[deleted]
You can use something like Obtainium or Accrescent to update apps that are not available through the Play Store.
You can use something like Obtainium or Accrescent to update apps that are not available through the Play Store.
worry_glowworm Have you looked into Droid-ify?
For my parents i installed GOS, Google Play Store and Google Play Store services with a throw away gmail.
Neo store with only izzyondroid for foss apps like NewPipe x SponsorBlock(from my understanding izzyondroid repo provide application taken from the app's developers repositories like github)
Both of these app stores provides automatic updates, since my parent are over 50 i just increased the Font and Display size.
Working without any issues for them.
I'd say droid-ify is rather safe and it gets you apps from fdroid, many apps from fdroid are also safe. Some may not be. But popular ones are ok.
Your options are a handful anyway. The combination of playstore, droidify, and obtanium should pretty much get you all you need. And obtanium may not even be necessary for them. First two will do the job.
Also for playstore just create a new account for them on their new devices without using a phone number. You don't need to use old accounts. You should be able to. If vpns dont allow you then go to a public wifi like a library.
User2288 ...then after you set it up "anonymously", don't forget to connect it to your home wifi without VPN and do a bit of browsing on Vanadium to make it easier for Google to link it to your alt identities.
My friend who is 64 can navigate F-Droid just fine.
I gonna keep this short; I think GrapheneOS solves the Google spying issue quite fine, it is indeed confined and not installed as root, users can assert more control over their privacy that way.
However, I did also not install Google services because it has 300 permissions build in, even though I assume they can do little on a GrapheneOS installation, it just makes me feel very uncomfortable somehow...
https://reports.exodus-privacy.eu.org/en/reports/com.google.android.gms/latest/
Also many apps on the Play Store are atrocious when it comes to tracking users, according Yale Privacy Lab from 300 apps they have tested, 75% show code of trackers.
https://privacylab.yale.edu/trackers.html
That does not mean those apps contain viruses or anything like that, but again, it makes me feel very uneasy.
I use Droid-ify together with the F-Droid repository and some other app repositories.
I took the "hermit-route" and isolated myself from apps with trackers (I scan apps with ClassyShark3Xodus) and only use FOSS-based applications.
I do use Orbot for TOR for Molly, (Signal-compatible chat app) Privacy Browser (Soren Stoutner) even though for security but not TOR, Vanadium is highly recommended, i use it as my primairy browser) and Droid-Ify. (Yes, it supports TOR!)
For the rest I use the beta Mulvad app (I use split-tunneling to rule out the TOR-apps) with quantum resistance and DNS-blocker, (blocks ads, malware, trackers, etc) and Wireguard with Wireguard obfuscation.
My girlfriend is always installing spyware on her phone, (cannot talk her out of it) and even though I put her on a guest network, I feel very unsafe she is using the same network, that is the reason why I use a VPN.
VPN's can be a potential point of metadata collection, and make people vulnerable to the third party doctrine law. (NSA mass data collection)
https://en.m.wikipedia.org/wiki/Third-party_doctrine
But Mullvad is okay, I guess.
If I did not have Mullvad I would use the "Rethink DNS" app as a DNS blocker. (It handles blacklists, etc)
However, do turn off "block connections without VPN" otherwise the TOR connections would not establish.
I also use Briar for chats (TOR is build in) without having the danger of an in-between server (in case it might be taken over, like with the new EU chat control law) and has mesh networking build in. (For chats with no internet)
With that you can also have a local forum and weblog.
In case of emergency (in case internet breaks down) I have many offline files on my device like the entire Wikipedia and other survival databases, (I use with the app Kiwix) Trailsense and Survival Manual for offline tools and offline survival.
I use VLC as a MODplayer, (it can play .xm .it .mod .s3m, etc) because these take up very little storage (I can store tens of thousands with no burden) lots of comics and games, lots of games which I emulate through RetroArch. (Now available on F-Droid as well)
With Organic Maps (Open Street Maps) I find my way around.
