Hi guys I was thinking of installing either Calyx OS or Graphene OS on Pixel 7 I got from secondhand.
Meanwhile I was also wondering which one of these is most private but also best usable; Aurora Store or Google Play Mirror (Graphene OS) or Micro G?
What I can tell u (as a normie) is that a few weeks ago I bought a refurbished google pixel 7, installed Calyx OS (via the web browser installer) with MicroG and I’ve been using f-droid and Aurora Store (without a google account) since then and I haven’t had any issues with any app, for example, the banking ones
So aurora with micro g is more private in the sense that you’re not required to have a google account which would be used to track the apps you use etc. But sandboxed google play on GrapheneOS is significantly more secure. It requires fewer privileges than microG, operates in a much stricter sandbox, and performs checksum verifications on your downloads to ensure they are legitimate. Aurora is hypothetically vulnerable to man in the middle attacks since it doesn’t check the file’s hash
MicroG is not an alternative store, it’s an alternative to Play Services.
Fdroid. No, seriously, none of the above. fdroid is the only option here.
Unfortunately a lot of apps are not on the FDroid stores which is why people, me included, rely on other stores.
I always look at FDroid first but sometimes (hopefully less and less) the only apps (typically commercial ones, e.g. banking) are elsewhere.
Use the websites whenever possible, instead of having to download another app, especially a commercial closed source one.
Indeed, honestly most apps should just be URLs.
My bank website would not let me do everything that the app would let me do, so I switched banks.
Aurora Store is 3rd party client for Google Play Store while MicroG is open source implementation of Google libraries so they are not quite comparable.
I’d say MicroG with Aurora Store is most private you can be if you really need to use Google services. You can use Aurora Store with anonymous Google Account that they provide you and MicroG is only sharing necessary data with Google servers.
What’s “necessary data”?
Data only needed for that specific service to function
If the app declares it needs location even though it’s not needed (say it’s a text editor) will microg filter it out and/or provide fake data?
I think it provides fake data but don’t take my word.
Upvoted only because the comment got downvoted.
If you downvote a clearly stated opinion without clarifying why, e.g. a source clarifying that it is indeed no correct you are NOT helping the conversation.
There is some debate on MicroG (Calyx) v Sandboxed GPS (GrapheneOS)
I don’t think it matters if you are going to use Aurora on Calyx or sandboxed GPS on Grapehne, you are connecting and sharing data with google. For most normie apps, this is what it is. You are still tethered to sundar the creep.
If you actually trying and willing to suffer for it, then GrapheneOS without Sandboxed GPS is the best for privacy while using Fdroid and Aurora (NO sandboxed GPS).
People with better info, please correct me since I am regarded.
The battle is still there, and the GrapheneOS guy always bark at microG, like he really hates the whole concept of microG. What I have gotten from the discussion is that GrapheneOS is more secure, but although it sandboxes GPS denying some permissions, and some of those might be needed to be given away for some services any ways, it doesn’t try to fake anything, which microG does. In that sense my preference has been microG, and I don’t regret it.
That said, what you mentioned is true, both still access google app store, and still have to give some minimal information to google.
There’s a 3rd option the OP didn’t mentioned. If they are mainly interested in app store, and not the google services in general, there are a couple of somehow recognized 3rd party app store mirrors, which keep the same original signatures of the packages hosted by google app store, and they offer packages from other sources not provided by the google app store, in case interested on those packages: apkmirror and apkpure. From the two apkpure still allows to install and upgrade packages through FLOSS 3rd party apps like apkupdater, so that might be an option. For some months apkpure packages weren’t able to be installed through apkupdater, but it seems that got corrected already.
But in general, the OP would benefit from always looking for FLOSS packages on the F-Droid repo, then other non official F-Droid repos which can be used through the F-Droid app, then see if they can be installed from their web site and updated without intevention of any installer, and then if there’s no option but using proprietary software maybe looking for them on the apkpure/apkmirror sites or on apkpure through apkupdater or similar, and then aurora store, or if using grapheneOS finally google play if anything else fails, :)
I do understand the need for proprietary software, like bank OTP apps. It’s sad banks, governments, medical services and so on never look for FLOSS software, they always require users to get proprietary software. I don’t live in the EU, but I hope current hate/banning tendency ends up doing user a favor by starting to require banks, and the like to start using FLOSS apks, though doesn’t really helps me, I hope in the end it helps people in the EU.
