Why are app verions in the Aurora store lagging behind official Play Store apps?

decadentist

Hi!

I'm using Aurora Store to download apps which I can only get via the Google Play Store. At first I was using it in anonymous mode, but sometimes i just couldn't find some apps. So I changed my mind and logged in with my throwaway google account just to be able to use an alternative Google Play Store Frontend. So I can find all apps now.

But now I realise a new problem. If Aurora Store doesn't cache the APKs on their servers (they just reroute the APK download request to the official Google Play Store Server - with credentials), then I should get the same exact app version like in the Play Store.

But I keep looking for updates for e.g. MS Authenticator in the Aurora Store. The installed version is 2 weeks old. There was a new release which is available on Google Play Store, but not in Aurora. Why? What are they doing? Do they need to update some metadata, run the exodus checks or something?

Aurora Store is always like 2 days to 2 weeks behind on the latest app versions. Why? And.... what can I do other then using the official Google Play Store and sign in. I'm using my phone with Play Services installed but I'm not logged in into a google account.

Thanks for the help.

Grapi

decadentist

Google Play distributes different app versions depending on region, and developers can also roll out updates to specific countries or to limited test tracks. Because Aurora Store connects to Google Play using randomized session data, it may appear as if you’re accessing the store from different regions. As a result, you might see different app variants or availability lists each time.

Kamika242

Grapi

Additionally in Aurora you always have a whole apk, in the Playstore developers can update single parts of their apps (for bugfixing etc.), thats why an update via Playstore sometimes has only 25MB, while the main apk actually has 288MB.

Hope I'm right with that, that is what I've been watching.

decadentist

Grapi but I always thought thats only the case when you use anon sessions, but aurora is logging into google play store with my google account credentials.

The destination/IP doesn't change. I should get the offered the same APK in both app stores.

Regarding the Sub APK updates... that could be true, however I have some apps which sometimes need 300MB to download and other times it only needs 15MB. So I think Aurora can handle that already.

gristle-cause

This is more or less the main technical argument against Aurora, you cannot rely on the latest apk for your device. Sandboxed Play does not suffer from this same issue

decadentist

gristle-cause yes but then google can pin my acctivities on the net to an account name.

right now they can only pin my acctivities to my device.

also less metadata is created when not signed in into google.

Johnnyloans

gristle-cause Sandboxed Play does not suffer from this same issue

Some updates I get later than others on the play store as @Grapi mentioned.

I'll open the app's details page in the play store on my phone and desktop and the phone claims I am up to date. Meanwhile the PC webpage has the developer's new release notes front and center.

gristle-cause

decadentist less metadata is created when not signed in into google

decadentist aurora is logging into google play store with my google account credentials

I do not understand your setup or threat model

schklom

decadentist Using a blank new account for Play Store would solve your problems, no?

decadentist

My threat model is to be able to use apps while sharing the least amount of information.

google maps when beeing signed in lets you do more stuff e.g. mark places as favorites or remeber your search history. when you are not signed in tho it only remembers the last 3 places or something like that. a little tedious at times - I agree - but imho worth it.

thats why i have play services installed, using google apps but I'm not logged into with my google account only in aurora (to get my google apps)

Maybe my strategy is flawed - google could create pseudo accounts without an account, which would be made up of my IP addres, hardware ID, user agent and location.

de0u

decadentist My threat model is to be able to use apps while sharing the least amount of information.

I think many people share that goal, but I'm not sure that matches the security/privacy-professional use of "threat model", which I think is: which information one wishes to keep confidential/intact, from whom (at what cost). For example, using a VPN shifts who learns about one's browsing patterns: instead of one's ISP knowing, one's VPN service does. But using a VPN does not change the amount of information being shared.

Some apps are designed to harvest data. Providing those apps with data will result in harvesting. OsmAnd lacks many features that Google Maps has, but OsmAnd was designed to harvest much less information (which can be set to zero).

decadentist Maybe my strategy is flawed - google could create pseudo accounts without an account, which would be made up of my IP [address], hardware ID, user agent and location.

I think there is a lot of history suggesting that organizations intent on tracking people do invest effort on tracking people -- as just one example, font fingerprinting. Thus providing data-harvesting apps with data while trying to reduce sharing data with the owners of those apps faces a fundamental conflict.