of the Play Store that I would recommend is Accrescent, however it's in very early alpha and only contains a handful of apps at the moment. It's the kind of thing to keep an eye out for, rather than something to use at the moment.
I hope this helps! Feel free to ask any follow-up questions. :)
Thanks for your thorough response, and for the links to other threads! Based on your comments and others, it sounds like sticking with the owner profile is best in the beginning. I do have a few follow-up questions!
The significant increase in security and privacy from GrapheneOS over Stock OS was my main motivation for choosing the former, because it aligns with my goals of reducing my exposure to surveillance capitalism. A question I have is, what are the privacy pros/cons of using sandboxed Google Play on GrapheneOS compared with iOS? I assume that GrapheneOS without Google Play is better than iOS, but it's not clear what are the pros/cons with Google Play, with respect to privacy.
Based on your comment, and those of others, it sounds like the consensus is that F-Droid has security risks. I agree, the RSS alternative will require some time investment to learn. However, my goal is to move to FOSS apps, and I'm willing to learn, and I accept that this will have a learning curve. I hope that things progress to make things both secure and intuitive for older, non-tech people!
I noticed that you didn't include Aurora Store in your list of app sources. Is Aurora Store not recommended? By using it, do I gain any privacy benefits over Play Store? Do I lose any security benefits using Aurora instead of Play?
Thanks for your help!
coffeefun A question I have is, what are the privacy pros/cons of using sandboxed Google Play on GrapheneOS compared with iOS? I assume that GrapheneOS without Google Play is better than iOS, but it's not clear what are the pros/cons with Google Play, with respect to privacy.
I'm afraid that I'm not really an authority on iOS, so it would be very hard to give you an accurate and thorough comparison there. What I will say is that again, with Sandboxed Google Play, you're getting nearly the same app compatibility as Stock OS without really taking a hit in privacy and security.
Google Play Services, Play Store etc. will have the exact same access as all other apps you install, but let's think about what that actually means for you, in broad terms:
- You should assume that apps within the same profile can enumerate each other. Therefore, Google will know which apps you've installed. Of course, the same thing applies to all other apps you'd install.
- Apps that you install which utilize Play Services will communicate with Play Services so that it can provide the functionality they need. The information that Google gets based off that varies greatly, and depends on what the app is willing to give it. For example, Signal can use Play Services for notifications. However, Play Services never see the actual message content of the notification. An important thing to note here is that even if you decide to forego Sandboxed Google Play, a lot of the apps you'd install probably have Google libraries in them that they use regardless, so you might want to keep that in mind if your reasoning for not using Sandboxed Google Play is avoiding Google in its entirety.
coffeefun Based on your comment, and those of others, it sounds like the consensus is that F-Droid has security risks.
Correct. At this point, I only use the F-Droid repository as a discovery tool to find out about new apps. If I actually want to download them, I do it through other means, not through F-Droid.
coffeefun I agree, the RSS alternative will require some time investment to learn.
It is not exceptionally hard to do, but it does add unnecessary complexity that you can easily avoid with a traditional app store.
coffeefun I noticed that you didn't include Aurora Store in your list of app sources. Is Aurora Store not recommended? By using it, do I gain any privacy benefits over Play Store? Do I lose any security benefits using Aurora instead of Play?
The primary reason for not mentioning Aurora Store is because I was recommend a one profile setup with Sandboxed Google Play. With that setup, Aurora Store makes little to no sense, in my opinion, unless you're extremely adamant about not having a Google account of your own (one could be created for the sole purpose of using it with the Play Store).
If you're using Aurora Store while you have Sandboxed Google Play, you won't need a Google account, which is arguably a privacy benefit. That said, you're now using a shared "anonymous" account. Aurora Store can't remove Play Store's account requirement, it just optionally allows you to use their own accounts instead of bringing your own.
The above might sound great at first, but it comes with drawbacks. A shared account means shared settings. It means that someone might have opted into a beta version of an app on that account and you're now downloading an update that may break.
