Hey guys. I have been “graphene curious” for quite a while now and managed to get a ridiculous deal on a new pxel 9 so figured i would give it a go as a secondary device for a while. I have been watching videos for sometime so knew what to expect for the most part in terms of use, and install went well. But i have a few specific questions and i wanted to ask them here as aposed to the graphene community which can seem a little abrasive at times.
App stores, i have them in a tier list of sorts, the installed graphene store to begin, accrscent below that, and then obtanium. Does this seem like the consensus?
I had watched a video a while back suggsting that f droid wasnt as great as we all thought and i cant remember why, but is this correct? And if so, if obtanium points towards f droid for an app install is that ok?
Browsers. Was looking forward to using vanadium, and its nice, but i had forgotten how intrusive adds can be, even on a pwa installed through it so i have put brave on (been my daily for years), and also web libre as i am testing that out also. But i noticed accrescent has ironfox ready to go. Out of the box is this better or do i need to harden it further and add extensions for the same results?
Im sure i will have more in time but right now these are the things i would like to get straightened out to streamline my use case. Many thanks
There is no consensus on Android app stores. Despite its issues, F-Droid has some benefits and a few of the concerns with F-Droid can be alleviated by using the F-Droid Basic client and IzzyOnDroid repository. While Accrescent is well-liked, it is only in Alpha and not yet recommended for wide adoption by both PrivSec and Privacy Guides.
That said, the tier list you provided is what I assume most in the GrapheneOS community would prefer. Just note that AppVerifier is recommended in conjunction with Obtanium.
The F-Droid client does checks that as far as I am aware obtainium still does not. So like said above, getting F-Droid apps with and official client is better.
Basic is better because it has a smaller attack surface and a more modern minimum SDK.
I agree. Accrescent is in alpha and the dev is still trying to figure out if the app is even financially viable. That should not be one of the highest on your list. My guess is that for most threat models, Sandboxed Google Play is the best choice. As much as I love Obtainium its more of an app manager then a store.
God Bless you if you can keep your sanity while using Obtainium. Try it, but I think you will soon realise it isn’t stable enough.
F-Droid is the best private app store IMO. I know someone will correct me, but I am sorry it just is. Is it the most secure? Probably not. Is it the only one that is easy to use, and actually has enough apps? Yes.
Acrescent is also good, but I wouldn’t recommend it for sensitive apps, months ago they stopped shipping updates for over a week without any warning to devs (F-Droid now ships most updated within 24 hrs, if that’s too slow the dev will provide a custom repo).
Don’t overthink it. I have all appstores talked about here. Just use the one you like the most.
Total number of apps on the main repo: We currently have 4,061 apps on the main repo, an increase of 547 apps since last year, ~21% are built reproducibly, signed by the developers, further expanding the variety of open-source apps available to users.
I find Obtainium to be the best experience of any app store. Accresent sometimes doesn’t have a new release, play store is play store, aurora store is buggy and security concerns.
I think that it is not the fault of the Accresent dev, it is the apps that are listed who are responsible for updating for Accressent.
You’re right about the consensus, but as others have pointed out, Accrescent seems to be a work in progress. I would not take presence in the Accrescent store as an endorsement. You can restrict google services to a user profile or private space if you use them occasionally.
User profiles are also good for web apps, or any app, you only use occasionally that you want to make sure don’t get to talk to anything else.
App verifier is useful when devs publish their dev signature for you to check with. Then its pretty easy to verify from clipboard. But few devs do this, and usually its on the same git repo your downloading from. There are devs in its database, but they stopped accepting new entries. Most of the time, all you have to go on is the security of and tls cert from github, codeberg, etc.
Some developers get around f-droids signing and patch lag issues by hosting their own repo.
More devs should share their cert fingerprints or host their own f-droid repos.
@Encounter5729 If your issue with obtainium is the random errors Obtainium gives you about failing to check for updates, It just tries again later. Wouldn’t worry about it.
I recommended using Mullvad VPN, it has adblock as part of its optional DNS in the app. I have it on 24/7 and I barely see any ads in Vanadium, aside from YouTube.
Another thing I have noticed is protonmail doesn’t seem to send notifications even though I have them set up to arrive. Is this normal? I love proton on my other devices as their notifications seem to be more snappy than any other provider.
I recommend getting Sunup from https://unifiedpush.org it adds support for push notifications for the supported apps listed on their page and a couple more. Without play services.
You clearly never used F-Droid. No problem with that, but the experience on F-Droid is clearly superior.
I think it is not the fault of the Acrescent dev
Not sure what you mean. They updated their backend infrastructure and it cause updates not to work for over a week. They didn’t warn the app developers about it.
@jerm this kind of prove my point. F-Droid users use it everyday and are very happy with it. Meanwhile, those who oppose it can’t resist any opportunity to point out its flaws even when really no one asked for it.