User2288 On fdroid, the vast majority of applications are no longer maintained, and the fdroid application itself is not at a very high SDK level, which means that all this can weaken the AOSP security model. There was once an article written by a Frenchman which brought together reliable and verifiable sources, and which was based on real facts.
I mean, installing fdroid on GrapheneOS when there are other solutions is not a very logical choice.
What is a good appstore to use on graphene considerations?
- Edited
Ixirup https://wonderfall.space/marches-android-alternatifs/ This is a very good basis. And yes, downloading from github with obtainium isn't a great idea either. What shocks me about fdroid is not the application itself, but rather the developers who are in some kind of denial... One of them said on their forums that the SDK level wasn't important.
Ixirup
I think you haven't read the posts I linked to cause it would have answered this. Presence of outdated apps is not an argument against fdroid or an argument for security flaw, and also the official app is not mandatory, you can and should use a replacement.
Anyway, there arent too many good apps on fdroid anyway. Maybe about 5 to 10 common good ones for any idividual. If you get them with neostore or droidify or with browser directly, there is no security issue any more than getting from any other source. They are updated apps.
Thanks for all the great answers, but it's still a bit overwhelming.
What i am struggling right now a bit is the following questions.
- So if the apps from Aurora store don't update automatically - how do you handle this then?
- What i didn't think about - till now - is what problems security wise arise from the fact that the apps from aurora are installed with a shared account with some strangers? Would it be better to make a google account just to download the apps. Or is this a silly idea and makes no difference to using google playstore.?
- @"Ixirup": "And yes, downloading from github with obtainium isn't a great idea either. " Why is it not a good idea to download from Github. I thought is is more or less the gold standard since it has been used to share code for ages and its used a lot?
Thanks a lot...
[deleted]
- Edited
SpeakYourMind So if the apps from Aurora store don't update automatically - how do you handle this then?
Not an Aurora user but if it's still doesn't do unattended updates, you need to manually go in there and update what you need from within the Aurora app.
SpeakYourMind What i didn't think about - till now - is what problems security wise arise from the fact that the apps from aurora are installed with a shared account with some strangers? Would it be better to make a google account
With a shared account it's the same risks as if you would have used mine account without having access to its credentials. It's just a strangers Google account. If don't mind using your own account (throwaway or otherwise) just use Play.
SpeakYourMind Why is it not a good idea to download from Github. I thought is is more or less the gold standard since it has been used to share code for ages and its used a lot?
Obtainium is fine. If you don't trust it, download the app manually from GitHub first and then start tracking it through Obtainium. Developer distributed APKs from GitHub or otherwise are in fact officially recommended by GrapehenOS among the best ways to get apps. If you only use a few APKs it makes more sense to manually update them IMO but if it's a dozen or more Obtainium might be worth the extra overhead.
N1b
Whre would you download Neo Store? It sounds good, on the github page it says download from F-Droid (which most here say is not secure) or "IzzyOnDroid" which i don't know how good that is. i would like to install it that it updates itself. Which way to go?
Good night... alll...
SpeakYourMind Whre would you download Neo Store?
You can download it from Github directly (scroll further down and you'll find the releases: https://github.com/NeoApplications/Neo-Store/releases)
I'm not sure if it will pull the self-updates from github or Izzy after that. If you trust Izzy and have their repository activated, you can install it from there since it will usually find an update there a few days before F-Droid. I got mine from Izzy about a year ago and it worked ever since.
SpeakYourMind Why is it not a good idea to download from Github. I thought is is more or less the gold standard since it has been used to share code for ages and its used a lot?
It's not that downloading from Github is a bad idea. It simply ends up with you trusting the source of the app you download. Really great and secure apps are hosted on Github, as well as badly coded ones, or ones that are forked and pretend to be legitimate.
[deleted]
Chopped7821 You should use f-droid
I don't know why you are recommending a repository who's official frontend literally targets Andeoid 7.1
Thanks for the link. To be honest i actually needed it. Right now it's still a big problem for me to find the "right" thing.
So e. g. i go to Github and type in "neostore" you then get a baragge of hits that are not the correct link. I saw the stars and figured ok, 0 Stars 2 stars that is not it. that "nekken/neo-store" with 0 Stars at the end of page 2 is still not the right thing i could figure. But how to find the right one?
So do you/anybody have some indicators even little or weird ones how you find/check wether a repository on Github/lab is the right one to download i would appreciate it.
The comment of PS_Alex:
Really great and secure apps are hosted on Github, as well as badly coded ones, or ones that are forked and pretend to be legitimate.
Made me think think even more, how to chose the right download.
My "thinking" process is, right now is really primitive its just like: 1.9K stars that's a lot so it's probably the official app. Download. Any help what to look for appreciated, like how your brain works on this. The only thing i won't do, because i can't is reviewing code (As you figured i am not a coder).
This is right now my biggest problem actually, to determine whether something is reliable on github/lab... So any help how to read the little "signals" appreciated...
Greetings!
If this is considered to be not good to post a related but somewhat with a different nuance i could make an own/fresh thread out of this..
No need to look for this kind of thing... On Android the only reference is the playstore. After that, you're free to install whatever you want, but in terms of privacy and security, on a security-related forum, it'll be the play store on Android.
- Edited
Take some time to read and learn here,
https://sideofburritos.com/
it was work for me, go YT or NP and look his videos, easy to understand. Search for,
What should you use? - F-Droid, Droid-ify, Aurora Droid, Neo Store, Google Play, Aurora Store?
Man you don't understand. I literally wasn't able to spot the right download for Neo store on Github pages of "not the right" thing... So what to look for is top priority for me. I understand that there are apps that are fraudulent right from the start...But what i don't want to fall victim that i think i downloaded neo store, but in reality i downloaded "the fradulent store" posing as neo store....
Differently asked/if someone likes a little experiment:
- If you go to Github and type in "neostore". From the tons of hits you get. What is your "Algorithm" to find the right one?
- Second: What are the little signals/tells that tell you, that this is the right thing, not some fraudulent web shit with a virus?
Ixirup Who signs the applications and how are they maintained by fdroid? I know, but I want to make sure you know what you're talking about.
If you would like to help the OP please do so, but judgemental language such as this is not welcome here. Please remember that this community comes from all walks of life, and we're here to help each other out. Please be nice to each other.
[deleted]
SpeakYourMind the best thing to tell you are looking at the right stuff is using a major search engine like duckduckgo searching "Neostore Github" or "Neo apps" github will lead you the right way.
SpeakYourMind You have to check the application's signature if you download it from the Internet, so I don't understand it at all...
SpeakYourMind If the signature doesn't match, it's no good. You should have done the same to install grapheneos.