There are also other security issues with Aurora Store that make it hard to recommend, though it is handy.
Quote from https://privsec.dev/posts/android/f-droid-security-issues/ which was linked above:
If you don’t have Play services installed, you can use a third-party Play Store client called Aurora Store. Aurora Store has some issues of its own, and some of them overlap in fact with F-Droid. Aurora Store somehow still requires the legacy storage permission, has yet to implement certificate pinning, has been known to sometimes retrieve wrong versions of apps, and distributed account tokens over cleartext HTTP until fairly recently; not that it matters much since tokens were designed to be shared between users, which is already concerning. I’d recommend against using the shared “anonymous” accounts feature: you should make your own throwaway account with minimal information.
This, coupled with the fact that apps are fully capable of communicating with Google all on their own (take a look at Google Maps - it's fully capable of working without Play Services present), make the benefits of foregoing the Play Store (which is more trusted, provided that you get it from GrapheneOS' Apps app, along with being more secure in general) dubious at best.
I personally still use Aurora Store in profiles where I don't use Sandboxed Google Play or for when I create a new profile to test something and don't necessarily want to login with my Google account, but I do it knowing where it does well and where not.
If you have any more questions, shoot!
coffeefun For Aurora Store, is it correct that I won't receive email notifications?
Whether or not Proton Mail is able to send notifications does not depend on how you download the .apk
; rather, it depends on what back-end service is available to pull down notifications. If Google Services or microG are not installed, Proton Mail will not be able to send notifications.
coffeefun Other than not needing an account to use Aurora Store, does it provide additional privacy benefits over Google Play? What about security?
Google collects a lot of information every time you take an action on the Play Store, such as installing or uninstalling an app. For example:
- System-on-chip name
- Application binary interface
- Number of cores
- GraphicsLibraryES Version
- Available RAM
- Screen class
- Density class
- Screen width
- Screen height
- Device-independent pixel width
- Device-independent pixel height
- Screen refresh rate (for some apps, usually games)
- Android version
- Android SDK
- Device brand
- Device model
- Device Manufacturer (OEM)
- Virtual Machine
- Android ID (supposed to be reserved for “privileged” apps)
- Advertising ID
- Play Referral ID
- Root state (especially for security-oriented and banking apps)
- SafetyNet attestation state (for security-oriented and banking apps)
- Available sensors (including significant_motion, wake_gesture, glance_gesture, and stationary_detect sensors; typically for pedometer utilities, navigation apps, etc.)
- Google Account email (ostensibly for feedback, but take a moment to contemplate the many ways in which this could be abused)
- Approximate location (borough, county, city, state, etc.)
- Country
- Region
- (Preferred) Language
- Installation date and time
- Uninstallation date and time (also used to arbitrate refunds)
If you purchase something from the Play Store, even more information is collected.
Whether or not exposing that information matters is something only you can decide for yourself. The fact that the Aurora store and F-Droid do not collect this data is one of the reasons many folks are drawn to these alternatives.
coffeefun my goal is to move to FOSS apps
The best FOSS apps are in F-Droid. Some of the app versions in F-Droid are explicitly more functional than their Play Store counterparts--for example, have you ever tried running the Play Store version of Termux? It is essentially useless.
Whether or not F-Droid is secure is debatable, but for that matter whether any app store is secure is debatable. Having a phone in the first place isn't secure. In the end, it is up to you to do your research about an app you wish to download and decide for yourself if installing that application is a risk that aligns with your perceived threat model.
coffeefun I noticed that you didn't include Aurora Store in your list of app sources. Is Aurora Store not recommended? By using it, do I gain any privacy benefits over Play Store?
Aurora Store does not collect user data, you can simply download the .apk
you need and be left alone. This is from the Aurora Store GitLab page:
For those concerned with privacy, Aurora Store does not require Google's proprietary framework (spyware?) to operate. It works perfectly fine with or without Google Play Services or MicroG.
