• Off Topic

  • What is a good appstore to use on graphene considerations?

I finally did it and installed GrapheneOS on a google Pixel 6a/Webinstall went smooth, yay.
Every website seems to redommend something else. What is a secure Appstore to install Apps from? For my bankings apps security non-tampered with apps is really improtant. Other Considerations? Something special to take into account for GrapheneOS?

Greetings!
PS i just downloaded Telegram via the website Telegram.org Graphene calls it an unknown App, for telegram? Or is it just the standard don't download from the internet files?

    Hello and welcome!

    The Google play store is indubitably the golden standard, includes the largest collection of apps with excellent security. Unfortunately it also comes with the caveat of needing to login to an account. Banking apps in particular may force your hand, apps can figure out what source they were installed from and refuse to run if they don't like what they see.

    Aurora store is a front end to the play store which enables you to use it anonymously through provided throwaway accounts. These are being heavily rate limited at the moment, so in-app search is non functional, but there is an easy workaround available. Updates work just fine.

    F-Droid, while popular, is considered insecure and ideally avoided: https://privsec.dev/posts/android/f-droid-security-issues/

    Then there's Obtainium, not a store, an update aggregator. You tell it where to find your apps and it will notify you when updates are available and let's you install them right there. The downside is that your apps must host their apks publicly on GitHub and such, it can't scrape the play store (though it can search F-Droid).

    Last but certainly not least, Accrescent. The next big thing, built with modern infrastructure from the ground up. Currently in early alpha, it's not yet a suitable replacement for any of the above due to its very small app repository, but it looks promising!

      spring-onion
      Ditto on accrescent. It has a very good vibe. Very clean and functional, but as you said, repository is very limited.....

        Wow great answer thanks!
        Sounds like Aurora is a secure way to go.. Obtainium is some cases.
        What's the opinion on e. g Amazon store, well yeah not anonymous and well it's another large tech company.
        Other store recommendations?, opinions on this?

        Sorry i have to ask a noob question about aurora: Where would you download it?
        Search engine gave me hits i never heard before like uptotown and others...

        First i wanted to download it from: https://www.aurorastore.pro
        But after some research i saw no it is not the official page.

        then On:
        https://github.com/whyorean/AuroraStore

        it says you should only download from:

        GitLab: Releases
AuroraOSS: Downloads
AuroraOSS: Stable
F-Droid: Link
Telegram: Channel
XDA Forum: Thread

        but AuroraOSS is down Gitlab was very confusing where to download the files.

        Telegram on the other hand is very easy, but is it safe to download it from there?

        Sorry for this annoying Noob question, but i guess the deeper topic at hand is that i need to get a feeling for what is reliable and what isn't and it irritated me that AuroraOSS was down and i didn't even know whether that Github page i am reading that from is reliable. So I'd rather ask in the beginning one question to much than to learn something very wrong right fform the start...

        Thanks for reading!

          SpeakYourMind

          You get Aurora from their releases page on gitlab. https://gitlab.com/AuroraOSS/AuroraStore/-/releases

          I recommend you get obtainium and point it at aurora's releases page so you get updates as they're released.

          You should use f-droid or Google play store if you want the most "reliable" option. They've been around longest so they're least likely to be scrubbed by their devs. Other options require you to learn how to use experimental software even though I think they're better. I haven't been able to use Aurora to download apps in several months so I wouldn't consider it reliable.

              • [deleted]

              • Post #7

              SpeakYourMind

              Aurora Store (fdroid link) - https://f-droid.org/repo/com.aurora.store_45.apk
              Gitlab - https://gitlab.com/AuroraOSS/AuroraStore/uploads/94a4147cac11ddb15110aaf1eb3871e8/AuroraStore_4.2.3.apk

              Official Website - https://auroraoss.com

              Note - If you download from Gitlab, you would not be able to update it through Fdroid.

              My suggestion will be to download any Fdroid client like Droidify or NeoStore and download Aurora Store from there.
              This way you will be able to update it easily.

              Droid-ify - https://f-droid.org/repo/com.looker.droidify_57.apk

              Neo Store - https://f-droid.org/repo/com.machiav3lli.fdroid_927.apk

                  • [deleted]

                  • Post #8

                  Chopped7821 I haven't been able to use Aurora to download apps in several months so I wouldn't consider it reliable.

