Toasty sandboxed Google Play on the other hand is basically a GrapheneOS tech/software that basically attempts to isolate google play - not the software you installed from it - from the rest of the system.

Just to clarify that the compatibility layer for sandboxed Play Services DOES isolate Play Services as regular user apps within the standard app sandbox.

Personally I'd disagree with Pociwo.

Pociwo It's irrelevant if app is on F-Froid or Play Store if it's FOSS. Play Store is more secure tho. F-Droid only seems to care about apps being FOSS but they don't seem to care about security.

That's actually untrue.
F-Droid provides an exact source code archive for the compiled binaries, so you know exactly what is in them. From google store on the other hand, it may be fundamentally an open source program, and they may even link to a source code repository, but you don't have any way of knowing exactly what was used to build it, you can't tell what revision was built, and you can't tell if they slipped in some dangerous extras.

Google does NOT audit the security of applications it hosts, could be absolutely anything going on. You have no way to know.

    Pociwo I would suggest you to avoid F-Droid. You have other better options:
    Play Store
    Aurora Store
    Obtaining apps directly from developer from github/gitlab or their site

    Those are dangerous options. Even with gitlab/github "releases", the author can still stick in something secret. F-Droid is the only option where you can find the exact code that it was built from.

      5 months later
      • [deleted]

      • Edited

      Toasty Google play on the other hand, you cannot read the code and therefore you don't actually know if the applications do something hidden without you knowing.

      Open-source apps can be available on both Play store and F-Droid, but The difference is that Play store allows closed-source apps too.

      • [deleted]

      abcZ Even with gitlab/github "releases", the author can still stick in something secret.

      If you can't trust an (open-source) app's developer, First exmaine its whole source code, and then compile the app yourself.

      • [deleted]

      abcZ F-Droid provides an exact source code archive for the compiled binaries, so you know exactly what is in them.

      Do you mean 'Build metdata'?

      • [deleted]

      I, for the most part rely on apps downloaded directly from Github and keep an eye on them with ReadYou (SideOfBurritos video). Although there are a couple of apps i used Aurora Store for. Now to be able to update them, I am forced to log in with my Google account since anonymous login seems to be completely broken. I am wondering where are all those who need some proprietary app replacements get their apps from. Are they throwing themselves at apkmirror, apkpure and similar or shamelessly login into their sandboxed Google Play Store while before they were abstaining from it. "Whatever gets the job done while trying to keep a straight face." I saw people saying they are still able to update their apps through Aurora, but that doesn't work for me (can't anonymously sing in at all).

        • [deleted]

        • Edited

        Eirikr70 they haven't fixed anything apart from adding a few more accounts which got blocked real quick. Well, I'm gonna have to find a solution that is tailored to my needs. And Google is not in that equation.

          [deleted] Re: Aurora Store, you likely have to keep trying different accounts till it lets you in. It's a hassle, but for people who insist on using Aurora Store still, it can work.

          Once you're in, you're likely going to experience issues with search, which you can mitigate by going to Aurora Store's settings, and toggling the setting under "Advanced". Then, when you search, it opens up a WebView, you find the app, and then press a button up top to open the app in Aurora Store to download it.

          It's not ideal at all, but for people that don't want to use the Play Store, it's likely still the best way to get Play Store apps.

            • [deleted]

            [deleted] I used Obtainium early on in my GOS experience, certain apps were reporting conflicting versions. With ReadYou I have a better albeit manual control of things.

            • [deleted]

            matchboxbananasynergy Things seem to work today that weren't yesterday. Sorry to bother. Thanks for prompting me to try again.