I recently picked up a Pixel 8 and installed Graphene OS to begin tinkering. My plan is to migrate (or at least try) from being a long-time iPhone user, however I have a few questions. I understand that these questions don’t all have a “correct” answer, but I at least want to understand the rationale behind the answers.
I should preface this by saying that at the end of the day, I value security more than privacy
Where should I get OSS apps? F-Droid, APKs on Github, Aurora, Sandboxed Play Store?
Apps like Signal, ProtonMail, Ente, Bitwarden etc
I was leaning toward APKs here as I’ve heard that F-Droid isn’t the safest option, and where I can, I want to avoid Google Play all together. I’m a developer, so downloading releases from Github seems fairly natural to me. Any reason I should not do this?
Where should I get closed-source apps? F-Droid, Aurora, Sandboxed Play Store?
Apps like Slack, Uber, etc
For this, I was thinking Sandboxed Google Play with a burner Google account. Same reasons as above for skipping F-Droid. Any alternative thinking here?
Multiple users / profiles. What is the advantage to having a single “owner” account that downloads all the apps, and then separate users / profiles who have been delegated access to those apps from the owner account?
I don’t really have my own editorial here yet, this aspect is the most confusing to me.
Toggle off Google Play & Services when not in use?
As of now, I think I’ll need these for:
Downloading play store apps
Using my YubiKey for 2FA to login to my password manage Bitwarden
Anything else I should consider? Thank you in advance!
I appreciate the time you put in in writing your post and making it look polished , but I would also appreciate it if you were able to do a bit more research.
I personally have the following preference on App sources:
Accrescent > Play Store > Github releases (with Obtainium + AppVerifier)
Using the owner profile only to download and distribute apps between profiles has some security benefits, as you won’t be daily driving your owner profile which has a few settings that are only accessible through the owner profile and not through secondary profiles (mostly network related stuff I think). For me that’s overkill and too inconvenient so I just use the owner profile and private space to isolate apps from each other.
Some Apps check on first launch if you have Google Play Services installed, and if that’s the case, they use it for notifications. If you disable Play Services while not actively in use, that might lead to no notifications for certain apps.
My App sources: I prefer privacy over security and I like to keep as few apps as possible on my phone.
Phone: Third Party F-driod Repositories → IzzyOnDroid → Main F-droid Repository.
Tablet: Accrescent → Third party F-driod Repositories → IzzyOnDroid → Main F-droid Repository → Aurora store.
F-drord’s security has billion posts on this topic.
Accrescent feels too much as a alpha for me and only have 2 apps that I use and both has Third Party F-driod Repositories. I pretty must only uses it on my tablet to follows Accrescent’s development.
Aurora Store vs Sandboxed Play Store idk I only use one closed-source app that need GSM so I prefer Aurora Store’s spoofing over Sandboxed Play Store when I only need one app.
, but I would also appreciate it if you were able to do a bit more research.