-I just want to get four apps - 1 Signal 2 Proton Mail 3 Proton VPN 4 Organic Maps on a graphene os phone. - with that being said I want to do it on a new pixel 9 graphene os - NOW the threat Im trying to deter is zero click exploit spyware attack - SO for the graphene os phone (trying to minimize such threat) whats the best way to get this apps. (Because I dont want to make a mistake that would weaken my security) … so should I go to apks (what about updates if I do APK), should I go Aurora Store (what about some of the permission it asks. Also, important would I need to enable Google Play Services (would that weaken my device) Appreciate any help - THANK YOU A LOT! - for the best way could you please provide some guidance - dos and donts?
I had a small stroke reading this without proper punctuation and grammar.
As far as I understand, downloading APKs directly is likely best. But you can use F-Droid to download the same as they do provide updates, albeit somewhat slow.
But there are other experts here that can answer your question more conclusively.
You’re going to have to compromise on either privacy or security features. Privacy Guides and PrivSec have useful information related to this. The GrapheneOS App Store seems to be the best option, but they provide very few apps. From a strict security perspective, the next best option might be using the Google Play Store, but of course that comes with a privacy trade-off.
If you don’t want to use the Play Store, it seems like all the more privacy-respecting options might be less secure. Accrescent is a promising option but it’s still in development so I haven’t seen it officially recommended yet, not to mention it probably doesn’t have all the apps you’re looking for. Aside from that, Obtanium and Aurora Store are also popular options which allow you to install all sorts of apps.
There’s the famous F-Droid which is recommended against by both PrivSec and Privacy Guides due to security issues. If you had to use F-Droid, it seems like using the F-Droid Basic client and preferring the IzzyOnDroid repository over the official F-Droid repository might be the best way to do it, but there’s some debate over the pros and cons of this.
Thank you for your reply. What about this scenario. Putting organic maps aside (I could use the car gps for example) and only focusing on signal and proton mail and vpn (only 3 apps to download) … could I just download the APK for these 3 apps - verifying the signatures. and be safe that way? I understand that for these 3 apps the updates come with the APK. Would that be secure?
could you please refer to the scenario where I replied to user: “basenote”. I wanted to ask you the same question, but it is not letting me make duplicate post. It is a scenario which I think could work and it is very secure or maybe not. Do you have any opinion?
I believe I have already answered this question. You’re pretty much asking the same thing. And I don’t have a different answer.
you are right sorry. One idea was using Obtainium for updates.
There are many ways to go about it. Evaluate the options against the threat model you have for the select apps you want to install.
My opinion is if you don’t want to use Google Play, sticking to Obtanium is probably the simplest solution in your case.
Cars are generally know to be really privacy invasive, you’re probably better off just installing Organic Maps or even using a Google Maps PWA.
okok, I will try and do the research by best - the thing is im not worried if google collect some of my data rather im worried about a bad actor getting in my phone.
In that case you can go with the original recommendation of just using the Play Store which is sandboxed in GrapheneOS.
ok thank you very much
You can simply download the apps from the official links:
than you! If I download from those links I would need to check the signatures? and need to figure out the updates
I think since it’s from the official pages you don’t have to check signatures.
You can use a RSS reader like Feeder to keep track of updates. Add the GitHub links and it will notify you of updates.
thanks