And this is wrong, in my opinion. The Play Store shouldn’t be used just because it has potentially increased security. It should be used when someone needs Play Asset Delivery or they need apps that only work with Google Play Services, etc.
4 Likes
What does that mean?
Phone:
- Google Pixel 8 - payed with cash
- GrapheneOS
- Prepayed SIM - payed with cash
- Privacy screen protector
- USB C data block cables for charging (Why? Because I can)
- Faraday Sleeve by SLNT (I use it mainly for extra protection for when I drive motorcycle but I use it more as a case for my earbuds lol)
Apps:
- Aegis
- Orbot - proxy mode
- Droid-ify - Onion repoaitories
- Cromite
- Tor Browser
- KISS launcher
- Voice audiobook player
- KeePassDX
- Breezy Weather
- OsmAnd - Works for me
- BraveNewPipe - Newpipe with SponsorBlock + search filters
- Molly - Tor via orbot proxy
- Mullvad VPN - payed with cash
- Notally - I only using it for the widget
- Fossify Gallery
- Fossify Messages
- Fossify Calendar
- HeliBoard
- Obtainium
I still don’t trust my phone lol
edit: I replaced a few apps Forecastie, Simple Notes pro, Simple Gallery pro, Simple SMS Messenger, Simple Calendar pro.
4 Likes
Didn’t Snowden review that the NSA targeted individuals with compromised updates via Windows Update or something similar? There’s no reason to believe Play Store is any different. If you are on the FBI terrorist list because you support some wrong candidate, attend school board meetings or has the wrong opinion on abortion, for example, you might not be a high enough value for them to pull some NSO-level shit on you, but Play Store infections are probably free or very cheap.
So yeah, Play Store may be the safest of all from outside meddling, but you have to trust Google and their friends to do things right internally. Do you?
5 Likes
this is interessting.
on GOS you said this:
In my personal opinion, for the vast majority of people/use cases, using Sandboxed Google Play on GrapheneOS is the way to go. Using Aurora Store can make sense sometimes, but mostly doesn’t, especially given how unreliable it is as of late (I’m only really evaluating Play Store and Aurora Store as a Play Store frontend here, because realistically almost everybody is going to need to download an app that’s only available there at some point).
Pro and Cons of using Google Play vs. Aurora - GrapheneOS Discussion Forum
But here on privacyguide you are telling that you personal don’t use google apps. Why?
Also Grapheneos recommend to use apps from the play store in sandbox mode because these app are more secure that other sources.
So why are you telling people that sandboxed google play on grapos is the way to go but but you yourself are doing the exact opposite and ignore your own advice and avoid google.
I guess “for the vast majority of people” means because it’s easier to use. I wouldn’t make my wife try to run “vanilla” GrapheneOS with only apps from F-Droid and Aurora, I’d get her GrapheneOS with sandboxed Play Services or CalyxOS instead. I wouldn’t make her install my favourite Linux distribution, I’d just get her Linux Mint instead. I’d tell her to switch to Firefox, rather than Librewolf. The easiest to use alternative, which still has a big privacy advantage compared to the default (stock Android with Play Store, Windows, Chrome).
That being said, I personally have zero interest in using the Play Store, even on GrapheneOS.
Pixel 6a running GrapheneOS.
- Proton suite for productivity (email, calendar, drive, etc).
- Proton VPN.
- Bitwarden password manager.
- Graphene OS native dialer for phone calls.
- QKSMS for messaging (following Signal’s poor decision to remove SMS).
- F-Droid & Aurora Store for apps.
- Magic Earth for GPS.
- Spotify for music and podcasts.
- Geometric Weather for local weather.
- RedReader for Reddit (following their decision to ban 3rd party apps).
- Brave for internet browsing.
- Local credit union app and Charles Schwab app for banking.
This phone was my first attempt at a “private” phone. As I’ve learned more about privacy and security I’ve realized some holes in my setup but I hope to alleviate this when I decide to upgrade my phone here in the next year or two. Will hopefully have multiple numbers through a VOIP set up, more secure messaging options, a replacement for Spotify, and introduced 2FA to my privacy techniques because I’m stuck in the past and still using email based 2FA.
I really only use my phone for calls, messaging, and surfing the web when I don’t have access to my PC. It goes unused of its full potential quite often.
The MMS config database in QKSMS hasn’t been updated in 6+ years.
The included Messaging app on GrapheneOS and DivestOS however uses the same database as the proprietary Google Messages app.
Please consider switching.
Example, see the others: History for android-smsmms/src/main/res/xml-mcc204-mnc04/mms_config.xml - moezbhatti/qksms · GitHub
4 Likes
I can’t speak for other people, but I’d guess it comes down to two things:
- In the time since he replied here on PG over a year ago, Aurora Store has often become much more annoying to use (as he stated in his post on the GOS forum).
- The GOS forum is a product support forum and not a privacy community, and as such the advice there likely skews more towards recommending solutions developed by GOS themselves, to avoid having to support third-party solutions on their platform.
4 Likes
Do you mind elaborating on what this exactly entails? Is Simple SMS Messenger also impacted? Wasn’t aware of this at all, so appreciate the great info from you as always.
@Sharply
Simple [Mobile Tools] SMS appears to not have any MMS database. Likely depends on system’s CarrierConfig package, unclear.
As for the database itself, each carrier has a different MMS server and options for ports or max file size or allowed characters, here is the GOS change: Update MMS configuration from 10.7.469 · GrapheneOS/platform_packages_apps_Messaging@e0277e6 · GitHub
Without an updated database, MMS can become unreliable or broken.
MMS is effectively a limited form of SMTP bolted on to the spec.
Each MCC and MNC pair is (usually) a different carrier.
2 Likes
Where’s the concrete potential risk?
Does anyone really use mms though? Is it a thing that people use in any country?
2 Likes
@Reset0609
MMS isn’t just media, it includes group chats, broadcast chats, and long messages.
2 Likes
Normally whatever messaging apps come pre installed on phones here in Portugal will do all that through sms. It costs about 1 euro per MMS while SMS is free. Many people got mad at me after I got them to use signal as it sent out certain types of messages as mms and not sms, and it added up quickly… Tought it was just signal doing that? It seemed mad that signal would just send out MMS without warning by default with no option to turn it off!
edit: I personally got affected when I sent out what I thought were sms messages to several recipients and it ended up costing me 12€!
1 Like
I’m not the person to whom you responded, but the Privacy Guides site has a section on the “Android Recommendations” page that might answer your question: Android Recommendations: GrapheneOS and DivestOS - Privacy Guides
1 Like
organicmaps is not always the blanket solution.
not even if it is mentioned again and again without explanation
3 Likes
I literally tried every maps app out there. Google Maps is just the best option for me.
1 Like