this post was submitted on 12 Apr 2025
6 points (100.0% liked)

GrapheneOS

432 readers
8 users here now

An unofficial discussion community for anyone interested in GrapheneOS.

Helpful links:

Official Graphene OS Discussion Forum

List of official Matrix channels and other contact sources.

founded 2 years ago
MODERATORS
wxboss
6
App Store Recommendations (infosec.pub)
submitted 10 hours ago by DahGangalang@infosec.pub to c/graphene_os
7 comments fedilink hide all child comments
 

Just recently took the leap to Graphene OS from stock android.

One problem I'm having is getting my apps and keeping them updated. Obviously I've been trying to use F-Droid, Accrescent, and the Grapheme provided app store where I can, but work and friends require me to have apps not available there.

I've been using Aurora Store for everything else, but it seems really buggy (tons of instances where apps won't update, will need ~3 tries to properly install, will notify me there was an error when the app clearly installed, etc). Additionally, I saw somewhere that Aurora store has some privacy/security issues (but didn't dive deeper to see what was meant by that).

I've read Obtanium is another option, but it looks like that still will not meet all my needs.

I suppose I should also say that I'm hesitant to use the Play Store / Play Services at all. I get there's sandboxing around them that makes them less invasive, but I don't full grasp how Graphene accomplishes that / what specifically it prevents.

What are you guys using for your App Stores? Should I just put aside my concerns and trust the sandboxed Play Store?

Appreciate your attention and consideration on this!

top 7 comments
sorted by: hot top controversial new old
[–] gid@lemmy.blahaj.zone 3 points 10 hours ago (1 children)

I use Google Play Store, Graphene's app store and Accrescent. I feel that the known privacy issues from Google Play are more acceptable to me than the unknown consequences to my privacy due to the looser security from F-Droid.

[–] DahGangalang@infosec.pub 2 points 10 hours ago

I like your logic. I'll need to chew on that thought to make sure I agree, but that's a really good point.

[–] besselj@lemmy.ca 2 points 10 hours ago (1 children)

I use Obtanium since it's apparently more secure than f-droid. F-droid is still a good place to search for FOSS and privacy-respecting apps. For anything that I can't install through Obtanium, I'll use the Play Store.

[–] DahGangalang@infosec.pub 2 points 10 hours ago (2 children)

Any tips on how to better use Obtanium?

At a glance, it seems to give me what I've always wanted (that is, access to all the switches and levers behind the scenes), but it is a bit overwhelming to start with.

[–] acockworkorange@mander.xyz 2 points 2 hours ago
  1. Install AppVerifier from Accrescent as it integrates with it.
  2. Add the app to Obtainum and leave options as default
  3. Check if the app signature matches
  4. If something goes wrong, check the Obtanium recipes for your app.

The hard part is #3, as a lot of apps don't provide signature hashes. So you night not have confirmation the apk wasn't compromised. Then you have to decide whether you take a leap of faith, try your luck at another app store or give up the app.

[–] besselj@lemmy.ca 1 points 10 hours ago

I'm still learning how to use it as well, but the basic methodology is to lookup the github page for the app you want to install and add the app to Obtanium using that github link. This is where f-droid comes in handy for finding github pages. Default settings are usually good enough if you don't know what they do.

I've been told that its unnecessary to use the App Verifier to check apps installed through github, but you can still do it if the SHA signature is available on their github.

[–] 3aqn5k6ryk@lemmy.world 1 points 9 hours ago* (last edited 9 hours ago)

I have low threat model. I get my apps from droidify and a couple of apps directly from their github pages. Havent bothered to try obtainium, maybe once most of my app isnt in fdroid.

For private space i use aurora. Planning to setup google play store, but havent got around yet. I need to create a fake google acc for that.