Hi,
Today I tried to install an app from the Aurora store. It's been downloaded, but then Aurora is trying to sync metadata all the time and nothing happens anymore. Is this a known problem or is it just me doing something wrong? I've got a Pixel 6a and as far as I know, I've got all updates.

Thanks in advance for your reaction.

    • [deleted]

    Please note: The "Apps (app repo client)" tag is for when the GrapheneOS App repository is being discussed hence the tag's title.

    • [deleted]

    plamya You're fine. I was just letting you know.

    7 days later

    Same problem, but only with two apps so far (e.g. Facebook).
    Pixel7a, GrapheneOS Release 2023102300

    Same here, I have 5+ apps, they download but then can't install

      It's clearly just us. Nobody else has (had) this problem. For me it went away with an Aurora update. Don't know if I've just been lucky.

      plamya

      Regarding Aurora store:

      • It doesn't fully work compared to sandboxed Google Play
      • Apps can check if they were installed from the Play Store and can choose to refuse to work if they were not installed from the Play Store.
      • Doesn't verify Play Store signature metadata
      • Doesn't use a reduced CA set or pinning like the Play Store itself
      • i.e., downloaded apps are only secured by HTTPS with every WebPKI CA trusted (isn't very good)
      • May cause your Google Account to be blocked/blacklisted by Google.
      • When using the anonymous mode login:
      • Installs the wrong variant of apps by default due to not searching or fetching apps based on device model
      • Shared google accounts, i.e., Anonymous login mode are problematic and gradually break
      • Anonymous account usage may have negative consequences
      • The apps downloaded and installed are obtained from the Play Store anyway and you can easily make a throwaway account for the Sandboxed Google Play

      Numerous apps from the Play Store rely on features like Play Asset Delivery, Play Feature Delivery, app/content licensing checks, in-app payments, and other functionalities unique to the Play Store. All these are compatible with the sandboxed Play Store. The dependency on these features by Play Store apps is steadily increasing.

        @akc3n . Thank you very much for your reaction. It's very enlightening. If I were to change my "appstore" from Aurora to sandboxed-and-new-profiled-Google-playstore, I guess that I'll have to uninstall my Aurora apps first?!

          sprks
          I was having same issue after aurora store update.
          I just downgraded to version i was using before update.

            plamya No, you do not need to do that.

            I'll have to uninstall my Aurora apps first?!

            However, you'll need to activate unattended updates for the Sandboxed Play Store to become the designated installer. This requires triggering a one-time manual update through the Play Store afterwards.

            sybilsystem In regards to

            I was having same issue after aurora store update.

            According to their changelog there latest version should solve the issue? My colleague pointed this out.
            https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/CHANGELOG

            • Fix apps not installing post download
            a month later
            3 months later

            akc3n you can easily make a throwaway account for the Sandboxed Google Play

            I am not so sure about this. They keep asking for a phone number and there a countries where buying sim cards anonymously is hardly possible or even illegal.

              privsec I have heard that some people have had success, without requiring a phone number, by turning off VPN but using public wifi (so they don't expose their home IP to Google). I assume you could also use phone data to get a similar effect. I haven't tried either of these, just heard some people managed it that way

              I've made an account without a phone number yesterday via the play store app. I was connected to a France ProtonVPN server (im not from France) and I tried the "14 year old user" trick. It gave me the option to skip the number! You may ask, why a 14 years old user? It's because if you set the birth date as under 13 years old, google will qualify the user as a child and when the user is over 15, that user may have a cell phone.

              source: https://www.youtube.com/watch?v=c5K27u65A48