Default Camera VS GCam / BSG Mod GCam

JB11

So months ago when I was testing the default camera on Graphene I noticed the audio bitrate is low _100kbps.

So I decided to visit apk pure and probably apk mirror to get the official Gcam (google's official camera) and no matter how many different APK versions I tried, the camera would crash, I then (here we go haha) asked AI what's going on and I don't recall the whole conversation but AI sent me in the direction of BSG and that worked, no crashing, since I'm admittedly unsure who or what BSG is, I scanned the APK for viruses and I don't recall there being any, so I use the app and I cut network access from it in case there's logging or whatever. The "official" Gcam app has audio bitrate of _190kbps.

A minute ago I tested 2 videos I took to see if I could audibly tell a difference and I can't from just 2 samples.

Is there really any substantial difference between the 2 camera apps, does anyone know?

Thanks

horde

why don't you install it from Play Store? it is called Pixel Camera there.

JB11

horde I didn't get a notification on the website so any way, part of my reason for using Graphene is to get away from google and thus I don't use the Play store. I'll look for Pixel Camera though, so thanks for that. :) I use websites like APK Pure and APK Mirror to get apps commonly found on the Play store and Github/F-Droid for virtually everything else.

NoahRaketic

JB11 I use websites like APK Pure and APK Mirror to get apps commonly found on the Play store

Wouldn't recommend that approach, but if you must do it this way you should at least verify your apps with AppVerifier if you aren't already.

JB11

NoahRaketic What approach would you recommend?

NoahRaketic

JB11 I would recommend using the official Play Store, which will be a lot more secure. But as mentioned, if you can't accept that and feel the need to install Play Store apps from third-party sources, AppVerifier will make that approach less bad.

JB11

NoahRaketic I see. Well for starters I don't have APK Pure / Mirror installed on my phone, I download the apps from the websites and then I scan them for viruses and thus far none have come up malicious.

What I don't get and perhaps you can weigh in, why it is that Play store is recommended on a custom operating system that is supposed to be able to run without the Play store. I get that there's a common misconception about Graphene that it's meant to be entirely about "privacy" but that doesn't explain using the Play store.

NoahRaketic

JB11 Well for starters I don't have APK Pure / Mirror installed on my phone, I download the apps from the websites and then I scan them for viruses and thus far none have come up malicious.

Virus scanning does not matter. You must verify the certificate hash to make sure your app is not tampered with.

JB11 why it is that Play store is recommended

It's the most secure app store behind the GrapheneOS App Store and Accrescent. It properly verifies app signatures to make sure that it was the original build and not tampered at any point, supports seemless, automatic updates, and does not require the user to manually verify certificate hashes to be secure (which introduces the chance for user error; most people cannot do this correctly).

JB11 I get that there's a common misconception about Graphene that it's meant to be entirely about "privacy" but that doesn't explain using the Play store.

It absolutely is about privacy. The Play Store and Play Services are sandboxed when installed on GrapheneOS, so they can only do what any other app can. You don't magically lose all your privacy. Much of what Play Services can collect will be sent to Google anyway if you use apps that include Google libraries.

If you don't want to send any data to Google, you'll want to avoid altogether Google apps as well as apps that include Google libraries (which can include FOSS apps), rather than getting such apps via a third-party APK distributor.

JB11

NoahRaketic I have so many questions and not sure how to form them.

How does virus scanning not matter?

If I sign into the Play store that means google knows I signed in. I guess my most critical confusion is if I don't explicitly give the Play store access to my storage, how do apps get installed? I suppose they too are sandboxed?

I have learned on my own that I can set up storage scopes and only allow certain apps access to certain folders in my storage. Does that go for the Play store also?

I'm starting to get why some people set up multiple profiles although that seems very meticulous.

Novalissoide

JB11 some people set up multiple profiles

I highly recommend starting out with just Owner. This is both safe and private, and you could expand when it all becomes clearer with some usage.

I'm just another user, not affiliated to GrapheneOS.

W1zardK1ng

JB11 The best option is to get it from playstore but if you dont want to do that, the second best is to get it using Aurora store its having some issues but not as bad as getting it from some website, the apps are obtained from Google Play.

NoahRaketic

JB11 How does virus scanning not matter?

You're enumerating badness, trying to see if anything harmful is in it. It's very likely that any malware will not be detected. However, if you verify the certificate hash, you know with certainty the app came from the original developer and was not tampered.

