New notice from Obtainium

Ive myself used obtainium on Pixel OS in the past because despite me despising the OS I had no option but to use it as is since it was a carrier locked pixel with no way to unlock the boot loader. Getting favorites apps through obtainium on stock android is a good way to setup and eventually transition to GrapheneOS. ideal from a privacy point of view? No. But in general even if you make the assumption that google knows everything you’re still better off getting whatever you need straight from the source rather than linking that activity directly to a google account which you have even less control over.

A new OS requires fundamental changes in behavior and installing may require troubleshooting. It’s not 1:1. You aren’t likely to brick your phone over an app you install. Yes they both have friction but obtainium once configured is just as easy as the play store you can install just by search or many apps on GitHub are coming using a one click install with obtainium button

2 Likes

I could not disagree with this statement more.

Obtanium is an app in which you trade your security for privacy.

How do you know that you’re not being man-in-the-middle’ed when you’re downloading something from Obtanium? You don’t because Obtanium doesn’t do integrity hash verification checks for you.

How do you know that the app dev didn’t go rogue or was hacked and uploaded a virus as an app update? You don’t, but maybe the Google Store is smart enough to catch some of them and hopefully GOS is hardened enough to mitigate the attack.

Now you’re writing that you’re using a stock Pixel. As such, you have no privacy as Google knows exactly who you are due to its vast data aggregation + Google Play services running with sudo. As far as privacy goes, it doesn’t matter where you get your apps from as Google can see all of your phone’s apps. Then by using Obtanium you’re trading your security for privacy that you didn’t have to begin with. I don’t see the logic in this.

1 Like

I’ll give you a point for that, but this is not exclusive to obtainium. This argument could be used for sideloading as a whole if it’s not coming from a centralized repository that does its proper checks and balances. however Depending on somebody’s threat model and types of app they use plausible deniability may be more of a concern and the play store falls short there. A shadow profile is still better than direct linking of your app usage it’s strange to me that you can’t see the nuance that somebody can use an imperfect solution and simultaneously care about privacy

1 Like

Hi can you answer my noob question please? Would this development mean I won’t be able to use Obtainum anymore on my Samsung? (or Tecno)?

If you’ve already installed it, no

Also would you be able to get a Pixel and not a Samsung/Techno?

Can you please provide a link to this announcement?

If I’ve already installed Obtainium, I won’t be able to use Obtainium? :thinking:

And if I haven’t? I would?

Hi can you answer my noob question please? Would this development mean I won’t be able to use Obtainum anymore on my Samsung? (or Tecno)?

Can someone clarify?