I read an article that said that a sandboxed google play is better than f-droid, but there was too much jargon for me to understand.

Could you please explain it simply so that even a child can understand it?

    With gplay, you have to trust the application developer to not include nasty scary surprises. With F-Droid everything is open source, and built and signed by F-Droid, including a source archive that is an exact match for what was built, this means that you have the ability to audit the exact built application's source code.

    grapheneosbeginner Basically, everything on f-droid is opensource - meaning that you can read all the code for any application on it.
    They are two separate different things.
    Google play on the other hand, you cannot read the code and therefore you don't actually know if the applications do something hidden without you knowing.
    sandboxed Google Play on the other hand is basically a GrapheneOS tech/software that basically attempts to isolate google play - not the software you installed from it - from the rest of the system.
    On normal Android Google Play - and related software like Google Play Services - have extreme high permission (they can view all your photos, your contacts etc.) and sandboxed GP is the solution GrapheneOS presents aiming to isolate and thus not allowing GP to see those things while being still working

    These are my understandings correct me if im wrong

        Toasty It's irrelevant if app is on F-Froid or Play Store if it's FOSS. Play Store is more secure tho. F-Droid only seems to care about apps being FOSS but they don't seem to care about security.

        • abcZ replied to this.

            grapheneosbeginner I would suggest you to avoid F-Droid. You have other better options:

            1. Play Store
            2. Aurora Store
            3. Obtaining apps directly from developer from github/gitlab or their site
            • abcZ replied to this.

                I'm not sure if @grapheneosbeginner 's question was about the difference between open and closed source apps, but rather about the two "stores". I'm also wondering if OP's question is about the link @BluishHumility posted.

                @grapheneosbeginner maybe this video (https://www.youtube.com/watch?v=lAbgeJau3eE) will clarify things. It's about the article that was linked earlier. This YouTuber's videos are frequently shared here on the forum and on the GrapheneOS's Matrix. You can check out some of their other videos if you're curious.

                Toasty sandboxed Google Play on the other hand is basically a GrapheneOS tech/software that basically attempts to isolate google play - not the software you installed from it - from the rest of the system.

                Just to clarify that the compatibility layer for sandboxed Play Services DOES isolate Play Services as regular user apps within the standard app sandbox.

                  Personally I'd disagree with Pociwo.

                  Pociwo It's irrelevant if app is on F-Froid or Play Store if it's FOSS. Play Store is more secure tho. F-Droid only seems to care about apps being FOSS but they don't seem to care about security.

                  That's actually untrue.
                  F-Droid provides an exact source code archive for the compiled binaries, so you know exactly what is in them. From google store on the other hand, it may be fundamentally an open source program, and they may even link to a source code repository, but you don't have any way of knowing exactly what was used to build it, you can't tell what revision was built, and you can't tell if they slipped in some dangerous extras.

                  Google does NOT audit the security of applications it hosts, could be absolutely anything going on. You have no way to know.

                      Pociwo I would suggest you to avoid F-Droid. You have other better options:
                      Play Store
                      Aurora Store
                      Obtaining apps directly from developer from github/gitlab or their site

                      Those are dangerous options. Even with gitlab/github "releases", the author can still stick in something secret. F-Droid is the only option where you can find the exact code that it was built from.

                          5 months later

                          • [deleted]

                          • Post #13
                          • Edited

                          Toasty Google play on the other hand, you cannot read the code and therefore you don't actually know if the applications do something hidden without you knowing.

                          Open-source apps can be available on both Play store and F-Droid, but The difference is that Play store allows closed-source apps too.

                            • [deleted]

                            • Post #14

                            abcZ Even with gitlab/github "releases", the author can still stick in something secret.

                            If you can't trust an (open-source) app's developer, First exmaine its whole source code, and then compile the app yourself.

                              • [deleted]

                              • Post #15

                              abcZ F-Droid provides an exact source code archive for the compiled binaries, so you know exactly what is in them.

                              Do you mean 'Build metdata'?

                                • [deleted]

                                • Post #16

                                I, for the most part rely on apps downloaded directly from Github and keep an eye on them with ReadYou (SideOfBurritos video). Although there are a couple of apps i used Aurora Store for. Now to be able to update them, I am forced to log in with my Google account since anonymous login seems to be completely broken. I am wondering where are all those who need some proprietary app replacements get their apps from. Are they throwing themselves at apkmirror, apkpure and similar or shamelessly login into their sandboxed Google Play Store while before they were abstaining from it. "Whatever gets the job done while trying to keep a straight face." I saw people saying they are still able to update their apps through Aurora, but that doesn't work for me (can't anonymously sing in at all).

                                  • [deleted]

                                  • Post #18
                                  • Edited

                                  Eirikr70 they haven't fixed anything apart from adding a few more accounts which got blocked real quick. Well, I'm gonna have to find a solution that is tailored to my needs. And Google is not in that equation.

                                      [deleted] Re: Aurora Store, you likely have to keep trying different accounts till it lets you in. It's a hassle, but for people who insist on using Aurora Store still, it can work.

                                      Once you're in, you're likely going to experience issues with search, which you can mitigate by going to Aurora Store's settings, and toggling the setting under "Advanced". Then, when you search, it opens up a WebView, you find the app, and then press a button up top to open the app in Aurora Store to download it.

                                      It's not ideal at all, but for people that don't want to use the Play Store, it's likely still the best way to get Play Store apps.