Remove Neo Store, Rephrase F-droid section #1821
Conversation
|
🎊 PR Preview 34bb00b has been successfully built and deployed to https://privacyguides-privacyguides-org-preview-pr-1821.surge.sh 🕐 Build time: 75.194s
🤖 By surge-preview |
ghost
added
the
|
Is this really the right decision? I fully agree with the security implications of the froid repo but quite a few companies/groups release their app in their own repository. These are afaik fine to use, Neo Store comes with auto updates, something you won't be able to do with Aurora. Updating all your apps manually is a painful process and likely will cause users to run outdated software which can be a big problem. |
I believe that this is the right way to go. As mentioned, people on stock OS have nothing to lose by using Play Store, given that Google already has privileged access to their device (it feels like you're fighting against something that you have no control over), and the same goes for people on GrapheneOS, because in that case, Play Store is not privileged and is just like any other app. Folks who use DivestOS get F-Droid by default, I believe. There is a caveat that some apps aren't listed anywhere and Neo Store is mentioned there, but I do not believe that it currently makes sense to have an entire card (and thus an implicit endorsement) for F-Droid given all of its issues. While developer repos are neat, app stores with multiple repos break the Android security model, and there are simply not enough of them to warrant recommending F-Droid at this point. We are hopeful that other projects will eventually be ready (Accrescent being one of them) that can fulfill the role of a security-focused app store that doesn't require an account, but F-Droid currently isn't it. |
I agree with all your points tho. I really hope this will change and this action may speed up the process. I just think that many of us won't be able to get all apps without it. |
Also, I do hope to recommend Obtainium for automatic updates when ImranR98/Obtainium#25 is implemented. I also don't think this is unreasonably difficult if you use the RSS method of keeping track of updates which we outline on this page. |
I get 95% of my apps via GitHub/RSS and it really is a breeze. Compared to F-Droid which didn't even notify me in the past, I get a notification and click 3 buttons and I'm on the latest version instantly. Re: Obtainium, I did stumble across this recently, and yes, unattended updates would be needed for it to fill a niche that makes it fit within our current recommendations. We'll keep an eye on it and evaluate it when the time comes. |
|
Well yeah my rss feeds usually get polluted when busy and I lose track, that's kind of what I am afraid for. Also we can do this, but explaining this to non techies will be too difficult. Didn't know about Obtainium yet, will have a look. |
|
This pull request has been mentioned on Privacy Guides. There might be relevant details there: |
|
This pull request has been mentioned on Privacy Guides. There might be relevant details there: https://discuss.privacyguides.net/t/should-i-use-google-play/11894/4 |
This PR:
A lot of the reasons why are mentioned in the section in question itself, as well as the blog that we link to there:
https://wonderfall.dev/fdroid-issues
Pushing people towards F-droid inevitably causes headaches with slow updates (if using the main repo), out of date clients that don't follow best practices (official F-droid app) and a repository with many security downfalls.
Currently, if you're using Stock OS, it doesn't make sense not to use Play Store, as Google most likely has privileged access to the device, so the benefit you're getting by trying to avoid them and going through F-droid is dubious.
For people using GrapheneOS, Play Store via Sandboxed Google Play should be recommended as the fact that it is sandboxed as a normal application would be makes it something that's very easy to recommend (although the fact that it needs a Google account is not ideal). For people unwilling to create a disposable Google account for that, there's always Aurora Store which we recommend.
Then, we also have the RSS method of obtaining APKs from GitHub for people who would rather not use the above options.