Ultimately, it is up to you to decide how you wish to manage your device. I personally only download apps from F-Droid, or Aurora if an app I wish to use is not in F-Droid. To others, these alternative platforms may represent some kind of security compromise.
Any choice will have its own set of benefits or drawbacks, and in the end you will have to choose for yourself what is best.
- Edited
No problem. With Signal if you go into the app info, then go to "app battery usage" and click on "unrestricted", then give app permission to install apps. This should get Signal running properly for you . As for other apks that self update im not sure as I dont use many apps. It really is up to the individual regarding how to install apps. Some on here like sandboxed google play and some dont. The icing on the cake would obviously be a GOS store of apps which may or may not happen in future, but for now im just very grateful that the developer makes this fine OS available to us.
BluishHumility Google collects a lot of information every time you take an action on the Play Store, such as installing or uninstalling an app. For example:
On GrapheneOS, Play Store has the same exact access that all other apps would. Anything that Play Store can see, other apps can too.
Available sensors (including significant_motion, wake_gesture, glance_gesture, and stationary_detect sensors; typically for pedometer utilities, navigation apps, etc.)
It is important to note that you can revoke the sensors permission on GrapheneOS, including for Play Services / Play Store.
BluishHumility The best FOSS apps are in F-Droid. Some of the app versions in F-Droid are explicitly more functional than their Play Store counterparts--for example, have you ever tried running the Play Store version of Termux? It is essentially useless.
This is not (always) on Google. Developers deciding to paywall the full apps on the Play Store, or deciding to omit some feature is their choice, and provided that it doesn't violate the Play Store's policy, they could include it in the Play Store variant just as well.
The reason that Termux is not great when obtained from the Play Store is because Termux themselves have obsoleted it:
https://github.com/termux/termux-app#google-play-store-deprecated
The reason for that is because they no longer meet the requirements to keep being published there. There are issues with the app that they're not able/willing to solve and as a result cannot bump up their targetSdk above 28 (we're currently at 33). That is a security issue, and one of my many gripes with F-Droid. Sure, in this case, F-Droid provides a home for an app that is no longer "allowed" on the Play Store. That said, you should consider whether Play Store's request is unreasonable, and whether obtaining apps from a repository that doesn't check for these things is wise.
BluishHumility Having a phone in the first place isn't secure.
I would argue that our phones are probably among the most secure electronics devices that we own. Unless of course you mean "nothing is ever secure, everything can be compromised, we're all going to die", in which case, fair enough.
- Edited
matchboxbananasynergy Unless of course you mean "nothing is ever secure, everything can be compromised, we're all going to die", in which case, fair enough.
Haha! I meant more that having a phone in any capacity is less secure than not having one...but yes: by extension, this. XP
Again learning from questions & answers by others, periodically I feel like don't want to bother because it, must has been asked before and I try to find the answers. However I can ask it here maybe by keep on topic, coming from IOS with the same goal.
I was have a owner profile, did dowload the apps I needed directly from Github and use RSS reader "Readyou" where I can see in one list if there is an update for any of those apps.
Side of Buritos is a great add-on "info & how to" for anything GrapheneOS related after the original page, this forum, and the Matrix room ofcourse, https://www.youtube.com/watch?v=FFz57zNR_M0
Then now I was confused a couple days ago by some discussions about notifications that need Google, be aware that English isn't the best part of me, so I blame only myself for it. I did (not want..) download the Google stuff that comes with GrapheneOS for thinking it has to for 100% notifications to work. Now I understand an app like Signal not need that, Proton do, but I use Proton without notifications for a more secure feeling in my head when carry my mail with me by every time I need to sign in name + password and log-out after read or send.
