this post was submitted on 12 Apr 2025
8 points (90.0% liked)

GrapheneOS

435 readers
8 users here now

An unofficial discussion community for anyone interested in GrapheneOS.

Helpful links:

Official Graphene OS Discussion Forum

List of official Matrix channels and other contact sources.

founded 2 years ago
MODERATORS
wxboss
8
App Store Recommendations (infosec.pub)
submitted 1 day ago by DahGangalang@infosec.pub to c/graphene_os
9 comments fedilink hide all child comments
 

Just recently took the leap to Graphene OS from stock android.

One problem I'm having is getting my apps and keeping them updated. Obviously I've been trying to use F-Droid, Accrescent, and the Grapheme provided app store where I can, but work and friends require me to have apps not available there.

I've been using Aurora Store for everything else, but it seems really buggy (tons of instances where apps won't update, will need ~3 tries to properly install, will notify me there was an error when the app clearly installed, etc). Additionally, I saw somewhere that Aurora store has some privacy/security issues (but didn't dive deeper to see what was meant by that).

I've read Obtanium is another option, but it looks like that still will not meet all my needs.

I suppose I should also say that I'm hesitant to use the Play Store / Play Services at all. I get there's sandboxing around them that makes them less invasive, but I don't full grasp how Graphene accomplishes that / what specifically it prevents.

What are you guys using for your App Stores? Should I just put aside my concerns and trust the sandboxed Play Store?

Appreciate your attention and consideration on this!

you are viewing a single comment's thread
view the rest of the comments
[–] besselj@lemmy.ca 2 points 1 day ago (1 children)

I use Obtanium since it's apparently more secure than f-droid. F-droid is still a good place to search for FOSS and privacy-respecting apps. For anything that I can't install through Obtanium, I'll use the Play Store.

[–] DahGangalang@infosec.pub 2 points 1 day ago (2 children)

Any tips on how to better use Obtanium?

At a glance, it seems to give me what I've always wanted (that is, access to all the switches and levers behind the scenes), but it is a bit overwhelming to start with.

[–] acockworkorange@mander.xyz 3 points 1 day ago
  1. Install AppVerifier from Accrescent as it integrates with it.
  2. Add the app to Obtainum and leave options as default
  3. Check if the app signature matches
  4. If something goes wrong, check the Obtanium recipes for your app.

The hard part is #3, as a lot of apps don't provide signature hashes. So you night not have confirmation the apk wasn't compromised. Then you have to decide whether you take a leap of faith, try your luck at another app store or give up the app.

[–] besselj@lemmy.ca 2 points 1 day ago

I'm still learning how to use it as well, but the basic methodology is to lookup the github page for the app you want to install and add the app to Obtanium using that github link. This is where f-droid comes in handy for finding github pages. Default settings are usually good enough if you don't know what they do.

I've been told that its unnecessary to use the App Verifier to check apps installed through github, but you can still do it if the SHA signature is available on their github.