                  Really ? Here I am using Aurora Store daily to check if any update is available for my apps.
                  Sometimes it shows "rate limited" but after closing and opening again it works.

                      Chopped7821

                      yeah thanks. for the hint with obtainium. I have a dumb: question: I have agoogle pixel 6a

                      which one of the files do i need? I suppose the 54 MB app-release.apk?

                      Sorry but it confuses me that another one is written at top...

                      Thanks..

                        [deleted]

                        Great help, thx mate. I just heard/read that F-Droid is not that secure. So i guess i will give obtainium a try. But if that is to much fuzzing, your solution sounds like stressfree alternative.

                        PS I read something from a year ago that Apps downloaded with Aurora don't update?? Is this still true?

                            SpeakYourMind I highly recommend the Google play store. Safety first and foremost. Interestingly, there's a partnership with ESET to detect rogue applications and ensure that applications don't contain viruses that could be triggered some time after installation.

                              Chopped7821
                              Hi again,
                              i added the release page to obtainium/App Source URL: https://gitlab.com/AuroraOSS/AuroraStore/-/releases

                              And i have Version 4.23 installed but it doesn' find the new version 4.24?
                              Anything else i have to do?

                              What i noticed is that obatainium changed the link that i adde to gitlab.com/AuroraOss/AuroraStore
                              but i don't know how to force obtainium to keep to the original link?

                              Greetings!

                                  SpeakYourMind

                                  Without meaning to disregard the position of others on fdroid being insecure, i have argued and would argue that is not true.

                                  Downloading from fdroid is as secure as downloading from github.

                                  There was a technical argument laid against fdroid, however i have critiqued this argument already and have not heard any meaningful counter argument against it yet.

                                  Bottom line: fdroid has some potential issues however those issues do not apply in all situations and the categorical statement that "f-droid" is not secure is simply not true. Downloading from github is not safer than downloading from fdroid. In fact I might argue the contrary, or at least parity.

                                  Do know that fdroid is not a replacement for play store as most apps on playstore are not available on fdroid. Also many apps are fdroid are not available in playstore. So they are "different" libraries with some crossover. Also some apps are only available from fdroid.

                                  Don't use the official fdroid app, use droidify instead. Also be mindful that the app you download adheres to recent target API levels.

                                  Understand what you are downloading from fdroid and you're good go.

                                  For a guide to get you started on apps and stores read this:
                                  https://discuss.grapheneos.org/d/5267-basics/9

                                      SpeakYourMind
                                      The link that obtanium created for itself is the correct one.

                                      The reason the latest version is not detected might be because of release channel factors (alpha, beta, etc). Try refreshing or change settings.
                                      If you are in a rush just download the latest version from the gitlabs page.

                                      Due to the recent problems with aurora's official download pages and versions made available recently i have personally decided to just use the version from fdroid. It gets released with a few days more delay but its been a more reliable source.

                                        SpeakYourMind

                                        I have this problem as well and f-droid only has version 4.2.3 as well. If you want 4.2.4 then you'll probably have to uninstall the version you have and install from https://auroraoss.com/AuroraStore/Stable/AuroraStore_4.2.4.apk

                                        I agree it's silly to say f-droid is insecure. There's plenty of malware on the play store, GitHub, and everywhere else. The way to protect against malware is to vet the app's developers or check the app's source code. Nobody's gonna catch malware for you. The reason I recommended Obtainium is because it lets you download from f-droid, GitHub, and other sources from one app.

                                          Obtanium is a fantastic app and I highly recommend.

                                          You need all 3 apps to have good and easy access to android apps. So get all three (Aurora, Droidify, Obtanium). Each does something the other 2 don't, so.

                                            User2288 Mostly agree, it's great we have so many options nowadays to replace Play Store. For me usually Obtainium plus Aurora Store is enough, since Obtainium can access Github, F-Droid and Izzy. If I needed a separate F-Droid frontend, I'd go with Neo Store instead of Droid-ify. It might be not as pretty, but like the other apps it has an "update all" button which is so much more convenient in the long term...

                                                User2288 On fdroid, the vast majority of applications are no longer maintained, and the fdroid application itself is not at a very high SDK level, which means that all this can weaken the AOSP security model. There was once an article written by a Frenchman which brought together reliable and verifiable sources, and which was based on real facts.
                                                I mean, installing fdroid on GrapheneOS when there are other solutions is not a very logical choice.