How do you obtain your Android applications

  • F-Droid
  • Play Store
  • Aurora Store
  • Obtainium
  • Other
0 voters

I use F-Droid for as much as possible and then use sandboxed Google Play Store for the rest of the apps.

Obtainium on my main profile. I also have a work profile and a google profile, both of those use the sandboxed version of the playstore from GOS.

Nothing against f-droid, still grab f-droid apks on obtainium, just have not seen a need to use both.

I use pretty much all of them at this point. I have some streaming apps that I can only download through Aurora Store because the official Play Store doesn’t like my GrapheneOS install. I use Obtanium for apps I get from GitHub/GitLab that don’t auto-update, FDroid for apps that only have F-Droid releases, and Play Store is my last resort. I have some apps that auto update, but those are fairly rare

Please do not replace F-Droid with Droid-ify. I’ll re-iterate that such forks do not support localized metadata or mirrors.

Additionally the targetSdk is not 25 like in that video.

  • F-Droid 1.19 is targetSdk 28
  • F-Droid 1.20 alpha is targetSdk 29
  • F-Droid Basic 1.19.2 is targetSdk 33
  • F-Droid Basic 1.20 alpha is targetSdk 34.
9 Likes

Both the videos and the privsec.dev article are outdated, nobody seems to care about keeping the information up to date.

I currently use, in order of preference:

F-Droid (Basic) > Obtainium > Aurora Store as last resort.

I’ll be curious to see how Accrescent turns out, apparently GrapheneOS is going to add it to their Apps respository soon and start recommending it:

https://twitter.com/GrapheneOS/status/1783278906658746581

1 Like

F-Droid Inclusion Policy:

Accrescent publishing requirements:

https://accrescent.app/docs/guide/appendix/requirements.html

F-Droid’s Inclusion Policy + F-Droid assigning Anti-Features to apps are the reasons why I will always use F-Droid. As per the current Accrescent publishing requirements, you can publish any proprietary garbage as long as it meets those requirements.

2 Likes

Yeah, I noticed that as well, and I agree, that isn’t ideal. I hope they’ll at least allow filtering out proprietary apps.

  1. Playstore (will pull malware apps)
  2. Fdroid (2nd pair of eyes on code)
  3. Obtanium (must be careful have right github etc url - lots of malware forks, becareful everyone)
    GitHub struggles to keep up with automated malicious forks • The Register

That’s good, I hope GOS will integrate it soon, I can’t wait!

The client isssues are resolved with latest F-Droid Basic.

Though server issues remain (haven’t checked)

The client problems seem to be fixed but one key signing all apps seems to be a problem, hope they come up with a solution.

This is why privsec and other sites based on our work will never be as good as Privacy Guides :sunglasses:

Not that I care if someone else is posting privacy stuff, it’d be great if those sites were also great, but it’s just constant work and most people aren’t cut out for that.

Observing how PG operates has been a fresh of breath air.

  1. You have minimum criterias.
  2. A discussion is held and all points are HEARD.
  3. how the git(hub) is well integrated into the writing flow.
  4. The PR’s content is judged by its content not who submitted it (though both are important ofc)
  5. How ppl jumped ship after privacy tools.
  6. Completely asynchronous communication bw maintainers (afaik)
  7. All aspects are taken into account (even legal - WOW)
1 Like

Accrescent with f-droid’s inclusion policy (that ensures privacy not security atleast when the upstream is introduced, upstream can add trackers there after) and a lot of apps (as it matures) is best case scenario.

Also GOS’s apps app is great for GOS sourced apps.

Play store is nice for beta’s and purchased apps (i think you can get purchased apps through aurora with your account but haven’t tested how good that is in-practice)

Play store in GOS work profile (as this is unpreviled + work profile ensures identifier fingerprinting compartmentalization, we should have a gmscompat magisk module lol), freezed when not in use + Aurora seems ideal.

Obtanium (not play store) should be the last resort IF you trust the maintainers completely (and their security practices)

The upstream can introduce trackers after the inclusion sadly.

Their server infra is lacking but its understandable as it requires a lot of resources and I am just grateful that we even have this flourished app store.

It’s because Privacy Guides has big advantage, which is the community. Having a forum when running such a site is crucial.