On foot with the super-simpel to use Luftlinie app. (Follow the arrow untill the number says zero)
I flash my Linux desktop distributions locally through USB via EtchDroid.
There are more cool apps that can make humans like us feel more independant, at least, that is the reason why I do it, I don't want anyone prying into my phone, and I don't want to be too dependant on the internet.
GrapheneOS is the perfect solution for me. (I almost sound like a "TV-teleshopping" salesman, sorry for that, but I'd figure you guys can use some of these tips!)
And yes, I am super paranoid, I love it. (-:
Pocketstar https://reports.exodus-privacy.eu.org/en/reports/com.google.android.gms/latest/
That is not a reliable source (as well as ClassyShark3Xodus) as explained here: https://discuss.grapheneos.org/d/471-installing-apps-with-trackers/2
[deleted] Ah, I see, I did not know that, I shall look into it, thanks for the info!
One more word of caution about RetroArch and gameroms I mentioned; gameroms may contain viruses, so I always use no-intro rom sets and scan them with a rom manager and the dat files from datomatic, this way at least the hash of an original dump can be verified somewhat, (not an absolute guarantee) I don't want to sway anybody into installing unsafe files into their phone after all.
[deleted] Thanks again! I looked into it, and exodus can indeed give users a false sense of security...
Perhaps it is time for me to check it a different way, if possible at all.
I will do some research towards the subject, but at least the source codes from the apps on the F-Droid repository are available, so I will look into those as well. (I have no experience with any coding stuff though, lol)
By the way, I believe F-Droid is also trying to resolve some issues they had as well; (Something to do with apps signed with the same Fdroid signature or something)
https://f-droid.org/en/2023/09/03/reproducible-builds-signing-keys-and-binary-repos.html
Pocketstar it is indeed confined and not installed as root
Its not installed as root on GMS-Certified Android either.
Pocketstar F-Droid is also trying to resolve some issues they had as well
Great because F-Droid's main developer is too ignorant. In reponse to critisicm of F-Droid's low targetSdk
version, He claims that #targetSdkVersion is designed around untrusted proprietary software with non-memory safe code where the binary only gets machine review. [1], which is very misleading. It is understandable that a Libre project like F-Droid might not have enough resources but that does not mean F-Droid's developers should just downplay security.
I've unfortunately had to lock this thread and remove many of the posts. Many of the answers did not address the original question.
However, I did also not install Google services because it has 300 permissions build in, even though I assume they can do little on a GrapheneOS installation, it just makes me feel very uncomfortable somehow...
This is not how the permission model works. An app declaring permissions in their manifest means the app is capable of being granted access to what that permission provides. It does not mean it can do all of those things. The privacy and security model is not based in any way on looking at the list of permissions in an app's manifest. Exodus is misrepresenting the permissions as being granted by installing the app and is misrepresenting what the permissions do based on legacy descriptions of them not meant to be user facing. An app requesting access like Bluetooth or Location doesn't give it anything unless you explicitly choose to grant the case-by-case pairing requests or Nearby Devices / Location permissions. It doesn't make any sense to hold it against apps that they support using functionality when they don't require it to be used. For example, GrapheneOS Camera supports being granted the Location permission if you go out of the way to use geotagging. It makes no sense to hold it against the app that it has multiple low-level location permissions listed in the manifest in order to make it possible for the user to grant that to it.
Most of the permissions requested by Play services are either privileged permissions not available to sandboxed Google Play or the so called normal permissions which don't grant it access to things impacting privacy or security. For example, any app can run code after boot at certain points or in the background without any normal permission as long as they aren't stopped (fresh install or force stop), but running it right after the initial unlock is gated by a non-user-facing normal permission. Setting an app to restricted battery mode stops it from running code except when run by the user or other apps. There are over a dozen low-level normal permissions for things related to power usage and there's a single user facing toggle for restricting it. The same applies to many other things. It is not the declared low-level normal permissions which actually matters. The permissions which matter are user-facing and disabled by default, with the exception of our added Sensors permission where it's your choice if it's disabled by default for newly installed apps to avoid breaking compatibility by default and making it harder to use the OS.