Hi, I want to ask about the custom ROMs to be specific GOS and CalyxOS. Which is better in your opinion and which one is trust worthy? I mean no offence to any of the two OS they both looks amazing, I just was thinking they are doing all this hard work and provide great services and apps, all for free, no buying, no subscriptions… I just got curious.
my question also about Sandbox in GOS vs MicroG in CalyxOS. I heard Sandbox is better in both privacy and secure… why is it better? as I saw MicroG has Spoofing and you don’t have to log in to play store, As for me when I tried GOS, I had to download the sandbox then I had to log in to the snadboxed play store… so I thought What’s the point if I’m going to log in to google… what would I lost of privacy or gain if I loged into sandboxed play store? I didn’t understand why sandbox is better while in MicroG I don’t have to sing in… I thought of using GOS with MicroG but some people didn’t recommend MicroG… I feel lost again I mean no offence to any of the creators of these programmes I just feel lost and I don’t know who to trust and what’s better and why.
If you have any answer, advice or anything will be appreciated.
Just don’t sign in then. If you install sandboxed Google Play you can benefit from some Google services without signing in, just like with microG, and you can obtain apps from an alternative store like Aurora without signing in.
This is why we don’t list the Google Play app here even if you’re using sandboxed Google Play on GrapheneOS:
There are still many benefits to this setup compared to system microG. The biggest benefit is that you can isolate Google-related services to specific profiles:
If you use microG on CalyxOS or other custom ROMs, microG is installed across the entire system and accessible to any app you install, even if you don’t want that app communicating with Google’s services.
No, you can’t install it. It’s something you could previously use in DivestOS. The difference between it and the normal MicroG is that it’s sandboxed with no extra privileges, just like the GrapheneOS sandboxed google play implementation, but using MicroG.
There are many people in the GOS community (not judging) who disagree with anything but sandboxed google play store. Meaning very against the aurora store. Is there any validity that it should be avoided because the sandboxed google play is more secure?
Yes it has poor security and little if any privacy benefit.
Because they reverse engineer the play store + use anonymous accounts there is a real risk it breaks and you will no longer be able to receive app updates. This is a major security issue since keeping your devices and apps up to date is the bare minimum for a reasonably secure system.
They also don’t verify security metadata which they consider low priority and fail to mention in their list of shortcomings…
You are way better off just using a purpose made Google account with sandboxed Google Play for obtaining any apps which you can’t get from Accrescent.
I would say the Aurora Store should be avoided for a variety of reasons, but this is a very minor one. The biggest problem is that Google Play is a dangerous source of applications in the first place, because most apps are now built and signed by Google instead of the developer (meaning Google holds the app’s private keys via Play App Signing and can distribute any version they’d like to any user).
It’s required for new apps since mid 2021, and “encouraged” for all apps otherwise.
Last year there was an issue where Google attempted to strong-arm VLC into uploading their private signing keys to Play, giving them the “choice” between doing that or cutting off security updates to some of their users. Obviously both present big security problems, but Google doesn’t care about security.
That’s ridiculous. They provide provide excellent security with AOSP, Chromium, gVisor, Project Zero and other projects, which shows that they actually care.
Not needing a Google account is an important privacy benefit for me, personally. Usually Google also requires a phone number for creating an account, although some people got lucky creating an account through the Play Store app and on a “clean” IP.
Sure, but the risk of Aurora breaking without you noticing and you not getting app updates for a while without noticing and then someone hacking you because one of your apps hasn’t been updated in a few days/weeks… idk but for me that’s a risk I’m willing to take.