Hi guys,

I’ve recently put GrapheneOS onto my Pixel 7a. I’m really enjoying it so far, Just the absence of being asked to sign into a google account was a breath of fresh air.

I’ve been doing my research (including the search function here) and just needed a bit of help on the subject of apps.

I’m trying to avoid the play store. Sure I could create a new Google account but it wants my number for that and I was really hoping for more privacy than that. After researching here I’ve installed Accrescent which is very promising so far but lacking in apps.

I’ve also gone for Obtainium and this is where I’m hitting a snag. For example, with Signal Obtanium couldn’t find it via search. So I just inputed signal.org into the URL. Now i’ve had to do this for a few of the things I’ve downloaded and I’m starting to worry about the legitimacy of what I’m installing. With Bitwarden I literally just went to their Github page and found a URL that worked. This feels like the wrong approach? My logic has been if Obtainium recognises the app, I’m good to go.

I haven’t signed in to any accounts yet. My sim isn’t even in there. Just connected to wifi.

I guess what I’m wondering is:

  1. Are there any protections built into Obtainium to ensure it’s not some sort of incorrect version of the app I’m downloading?
  2. If not, is there any way to verify the app I’ve installed is legitimate?
  3. If I were to start over, is there a better way of doing this that allows me to still use Obtainium or some sort of RSS reader approach? But with more of assurance the initial download is safe.

Also, if I’m clearly out of my league and need to go back and just use Google play store, please feel free to be honest about that.

  • [deleted]

  • Edited

I’m trying to avoid the play store. Sure I could create a new Google account but it wants my number for that and I was really hoping for more privacy than that. After researching here I’ve installed Accrescent which is very promising so far but lacking in apps.

You can set up Aurora Store without creating or using a Google account, you can sign in with the anonymous option. Currently, the Aurora Store search function is broken, but with Aurora store you can explore and download apps from the Google Play Store's catalog, as Aurora is just a front-end for the Play Store.

  1. Are there any protections built into Obtainium to ensure it’s not some sort of incorrect version of the app I’m downloading?
  2. If not, is there any way to verify the app I’ve installed is legitimate?
  3. If I were to start over, is there a better way of doing this that allows me to still use Obtainium or some sort of RSS reader approach? But with more of assurance the initial download is safe.

Lucky you <3 The latest video from Side Of Burritos on YouTube covers Obtanium :)
Invidious link to his latest video: Obtanium overview | My favorite way to track Open Source apps

    [deleted] how had I not seen that from Side of Burritos? He's the reason I'm here in the first place. His section about how to find the right source code is exactly what I'm looking for.

    I do still wish there was a way to verify an app is for certain the right one. Something like the verified boot key hash for the install. I think I can work with this for now. Just get paranoid about for example loading my password manager onto there.

    Thanks for your help!