yourmother so what you really want is someone else with a life, family, and job to do your work for you? The guy/gal that did their own research for their own threat model to protect their own family on their own time should now do this for you because you cannot be bothered? Sounds reasonable.
A message for Grapos developers. whats your recomendation?
yourmother
A normal user needs only 10 sec to open browser and type "obtainium". Clicking on github link page and scrolling down & tapping "releases" will take another 10 sec. Downloading and installing will take 15 sec.
Searching app name with "fdroid" at the end will take 10 sec. Clicking the "source code", copying & pasting the link will take 5 sec. And now you can install any app directly from developer. Very first initial setup and installing first app will take only total 50 sec and adding and installing another app will take only 15 sec. And you can export obtainium data to another device, so next time you don't have to paste link of every single app. It's like your personal app store. Don't you have around 1-2 min?
yourmother you think i don't have a life?, i have no job? no family? i have all the time of the world? wtf.
We all wish we had access to a reliable app collection full of useful apps written for us by people all over the world, without malware or exploitable bugs, using back-end servers without leaks. Plus it would be great for the app collection to be anonymous and the apps to be free. As of August 2023 humanity has not achieved one of those, so we can't give you simple directions for accessing it.
Some platforms have app stores that are very easy to use. But they tend to be non-anonymous, charge money, and still contain some apps that leak and/or steal.
A message for Grapos developers. whats your recomendation?
Please don't direct questions specifically to GrapheneOS or GrapheneOS project members going forward. If you post a question on Matrix or the discussion forum, you need to accept that anyone can answer. Project members do look at a lot of the content that's posted even if they don't reply. Egregious cases of misinformation are often corrected by project members if it wasn't dealt with by the community. It turns into a moderation issue if people are repeatedly lowering the quality of discussion by inaccurate claims, particularly if it's harmful advice leading people to do things in a poor way.
We try to maintain a decent quality of discussion and information on these platforms. We haven't been achieving that with the discussion forum recently and some cleanup is going to need to be done. Please try to support these efforts to maintain a high level of quality here because many people use it as a source of information. This is a collaborative effort. If you aren't sure about something, posting a response is fine, but then try to avoid stating it as fact.
so many different app-store's that have their own pros and cons when it comes to privacy and security.
Yes.
some people even say that all these stores are not safe to use and the only safest is google app store.
For obtaining a specific app, such as Element, the sandboxed Play Store is one of the best options. You need to make sure it's the genuine app from the developers, ideally by opening a link from their site. Play Store isn't a very good way to discover new apps if you care about privacy and security, but that's a hard topic in general. Open source also doesn't mean private and secure, but comparing open source to proprietary apps on average, they do tend to have better privacy, but not necessarily better security.
But that is from google... not good for privacy and google says: "Developers add malware to apps from Play Store afterwards"
This can happen anywhere, and can happen with open source apps too. Open source doesn't mean a developer adding malicious or unwanted behavior is going to be somehow caught and prevented before you get it. F-Droid doesn't provide any protection from this beyond scanning for binary blobs, etc. It will not protect you from a developer adding malicious source code, particularly when 'malicious' is hard to define and these things can be done in a subtle, well hidden way. It has regularly happened that open source libraries and applications have clear cut malicious code inserted. It's extremely common for these libraries and apps to make privacy unfriendly changes like adding invasive analytics too. All you get from F-Droid is knowing that the developer adding a closed source third party library will likely get detected and the app won't get updated, but in exchange you're trusting people to build/sign the apps who have shown consistent untrustworthy behavior. You're also getting significantly delayed updated in many cases.
i don't want discussions, i want advice from the pro's that really have the knowledge of this stuff.
You created a thread on the discussion forum about it, so discussion is what's going to happen.
i wondering what the developers from Grapheneos himself advise to his costumers.
Why don't grapheneos give instructions about this.
instructions about what the best source to download apps and where not, and how you can best deal with apps in your phone (cutting them of from the internet so the apps can't do any harm or something like that) and be done with it.
GrapheneOS includes our own app repository client which provides a way to install the sandboxed Play Store. There is no advice for this fitting everyone's preferences because all of the available options other than our own app repository currently only used for our own apps have major flaws.
just tell me what to do.
If you're using sandboxed Google Play in the profile for broad app compatibility, you might as well use the sandboxed Play Store to install and update apps since that won't give them additional information if you do it properly compared to simply using sandboxed Google Play without using it to install apps. Create a single-purpose Google account without personal information to use with sandboxed Google Play in a single profile. Don't use the same account for anything but sandboxed Google Play, and use a separate account for separate profiles.
If you aren't using sandboxed Google Play in the profile, there is no best answer. You aren't going to get any perfect answer and can't expect one.
Hello,
thank you for your time. i appreciate it :)
you said:
GrapheneOS the sandboxed Play Store is one of the best options. You need to make sure it's the genuine app from the developers, ideally by opening a link from their site.
i don't understand this.
when i am in playstore, there are no link/site's.
[deleted]
yourmother The developer's site like they said.
[deleted]
developer's site are not mention t in apps. so how do i find them?
[deleted]
yourmother By looking up the app online?
[deleted]
- Edited
I suggested that you look online for the app/developer's website in order to compare their app to the one available on the Google Play Store just like what was said to you i.e. "You need to make sure it's the genuine app from the developers, ideally by opening a link from their site."
- Edited
And to get on topic, best place to download apps if you're not using Google Play Store would be from the officials app's website. Places like WhatsApp has its own apk file you can download as well as Telegram, and Signal. For other apps F-Droid is pretty good although people here will say F-Droid is bad.
You could also just make a separate profile with Google Play on it and download it from the official Play Store for apps that need Google.
Using other third party stores always come with a risk of putting malware on your phone so be aware of that and stay safe.
- Edited
Please remember we are all just trying to help each out. It is not okay to expect an explanation from somebody else, and become angry if they don't answer in a way you like. The GrapheneOS account has already raised in this very thread the issue of maintaining high quality discussion in this forum. Arguments and plain rudeness are not welcome here, especially directed towards other users of this Forum. I have removed two counts of that from this thread. Please do not let that continue.
yourmother don't be rude. The people who build from source, have life's, families and jobs.