coffeefun For Aurora Store, is it correct that I won't receive email notifications?
Whether or not Proton Mail is able to send notifications does not depend on how you download the .apk
; rather, it depends on what back-end service is available to pull down notifications. If Google Services or microG are not installed, Proton Mail will not be able to send notifications.
coffeefun Other than not needing an account to use Aurora Store, does it provide additional privacy benefits over Google Play? What about security?
Google collects a lot of information every time you take an action on the Play Store, such as installing or uninstalling an app. For example:
- System-on-chip name
- Application binary interface
- Number of cores
- GraphicsLibraryES Version
- Available RAM
- Screen class
- Density class
- Screen width
- Screen height
- Device-independent pixel width
- Device-independent pixel height
- Screen refresh rate (for some apps, usually games)
- Android version
- Android SDK
- Device brand
- Device model
- Device Manufacturer (OEM)
- Virtual Machine
- Android ID (supposed to be reserved for “privileged” apps)
- Advertising ID
- Play Referral ID
- Root state (especially for security-oriented and banking apps)
- SafetyNet attestation state (for security-oriented and banking apps)
- Available sensors (including significant_motion, wake_gesture, glance_gesture, and stationary_detect sensors; typically for pedometer utilities, navigation apps, etc.)
- Google Account email (ostensibly for feedback, but take a moment to contemplate the many ways in which this could be abused)
- Approximate location (borough, county, city, state, etc.)
- Country
- Region
- (Preferred) Language
- Installation date and time
- Uninstallation date and time (also used to arbitrate refunds)
If you purchase something from the Play Store, even more information is collected.
Whether or not exposing that information matters is something only you can decide for yourself. The fact that the Aurora store and F-Droid do not collect this data is one of the reasons many folks are drawn to these alternatives.
coffeefun my goal is to move to FOSS apps
The best FOSS apps are in F-Droid. Some of the app versions in F-Droid are explicitly more functional than their Play Store counterparts--for example, have you ever tried running the Play Store version of Termux? It is essentially useless.
Whether or not F-Droid is secure is debatable, but for that matter whether any app store is secure is debatable. Having a phone in the first place isn't secure. In the end, it is up to you to do your research about an app you wish to download and decide for yourself if installing that application is a risk that aligns with your perceived threat model.
coffeefun I noticed that you didn't include Aurora Store in your list of app sources. Is Aurora Store not recommended? By using it, do I gain any privacy benefits over Play Store?
Aurora Store does not collect user data, you can simply download the .apk
you need and be left alone. This is from the Aurora Store GitLab page:
For those concerned with privacy, Aurora Store does not require Google's proprietary framework (spyware?) to operate. It works perfectly fine with or without Google Play Services or MicroG.
Ultimately, it is up to you to decide how you wish to manage your device. I personally only download apps from F-Droid, or Aurora if an app I wish to use is not in F-Droid. To others, these alternative platforms may represent some kind of security compromise.
Any choice will have its own set of benefits or drawbacks, and in the end you will have to choose for yourself what is best.