Grkrz don't know about this one yet. I'll have a look, thank you!

  • [deleted]

Prrprr2 Sandboxed Play is implied here.

Prrprr2 Sanboxed Play Store with anonymous Google account would be the best. Then the are options like Aurora Store and getting .apk files from developers or github.

As of now F-Droid should be avoided.

    • [deleted]

    • Edited

    Piwepil I after much deliberation I have decided to not give a chance to even sandboxed Google run on my device, the few apps I am using are straight from developers websites or F-Droid . That in itself still can not protect me against my browsing habits and use of inherently insecure services (sms, phone, unencrypted email to name a few), incorrect use of certain system toggles etc. I am generally trying to reduce my digital footprint and I am trying to stay sane in the world where user data monitoring is getting worse by the day. Only thing I can do is watch and learn.

    • [deleted]

    abcZ I believe it's a resource maintained by one of the community moderators so I just deferred to it as a common wisdom since I'm not an Android developer myself. Daniel seems to think similarly if one doesn't want to defer to the advice of some blog.

      Some people have started downloading apps directly from Github in a web browser, using an RSS feed to find updates. This avoids many of the pitfalls of both Fdroid and Play Store but is also very cumbersome.

        • [deleted]

        • Edited

        roddyd It's cumbersome for one and it's only works with developers that choose to a) publish their APKs at all (eg. developers of Wireguard don't) and b) somewhere with an RSS feed. But nevertheless, it's a nice approach if you only require a handful of apps.

        Personally, F-Droid is always my first choice. If an app I want to install is not available in F-Droid I will get it from the Aurora store. I do not use the Google Play store for anything.

        Depending on your thread model, F-Droid's security shortcomings may be relevant. That is something you will have to determine for yourself. https://privsec.dev/posts/android/f-droid-security-issues/

        As was pointed out, this topic has been all but beaten to death here in this forum and elsewhere online. As you can see in this thread, even within the community there are a variety of differing viewpoints; the best you can do is research the topic for yourself and decide on your own how you would like to handle package management.

        [deleted] Daniel seems to think similarly if one doesn't want to defer to the advice of some blog.

        It's still the opinions of one side. Just because someone chooses GrapheneOS, doesn't mean they must agree with Daniel on every security related opinion.
        Right now there is a pissing match and extensive drama on this topic. This happens quite frequently with devs in this space. Frankly, the drama/accusations/insults/arrogance is the biggest reason I hesitated with GrapheneOS. But I am glad I ignored all that, because I do really enjoy the OS so far.

          • [deleted]

          Graphite

          It's still the opinions of one side. Just because someone chooses GrapheneOS, doesn't mean they must agree with Daniel on every security related opinion.

          No, it doesn't. It does however seem that this particular OP would be served quite well to just defer to what the lead developer thinks, much like myself frankly. I'm not taking sides here.

          drama/accusations/insults/arrogance is the biggest reason I hesitated with GrapheneOS. But I am glad I ignored all that, because I do really enjoy the OS so far.

          My exact experience too.

          Thank you all for the answers.
          To be honest it has become more confusing, but that makes sense since everyone has their own opinion and preference.

          I have also read some things about a custom F-droid repo like IzzyOnDroid or Newpipe, what is your opinion about this? I too personally want to leave as little digital imprint as possible within this mass surveillance era.

          Maybe we can make a specific order and see if we can agree with each other. For instance:

          1. Source (github)
          2. Custom F-droid repo
          3. Main F-droid repo
          4. Aurora
          5. Sandboxed playstore

          @abcZ @[deleted] @Graphite @BluishHumility @Piwepil @Grkrz @SgtApple @robalob

            Prrprr2

            1. Sandboxed Play Store
            2. Aurora Store
            3. Source
            4. Custom F-Droid repo
            5. Main F-Droid repo

            You don't have privacy without security. That's why F-Droid is dead last.

            abcZ how can I find out myself how to built an app from the source?

              wivode Anyone can start learning to read code and begin some basic checks themselves. Naturally, your ability to do so will improve with experience.

                Prrprr2 Start by installing "Android Studio" on some computer. Learn the basics of GIT. Download a repository, open with studio, hit the build button.

                wivode ahh ok thanks! Why is that most people are opposed to Google playstore while you placed it on #1 & 2?

                  abcZ
                  I don't think that OP's threat model is that high. If it is then GrapheneOS can be built from source too and signed with his own keys.