L
lexico

  • Feb 1, 2023
  • Joined Jun 12, 2022
  • wojon The question would be if the github version has the same feature set. I might be wrong here, but to my understanding the github version is the non-pro version. So in the end you have to make a decision. Go with pro and take it from F-Droid, build yourself, or go with non-pro directly from the maintainer. How do you chose here? ;)

    I have the pro version from GitHub. The FOSS release is the Pro one on the release page and you also get free access to their Thankyou app to unlock the features it does across their apps.

    wojon F-Droid is patching out trackers

    They use exodus and their scanning is not accurate. It completely misrepresents the permission model. The checks for 'trackers' is really just a list a blacklisted third party libraries which they've fairly arbitrarily decided are privacy invasive. Doesn't check for anything else. It's misleading.

    Their apps often due to their practices end up horrendously outated. Take Element for Matrix for example. https://nitter.net/Metr0pl3x/status/1575250126574129178

    Using F-Droid and a developer maintained repo is fine but relying on F-Droid has all the issues outlined.
    As GrapheneOS doesn't compromise the standard of security/privacy, it is only right that the advice we offer aligns with that.

    What individual users can/will choose to do is entirely their prerogative.

    • Blzzrd for compatible Banking apps please see this community resource put together by a fellow moderator:

      https://privsec.dev/apps/banking-applications-compatibility-with-graphheneos/

      Also to try everything you need:

      • to install all 3 play services apps in order (just use the Play Store listing in the 'Apps' app which will take care of this)
      • then install your banking app
      • run it
      • if it crashes again then open the Banking app 'App Info' pane (can be done by long pressing the icon or via SETTINGS>APPS>SEE ALL) and enable the Exploit Protection Compatibility Mode
      • run it
      • if it crashes then go to SETTINGS>SECURITY and disable Secure Exec Spawning
      • run it

      If the above steps fail to work or even if they do file a report to improve the resource linked above here:
      https://github.com/akc3n/banking/issues/new?assignees=&labels=&template=app_report.yml

      • Kenny33

        Google etc going after me directly (or indirectly under a warrant from authorities), is not a threat model that figures highly to me. BUT... One thing that rings true to some is the 'Facebook kills teenagers' argument i.e.:
        I object to big tech's and the personal data industry's business practices, but in so far as it is legal where I'm at, I'm pretty powerless beyond lobbying local politicians. One thing I can do is say 'not in my name'. To that end, I want to be able to say, with truth, that I have not consented to their collection, processing, and sale or transfer of my data, at least in part just to keep my conscious clean, and make me feel I've done something. As such I don't choose to use their services, even with fake names or apps. It's just voting with my feet.

        If they choose to do it anyway, as their systems and software don't check well enough that they have my current and active consent, well at least I know I haven't willfully consented to that. For sure, this costs me a lot in terms of convenience (no WhatsApp! And using Signal that doesn't even notify reliably - afterall they have constructed an effective monopoly in supply of a number of critical goods and opting out of all that hurts), but my conscious is cleaner... I am interested as to the legal position (esp when in europe), if they do routinely collect my personally identifiable data by default anyway... if anyone knows? In installing GOS, did I click yes to something I'd not read properly?

      • I run radicale on my server and sync calendar and contacts with my phone using DAVx5. On my desktop I use Thunderbird which supports DAV as well.

      • Use of the Play Store due to policy enforcements etc, for publishing there, is highly advisable and/or Aurora (Open Source Play Store front end https://gitlab.com/AuroraOSS/AuroraStore/-/releases) if you don't wish to use sandboxed play services in a particular profile.
        The issue with this is that many apps will look for FCM for push and unfortunately many more in the messaging category will not have their own fall back solution/implementation.

        The next best step is to go direct to the website of a developer ie Signal or direct from their Github repository ie Newpipe.
        Both of those examples have a self updating mechanism to notify you of new releases.
        For apps that don't have this feature take the URL of the releases page and append .atom to it and add it to your preferred RSS feed app with notifications turned on for updates.
        This does have it's downsides creating a dependence on F-Droid sources below for apps such as Element Android who only publish their gplay version on GitHub as well as for apps published on gitlab without an atom feed to track.

        The next option is to use Neostore to access F-Droid repositories but with an up to date high SDK targeting F-Droid store front. This allows for unattended updates also I believe and has a modern UI. It is a bit buggy but is constant and current development.
        You can also if you choose download apps direct from the F-Droid website with the links they provide.
        F-Droid however does come with some caveats explained here by @Wonderfall https://wonderfall.dev/fdroid-issues/

        I also use a Hash Checker app to confirm I have the same app for when the developers provide a SHA256 hash etc to compare it to in their README on github.

        Obviously moving forward GOS will be looking to add some self built third party apps that meet the projects standards to the Apps app built into the OS while there is also Accrescent being worked on in parallel as a broader app source looking to be the next evolution to the open source app store from @lberrymage found here: https://accrescent.app/

        Hope that helps and look forward to others views and opinions.

        • Cross-profile notifications and nested profiles could be the next big thing after Sandboxed Play Services in GrapheneOS and a true game changer for easier compartmentalization. Very exciting.

        • eomiku Hello, since we do not have any type of telemetry, it is not possible to get a preciously accurate number of users. Instead, we can only make general estimations based on downloads.

          statistics regarding the size of the userbase.

          Specifically based on OTA downloads, our estimation is around ~ 80,000+