What is a good appstore to use on graphene considerations?

[deleted]

SpeakYourMind You can't do much except checking developer's website for finding github link or just searching via search engine

I would recommend just using proper app stores like Google Play and Accrescent (in Beta). "Verifying" checksums will only complicate things for you, and Its very easy to spot fake repos btw; for example, you can check the dev's name in repo url:

https://github.com/NeoApplications/Neo-Store

In this url First is the Developer name, and then comes the repo name, If let's say I fork this then It would become https://github.com/MyName/Neo-Store.

SpeakYourMind

[deleted]

Thanks interesting with the naming scheme - i kinda already learned this while clicking through the pages (the Github search is really bad).

You can't do much except checking developer's website for finding github link or just searching via search engine.

It's a bit of a hen and the egg problem. If i want to verify the github page i need to find the developers page independently from github, so search engine. But i was able to find the developer's page with a search engine...

It's more complicated than i first thought to find 2 sources of truth comparing them and be sure that i install the right thing...

[deleted]

User2288 Downloading from fdroid is as secure as downloading from github.

I would say It depends on who you want to trust:

If you trust the app developer and Github¹, and you have ensured that the repo is genuine, Github releases is the way to go.

But If you trust official F-Droid repo, and the app developer, the offical F-Droid repo could be OK.

For me personally, I don't trust F-droid because instead of acknowledging the points made in this article, they resorted to harrasing those who do not agree with them and falsely associating PrivSec (privsec.dev) with GrapheneOS.

¹Github need not be trusted If the checksum of the apk is verified (manually of course).

[deleted]

[deleted] ² BTW F-Droid supports Reproducible builds, which most apps actually don't even use because It makes releasing updates slower.

[deleted]

Ixirup Once Obtainium is installed, you can use it's inbuilt search function to find apps, and their various packages on Github. Far easier than using RSS notifications or searching the long winded manual way.

ivicaivica

W1zardK1ng This is probably the best setup for a "normal" user that prefers great security and good privacy.

boldsuck

Because I'm a long-time Debian user, I like the F-droid clients. Everyone can take a client as they like: F-Droid, F-Droid Basic, Droid-ify, Aurora Droid, Neo Store....
I like F-Droid Basic: It targets Android 13 and can do unattended updates without privileged extension or root.

Similar to the apt sources.list, I can add the repos I like there.
Example repo lists:
izzysoft list-of-fdroid-repos
fdroidfamily codeberg repos
forum.f-droid.org known-repositories

That should be enough to have fun with GOS without GooglePS. I only install FLOSS apps on my GOS Pixel.

missing-root

samsepi0l i had bad experiences with Obtainium. Tried to convert my whole apps to it.

Many, most of the best ones, are only compiled on F-Droid.

The app hung after adding 30+ apps.

I just use Feeder + F-Droid basic. Feeder also for news, just a category "apps" and all have notifications.

DeletedUser301

It's funny how blatantly you called Fdroid insecure when Google Play Store itself is infested with tons of virus and malware infected privacy invasive apps.

treequell

DeletedUser301 This is a topic which has been discussed extensively already on this forum. Please refer to this comment from the GrapheneOS forum account: https://discuss.grapheneos.org/d/6758-a-message-for-grapos-developers-whats-your-recomendation/16

Clap2Grom673

User2288

Wow! This reply is ... I have no words. Just wanted to say that you've done brilliant work here!

It's awesome to read, it's detailed, it's easy to understand, ... Wow

« Previous Page