Hope you guys (are there realy no girls here?) still with me and can follow it so far and my question is,
How I know, how can I see if a app need Google or can do it by itself like Signal, where to look for?
coffeefun For a follow-up question, I am curious what is the best way to install Protonmail (and their other apps) and keep them updated with the latest versions
Wow, I've read the great discussion that happened in that thread. I think other people already answered many questions and made very good points. I will try to answer your specific question here.
I think the first decision you need to make is if you're going to use Sandboxed Google Play Services or not. This affects not only ProtonMail but all other apps you're going to use.
If you decide to use Sandboxed Play Services, I suggest using Play Store (with a separate Google account created specifically for that purpose) and install all apps from Play Store. Using Play Services, you'll get notifications from ProtonMail when new email arrives. It also means notifications for all other apps will work seamlessly out of the box.
If you decide not to use Sandboxed Play Services, you can download ProtonMail apk directly from their website. I don't know if ProtonMail app can auto-update itself, if anyone knows please let us know. If it doesn't auto-update, you can sign up to RSS feed of their releases https://github.com/ProtonMail/proton-mail-android/releases using your favorite RSS feed reader and you'll be notification when a new version of the app is available, then download the new release and install it.
As I said, my English is poor, but I did leave Reddit to answer the request from GrapheneOS to join this forum or Matrix and stay away from the haters + propaganda against GrapheneOS.
But I never saw on Reddit someone just copy-paste an on already given comment then (translate?) excactly my post like it was that **** to understand (even giving the link) my words. Many people liked Reddit because the feeling be a noob was or is more less. Quess what?
But you right, I did ask for it...
Thank you for this excellent explanation of some differences between Play Store and Aurora Store. My goal is privacy, but I value security more than privacy because I don't think you can have real privacy without security, especially for non-tech people like myself. So, based on that, I will choose Play Store with a sole-purpose account if I need apps from that store.
Most of the apps I already use are available as APK downloads (e.g., Signal, Protonmail, Standard Notes), and I would prefer to switch to other FOSS apps for things like weather and maps. So, for most of my usage, I don't actually need Play Store (I can forgo notifications). If I really wanted to avoid Google, it sounds like using RSS for APKs offers more privacy than Play Store while having an equal level of security. Is that correct?
A wrinkle in all this seems to be my attachment to Spotify. I have searched, and it seems like it is only available through the Play Store, not direct APK download. If that is correct, and I want to keep my owner profile FOSS-only with no Google Play, would I be able to create a "Music" profile to install Google Play and Spotify, and continue to stream music from the Music profile while using my owner profile? And, perhaps more importantly, does this strategy provide real benefit from a privacy perspective? And, does running two profiles impact battery life?
Thanks for your help! The dialogue in this community is very constructive!
Thanks for helping me clarify the pros and cons of using Google Play on GrapheneOS! With respect to the RSS method for downloading APKs from GitHub, I have read (or maybe seen videos, I can't recall) that it's important to check the security code of each version. This is the part that is confusing for me. I don't plan to use many apps, and the ones I do use, I dare say, are fairly "mainstream" like Signal, Protonmail, Standard Notes, Bitwarden, and so on. For these "mainstream" APKs, is it still a recommended practice to be checking these key signatures? Apologies if that isn't the correct term, I'm still learning about this approach. Thanks for your help!
coffeefun
Hey coffeefun
First of all I believe that all the apps you have listed so far will work fine (not notifications on Protonmail) without Sandboxed Google Play installed. (I believe Spotify works without it but someone needs to test it out)
If you get the app from a reputable source the first time i.e Official Website, Playstore, Github release page etc Android will automatically verify each updare for you without you having to check. It uses a TOFU (Trust On First Use) model.
A lot of the things mentioned in this discussion can quickly lead you down a rabbit hole. I would say to just install GrapheneOS and use one profile without Google Play installed.
- Get Signal apk from their website
- Get Protonmail apk from their website
- Get Spotify from Aurora Store OR use Google Play to get it
- Use Aurora or Google Play to keep your apps up to date
If you have anymore questions or follow up questions let us know!