• General

  • Google play store versus aurora/fdroid

I’ve seen past discussions about this but wanted people’s current opinions. I’ve heard some privacy advocates recommend to not use google play store for apps on GrapheneOS, while others tell you to avoid aurora store and fdroid because of delays in updates. So I’m curious what people do?

I’ve currently been establishing pseudo-anonymous google accounts. (See below on how.) Having done so, given the set up with GrapheneOS, I don’t see how this would be a privacy issue, since they don’t really know who I am, my location, or my IP address. What are people’s thoughts?

Google account set up:
I install a vpn on GrapheneOS via an apk file. I then install the google play store, pick a random name, and date of birth, and skip the request for a phone number. So now I have a unique google account that is not tied to me personally, will never have my location, nor will have my IP address since I will always use a vpn.

    Seeing as you have a Google account made specifically for this purpose, and especially if you're going to be using Sandboxed Google Play for app compatibility with apps that require it, I don't see the point in not using Play Store, given that it would already have to be installed either way.

      Aurora is just a mirror of gplay, so availability of updates will be no different.
      F-Droid updates are based on applicable tags being made on the software's source repository. Many applications on F-Droid are updated almost daily, including things like Fairemail -- every time I look, there's an update for it.

      I won't enter into the debate regarding the privacy and security pro's and con's of each service, but will say there several developers offer "pro" or paid versions of their apps for free on F-Droid, vs downloading them on Aurora or the Play Store.
      A couple examples are Simple Gallery Pro. and Simple Calendar Pro.

      The opposite is true for other apps, like Fairmail. On their F-Droid page it's listed "OAuth was not approved by Google, etc for the F-Droid build. For this you'll need to use the Play store version or the GitHub release."

        • [deleted]

        • Post #6
        • Edited

        Bootlace1170 I would say that this line of thought is correct if you won't go any further. But then you will go on and download apps and give them further info. For example be it your contact list, another service/application user ID, share the same connection with another of your "real life" devices (don't tell me you don't have any), same location if you gave permission to any apps that use network and I am sure I can't think of all possibilities but it all can help Google to establish the link between your current and any other previous identities you had. Just thinking out loud.

          I use Aurora, Droid-ify and APKs because I refuse to put any of the Google stuff on my device. Simple as that. I realize there are risks, and I do my best to only use well-vetted applications. Hopefully this area of GOS will mature to having an obvious best solution.

          Max-Zorin The opposite is true for other apps, like Fairmail. On their F-Droid page it's listed "OAuth was not approved by Google, etc for the F-Droid build. For this you'll need to use the Play store version or the GitHub release."

          There's no reason to be using OAuth, gmail can work just fine using IMAP with an application specific password.

          And this has less to do with the "paid" elements of fairemail than with the open-source-only policy of F-Droid. Note that fairemail is an open source application, so there isn't much security on the paid features activation. A few minutes grepping the source code and its pretty easy to bypass.

            The solution is app developers using their own push implementation/another push implementation service.
            Check out Accrescent as the future of app stores.

              nrt That is a different and unrelated topic. IMAP already delivers messages by sub/push.

              • nrt replied to this.

                  I am new to Graphene OS and I have not choosen yet wich way to go.
                  I am coming from an android.

                  Lets say I am fine with google knowing my identity and that I use graphene OS.

                  But I just dont want them to bulk-collect every single thing I do.
                  i.e, I dont want them to listen to my mic all the time, I dont want them to know my location every single time and day.

                  I should mention I do not use social medias what so ever, nothing at all.

                  The only thing I use my phone for is basically:
                  Banking, texting (signal), calling, streaming.
                  Thats it.

                  I have come to the conclusion that I will leave my main profile untouched.
                  I will create a separate profile for Sandboxed Google play.
                  Edit: Also create a new google account.

                  What do you think about that ?

                  My treathmodel is low, I just want to not be watched all the time.

                    • [deleted]

                    • Post #15
                    • Edited

                    @ottosboy Use web version for banking (if you can log in comfortably), NewPipe as Youtube alternative, Signal from here: https://signal.org/android/apk/ or Molly from Accrescent app. I use Proton for VPN (premium), free doesn't provide secure core but does WireGuard. Avoid Google or Google alternatives (Aurora, gut feeling)

                    Bootlace1170 Use Fdroid first, then Aurora. Never use play store unless you need to purchase something...and never loginto the aurora store with your google account, ever

                      ottosboy most, if not all vpn apps have wireguard functionality built in, you should rarely need to install the official wireguard app

                        • [deleted]

                        • Post #18

                        ottosboy
                        Your set up seems very reasonable to me.
                        If you are fine with Google knowing your identity, as you are writing, I would even stick with using only one profile with sandboxed Google play and use the phone as it is. It would be very fine experience, without switching between profiles etc.
                        Good luck.

                          ottosboy I will create a separate profile for Sandboxed Google play.
                          Edit: Also create a new google account.

                          You sure that you even need those? Your list of what you use the phone for suggests that they're probably irrelevant.