JB11 I guess my most critical confusion is if I don't explicitly give the Play store access to my storage, how do apps get installed?

It doesn't need access to storage. Android has an app installation API and handles it all for you. Sandboxed Google Play justs gives the app to Android, and Android installs it. It's very different from how it works on desktop OSes, which is probably the context you're coming from.

JB11 I suppose they too are sandboxed?

Every app on Android is sandboxed.

JB11 I have learned on my own that I can set up storage scopes and only allow certain apps access to certain folders in my storage. Does that go for the Play store also?

The Play Store shouldn't need any access to files.

JB11 I'm starting to get why some people set up multiple profiles although that seems very meticulous.

There isn't anything wrong with just putting Play Services in the owner profile. It's what I and many others do. Sandboxed Google Play doesn't have any invasive access to your system except for what any other app can do. It can only communicate with other apps that mutually consent to, so any privacy-respecting apps that already don't communicate with Google are completely unaffected.

JB11

W1zardK1ng I presume come September stores like Aurora may not be available...?

JB11

NoahRaketic Well you have been very insightful, I'll give you that.

As for sandboxing, it occurred to me after sending my message that I forgot that every app is sandboxed while on iOS apps run natively, all this according to the web (no not AI haha, I looked this up before the AI boom).

So I installed AppVerifier with Accrescent, as you mentioned, and I found that some of my apps are verified, many aren't and 2 that are red flagged likely because I used ReVanced to patch them.

For whatever it's worth, as at this point I'm not sure, I use virus total to scan apps, which doesn't just use a single anti virus, it uses several.

Finally, my concern signing into Google is that it'll annoy me about using my phone number, I get that since it's a sandboxed app I could just uninstall it but that also doesn't solve the root problem. I get that google probably already "detects" my SIM and phone but I mean officially adding my phone number to my google account, the association.

NoahRaketic

JB11 I forgot that every app is sandboxed while on iOS apps run natively

I'm not sure where you're getting this from precisely; iOS apps are sandboxed as well as on Android.

JB11 2 that are red flagged likely because I used ReVanced to patch them

Yes, that would be expected.

JB11 For whatever it's worth, as at this point I'm not sure, I use virus total to scan apps, which doesn't just use a single anti virus, it uses several.

That'll be better than an individual virus scanner, but it still has the inherent problems in trying to 'find' malware in an app.

JB11 Finally, my concern signing into Google is that it'll annoy me about using my phone number, I get that since it's a sandboxed app I could just uninstall it but that also doesn't solve the root problem.

People have been able to create anonymous accounts for Google Play without being prompted with a phone number requirement. It usually involves:

Going to a place with Public WiFi
Disabling any active VPN
Ensuring that Play Services has sensors permission
Creating the account within the Play Store app
Setting up 2-Factor Authentication immediately after the account is created

I may have missed something; I haven't gone this route, personally.

JB11 I get that google probably already "detects" my SIM and phone

I'm not completely sure what this means. Play Services can only access whatever it would be possible for any app to within the permissions you give it. There is a special permission (which has to be manually granted) that lets Play Services access cellular hardware identifiers for RCS compatibility on some carriers. That's the closest thing I can think of to what you're describing, but that's still a permission that has to be manually granted.

nologo

JB11 there is no reason for that assumption. Sideloading apps will still be possible on a non-Google-certified OS like GOS.

JB11

NoahRaketic

Per iOS and android apps > I couldn't give you a source without looking hard. It was around 2020. I did a quick search just now and no links stood out.

Per google and wanting phone number > I have a personal account, and I'm not really seeking to use an anonymous one. My point is occasionally if I sign in somewhere "unknown" to google, it'll trip security and ask me to provide my number or skip it, but since I have been going without google play for over 6 months I tried signing in on my laptop about a week ago and google locked me out. Which makes me wonder if it'll lock me out of the play store if I try to log in with my phone. Haha, that's it.

m3ivu

NoahRaketic

I may have missed something; I haven't gone this route, personally.

What route did you go instead?

JB11

nologo To be clear, the Certified moniker is meant for retail phones, yes?

NoahRaketic

JB11 Which makes me wonder if it'll lock me out of the play store if I try to log in with my phone. Haha, that's it.

I don't see any reason why that would happen

blissartt

Use aurora store and then AppVerifier.
I used that method to install the Pixel Camera and Photos App (both without internet connection) and it worked flawlessly.

They are also verified, so no shady apk.

NoahRaketic

m3ivu I use my personal account under my real name.