I want to redo my GrapheneOS setup. I think the main issue with extensive real-world use scenarios is how to install and update your apps. Personally, I strive for a maximum of security, privacy and comfort. In this particular order. I know it is asked a lot ;)
I spend a good amount of time in this forum to understand the pro’s and con’s of all the different methods of app acquisition out there. While I think, getting the apk’s directly - build and signed by the developers - via github or their personal repos and verifying the signature on the first install is the most private and secure option, it lacks a lot of comfort – and if you are a bit lazy, like me, also lacks some security in the sense of not getting the updates automatically. I know there is Obtanium, which comes in pretty handy, but unfortunately also lacks an auto-update feature and does not make sense for apps which only release their apps directly through F-Droid official repo or play store.
The alternative is to use the Sandboxed Google Play Services + Store. While this option provides a good amount of security and comfort, it is not as private as some people would like. Sure, you can use a fake account but as discussed many times in this forum, other apps, especially the proprietary apps could communicate with Play Services, even if you deny them network access and link their data to your IP and profile. Unfortunately there is no option to use the Playstore without PlayServices, so right now I see two promising options to minimize the privacy problem and enjoy the security and comfort of getting apps through play store.
Deny network access to Play Services – You will lose FCM (push notifications), as far as I understand even for services with alternate implementation like websocket (Signal, Tutanota, etc..), because they see that PlayServices are installed. Is that correct? Or will these apps try to communicate with FCM, and if it fails the first time, they will switch to websocket?
I think this could be a pretty sweet solution: Installing Sandboxed Google Play in the owner profile, installing apps there, creating another user profile and share the apps from the owner profile via the “install available apps” option. I could update the apps through the owner profile and use them in the second user profile, since the apps are installed system-wide and can be made accessible to different users (isolating all the data and communication)
In essence, this would enable us to install and update apps through a fake account, or if you want even through an account with billing information, if you need some paid apps via play store, but to use them in a profile where no play-services/google apps are present whatsoever. This would have the following effects:
- apps cannot see or communicate with Google Apps when used from the second user profile (which I would at this point use as my standard everyday-use profile)
- apps with an alternate push implementation to FCM will use it (notifications for the other apps will not work tho, if that is important to you..)
- paid apps will work in the second user profile, if they do not check their status through play services
Do you think one of these options, especially the second one, could be a feasible alternative to getting apps from the developers repo’s directly? What is your personal opinion on balancing security, privacy and comfort?
I already heard about Accrescent, I use it, I like it, but for now it is still in alpha and since there are not all the apps I want available yet, I have to rely on another app source.
F-Droid and its alternative front-ends are not considered due to their infrastructure flaws regarding their signing and building of apps (reproducible builds and custom repos of the app maintainer are somewhat better tho, I think.). Aurora Store is not considered because it lacks certificate pinning and has no auto-update feature.
Have a nice day,