Benefits using Neostore instead of Fdroid? AuroraDroid?

PG currently doesnt recommended Fdroid but says if you need to use it then use Neostore instead.

  1. But what benefits does Neostore provide over Fdroid?
  2. Does it fix any of the flaws Fdroid has?
  3. What about compared to other Fdroid clients like AuroraDroid? (from the same people of the established AuroraStore)
1 Like

Dare I ask the same question about Droid-ify ?

Hi there! :wave: Great questions, let’s go over them one-by-one. I will be quoting from Wonderfall’s article on F-Droid which we link to in our F-Droid section on the site.

1. But what benefits does Neostore provide over Fdroid?

SDK stands for Software Development Kit and is the collection of software to build apps for a given platform. On Android, a higher SDK level means you’ll be able to make use of modern API levels of which each iteration brings security and privacy improvements. For instance, API level 31 makes use of all these improvements on Android 12.

It is important to note that we’re currently at API level 33.

As you may already know, Android has a strong sandboxing model where each application is sandboxed. You could say that an app compiled with the highest API level benefits from all the latest improvements brought to the app sandbox; as opposed to outdated apps compiled with older API levels, which have a weaker sandbox.

It turns out the official F-Droid client doesn’t care much about this since it lags behind quite a bit, targeting the API level 25 (Android 7.1)

As a workaround, some users recommended third-party clients such as Foxy Droid or Aurora Droid. While these clients might be technically better, they’re poorly maintained for some, and they also introduce yet another party to the mix. Droid-ify (recently rebranded to Neo-Store) seems to be a better option than the official client in most aspects.

In this last section, I should clarify that Droid-ify and Neo Store are now two completely separate projects. The timeline, to my knowledge, went like this:

  1. There was Droid-ify
  2. The developer of Droid-ify started working with some other people to rebrand Droid-ify to Neo Store.
  3. Droid-ify’s developer stopped working on Neo Store and started working on Droid-ify on their own again.
  4. The rest of the people working on Neo Store continued working on it, and there are now two distinct projects: Droid-ify and Neo Store.

Neo Store and Droid-ify are better choices because they currently target 32 and thus benefit from much better security and privacy improvements on account of their API level.

Furthermore, (and this may be anecdotal - feel free to tell me if you’ve had a different experience) the official F-Droid app didn’t notify me when there were new updates available. I always had to manually check if that was the case. Neo Store and Droid-ify will notify you. These two apps are largely the same right now, as far as I can tell.

Foxy Droid and AuroraDroid were largely unmaintained last time I checked, so I would not use them.

Keep in mind that choosing an F-Droid app is only one part of the puzzle, and while apps like Neo Store are definitely an improvement, you can’t really solve most of F-Droid’s fundamental issues with that.

I highly recommend not using F-Droid or any of the other F-Droid compatible apps, as you cannot address the issues with the main F-droid repository as well as others by simply choosing a different app.

You really should be using it only if there is no other choice.

6 Likes

I feel a bit disappointed and lost since

  • I am no tech expert and sometimes hardly understand technical problems,
  • I mainly try to get degoogled (not in the way that I want no apps from Google ; they are excellent, but I want to minimize the data I give them access to),
  • and PrivacyGuides recommends that I should install my apps with one of Google’s flagships spy apps, that is Google Play.
    I understand that it might be the best choice security-wise, but I hardly understand how it might compete with Droid-ify or Aurora privacy-wise.
    EDIT : I precise that I use GrapheneOS, with the ability to keep Play sandboxed.

To be fair, Privacy Guides does not currently recommend Play Store explicitly. That said, if you’re using the Stock OS, it makes very little sense to use anything else, because Google already have privileged access on the device. What would you gain in privacy by trying to go around them? We try to approach these issues rationally and dislike privacy theater.

We also currently describe how you can grab open source apps from GitHub/GitLab and use an RSS reader to get notified about updates. Seeing as pretty much no F-Droid app currently features proper unattended updates, it is more or less the same, and you’re getting your apps “from the source”.

Since you mention that you’re using GrapheneOS, it’s a different story. On one hand, you don’t have Google with privileged access to your device. If you don’t want to use Play Store, you can do that, and it’s not theater. That said, if you do decide to use Play Store on GrapheneOS, you’re in a much better position than you would be on Stock OS, because those apps have no additional access compared to other apps you install.

When it comes to privacy concerns, Sandboxed Google Play on GrapheneOS doesn’t really pose any that any other app on your device wouldn’t. Play Store is in a position to get as much as other apps would. It is up to you to decide whether that fits your threat model. All GrapheneOS does is even the playing field.

There are other app stores that we’re looking at and hope to be able to recommend to people in the future, because obtaining apps on Android is currently an issue with no clear answer. We will evaluate those emerging options when they’re a bit more stable and production-ready.

4 Likes

Yeap, I’ve been chatting with lberrymage just a few hours ago. I already installed Accrescent since it should over time meet part of my needs, although not permitting to grab apps with low privacy standards (banking apps, whatsapp for the network effect, spotify, …).

There is theoretically nothing that would stop your banking app, Whatsapp or Spotify from being listed on Accrescent, provided that they meet the store’s requirements, which it feels like that they likely would, as they already meet Play Store’s standards.

That said, as much as I would like to be able to only recommend an app store like Accrescent to people in the future, it’s not feasible for it to replace Play Store 100% for most people.

On Stock OS, I would generally say that if you’re going to use Play Store anyway, there’s no tangible reason to also use another app store (like Accrescent) unless you really care about getting apps signed by the developer instead of Google, for example.

On an OS like GrapheneOS, however, where usage of user profiles is more widespread, you can have Sandboxed Google Play on some profiles, and a store like Accrescent on another profile in a way that makes sense, as Sandboxed Google Play can be installed per-profile, instead of having a bird’s eye view over all user profiles.

2 Likes

It’s also worth noting in some cases we don’t recommend the “degoogling” privacy theater. There is a common misconception that Google collects “all the data”.

In some cases it actually may make more sense to use Google than not, one example being Google Messages, an app that most people will have on their Android phone, either now or in the future.

If both parties have Google Messages, messages are transmitted over Rich Ccommunication Services (RCS), instead of old SMS. As a result there is E2EE using the Signal protocol.

The reason this requires Google services, is mostly because of phone carriers being lazy, and none of them uniformly implementing RCS on a wide scale.

While we official recommend Signal software, it’s not always possible to get people to use it. There is minimal threat in Google having your phone number anyway.

One of the nifty features of Google Messages, is spam filtering, (you can report messages as spam), and it reports it to both Google and your carrier, and since it is spam, it’s not private anyway.

1 Like

@TruckInternational47 had the same question haha thanks for making the post.

@matchboxbananasynergy thanks for the explanation, maybe it could be a nice idea to link that analysis or a little TL;DR in the note that recommends Neo Store over F-Droid

1 Like