Ixirup Obtainium is just a fancy and easier way for installing .apk manually.
So instead of going on github and download apk then install it, then using Feeder to track new version of your downloaded app , you can use Obtainium to do that for you, you just giving him the github url or whatever source you have, and Obtainium will fetch and download apk for you, then it will also track new version and will notify you so you can update it.
What is a good appstore to use on graphene considerations?
88dotorg
Thank you i stumbled across the same video the same evening and must say: really excellent video. Really like how he explains things!
- Edited
Man thank you for that extensive write up!! So much things i think the same like it is important that it is not to complicate to update Apps from a source. That it is important to get the download right in the beginning, since the keys might differ. That the search of Github is broken, how i found out. That the easy fix is to use DuckDuckgo as Some1 pointed out too.
Your comments on APKmirror and APKpure answered thinks i wondered about too..
So all in all thank you. I willd do more studying i already stumbled on SideOfBurritos, great explanatioins....
So really thanks for all of this!
And yes for me it is important to find reliable sources to download AND make Updates not to complicated. That is exactly what my thoughts are about. So indeed Github/lab + Obtainium is one idea i like.
you need to confirm it from other web sources as similar a lot of similar entries exist that you should NOT trust.
Fdroid website shows official links to any app's official website and source code. A great way to verify and find the proper "source".
I can't find the links on the F-droid Website for the website of the Neo store project. Am i overlooking something? Or is it for Neo store not there...
Do you use any other site recommendation for verifications purposes? besides F-droid I would love to hear, still big topic for me to verify downloads...
Greetings!
Ixirup
For the first 2 Articles: i don't speak french and i don't want to autotranslate...
The last one i did read, thanks for this. That lead to my decision to not use Fdroid as primary source of downloads....
[deleted]
SpeakYourMind Do you use any other site recommendation for verifications purposes? besides F-droid
What do you mean by verification purposes?
Another source of truth. Like i search in DuckDuckGo for "neostore" it shows me a github/lab page for download with files on it and a hash for the download file.
So another reliable site to check that the github page and file is legit and not set up by a hacker...
User2288 here isn't any security risk in this that we know of. But if the particular app heavily relies on the google account as the method to verify you and the app's instance, then this could become a security problem.
I thought about it a how the account sharing poses maybe a security thread a little more and tried to read up on it more, but i couldn't find anything useful.
Apps might rely on the google account maybe more than it is wise to indentify a user. In europe we use undergrounds and trains more. The apps for this e. g. are more regional and the companies are nto really professional with their IT.
So this is a good example to ask the question. Would the account sharing pose somewhat the risk that some hacker could restore my account or somehow else extract the data with the credit card data in it, due to the account sharing on Aurora?
That the app itself is not that secure is a risk i have been living well the last 7-8 years and i am OK with. Focus here is if the Account sharing adds another layer of risk and how large that is, given the fact that the app might not be programmed very wise or relies more heavy on the google account than it should be.
Is it more of a tiny risk or a medium to larger one?
[deleted]
- Edited
SpeakYourMind You can't do much except checking developer's website for finding github link or just searching via search engine
I would recommend just using proper app stores like Google Play and Accrescent (in Beta). "Verifying" checksums will only complicate things for you, and Its very easy to spot fake repos btw; for example, you can check the dev's name in repo url:
https://github.com/NeoApplications/Neo-Store
In this url First is the Developer name, and then comes the repo name, If let's say I fork this then It would become https://github.com/MyName/Neo-Store.
[deleted]
- Edited
User2288 Downloading from fdroid is as secure as downloading from github.
I would say It depends on who you want to trust:
If you trust the app developer and Github¹, and you have ensured that the repo is genuine, Github releases is the way to go.
But If you trust official F-Droid repo, and the app developer, the offical F-Droid repo could be OK.
For me personally, I don't trust F-droid because instead of acknowledging the points made in this article, they resorted to harrasing those who do not agree with them and falsely associating PrivSec (privsec.dev) with GrapheneOS.
¹Github need not be trusted If the checksum of the apk is verified (manually of course).
[deleted]
[deleted] ² BTW F-Droid supports Reproducible builds, which most apps actually don't even use because It makes releasing updates slower.
Thanks interesting with the naming scheme - i kinda already learned this while clicking through the pages (the Github search is really bad).
You can't do much except checking developer's website for finding github link or just searching via search engine.
It's a bit of a hen and the egg problem. If i want to verify the github page i need to find the developers page independently from github, so search engine. But i was able to find the developer's page with a search engine...
It's more complicated than i first thought to find 2 sources of truth comparing them and be sure that i install the right thing...
[deleted]
Ixirup Once Obtainium is installed, you can use it's inbuilt search function to find apps, and their various packages on Github. Far easier than using RSS notifications or searching the long winded manual way.
W1zardK1ng This is probably the best setup for a "normal" user that prefers great security and good privacy.
5 months later
- Edited
Because I'm a long-time Debian user, I like the F-droid clients. Everyone can take a client as they like: F-Droid, F-Droid Basic, Droid-ify, Aurora Droid, Neo Store....
I like F-Droid Basic: It targets Android 13 and can do unattended updates without privileged extension or root.
Similar to the apt sources.list, I can add the repos I like there.
Example repo lists:
izzysoft list-of-fdroid-repos
fdroidfamily codeberg repos
forum.f-droid.org known-repositories
That should be enough to have fun with GOS without GooglePS. I only install FLOSS apps on my GOS Pixel.
17 days later
samsepi0l i had bad experiences with Obtainium. Tried to convert my whole apps to it.
Many, most of the best ones, are only compiled on F-Droid.
The app hung after adding 30+ apps.
I just use Feeder + F-Droid basic. Feeder also for news, just a category "apps" and all have notifications.
- Edited
It's funny how blatantly you called Fdroid insecure when Google Play Store itself is infested with tons of virus and malware infected privacy invasive apps.
SoulKeeper This is a topic which has been discussed extensively already on this forum. Please refer to this comment from the GrapheneOS forum account: https://discuss.grapheneos.org/d/6758-a-message-for-grapos-developers-whats-your-recomendation/16
Wow! This reply is ... I have no words. Just wanted to say that you've done brilliant work here!
It's awesome to read, it's detailed, it's easy to understand, ... Wow