de-Googled ROMs / App Stores | Aurora Store vs App Lounge - General Topics
Hello,
(not sure if this should be posted here, or in Q&A forum)
I've been using alternative Android ROMs on my Linux phones for the last 10+ years (mostly CM/LOS). Recently, after watching some YT videos, I found that the concept of fully de-Googled is more than a concept these days. Since I don't really use Google's apps other than Play Store, and everything else should be taken care of by microG (which if I understand correctly is FOSS implementation of Play Services, that should also supposedly pass SafetyNet check), I decided to give it a go.
As far as I can tell, the most popular de-Googled / privacy-focused ROMs are GrapheneOS, CalyxOS, and /e/. In my case, /e/ is the only one I can officially use on my target Poco F1 device.
The issue is, that I still have to get apps from somewhere (and I'm not that much into FOSS, to use just F-Droid apps). Here the main choices are:
1, App Lounge (FOSS, built-into /e/ ROM, downloads apps from both Play Store and F-Droid) --> https://doc.e.foundation/app-lounge
2. Aurora Store (FOSS, downloads apps from Play Store only) --> https://auroraoss.com/
3. F-Droid (FOSS, dedicated for F-Droid apps only) --> https://f-droid.org/
The problem is, that it is really difficult to find any credible resource that would compare those; I'm especially interested with security aspects of those solutions (first 2 ones in particular). I mean don't get me wrong, I don't think that FOSS app can just inject malicious code without anybody noticing it (especially the one ones that are up in public for t hat amount of time with so many potential eyes on it), but I'm more afraid of external resources they may or may not be using (more on that later) or some incidental bugs. Just to be clear, I can live with certain app being updated a little later, but I find being completely locked out of updates for eg. my baking app (!) or downloading it from unknown/malicious source (!!!) to be completely unacceptable. In other words, I'd like to get apps from Play Store from as-official source as possible, with as minimal in-the-middle tampering as possible, any third-party user-based manual apk upload (like APKMirror) is out of the question. For FOSS apps, I can continue using F-Droid (having 2 stores for 2 separate app sources on one phone is not an issue for me).
That said, here's what I was able to determine so far; note, that I'm not a dev or security expert, just an enthusiast, so feel free to correct any misconceptions.
App Lounge
At first glance, this is a perfect choice for me, it supports both sources (Play Store and F-Droid). However it seems to be using something called `CleanApk` to obtain them, and here's when things become really confusing to me:
- The official doc claims that it is a source for closed-source apps. It even mentions the possibility to create store page for your app (!) as well as it asks users to report malicious apps (!!!). Call me paranoid, but to me it looks like anybody can just create scam banking/Facebook/whatever app and get it published (as there is 0 mention of any verification process, be that automatic or manual). Also, I don't see any info as to where those closed-source apps actually come from, and the entire info page really lacks any detailed info. Not to mention, that source / motivation / community / author / anything about this API is a mystery to me.
- When it comes to official App Lounge's doc, it seems like it does NOT in fact use `CleanApk` for Play Store apps (?), but if that is the case then I'm confused as to why they are using it for F-Droid ones:
- This part from official App Lounge doc also kind of confuses me, because it mentions that verifying app's signature is not easy when it comes to Play Store, but it is under the `CleanApk` question, which should not be used for Play Store apps (?); on the bright side, it seems like they working towards ditching `CleanApk` altogether, but AFAIK it hasn't happened yet.
- There is a lengthy 2-part article (actually the only external piece about App Lounge I could find), which doesn't exactly inspire me with confidence to App Lounge (actually /e/ rom in general...) --> https://nervuri.net/e/apps ; the upside is, it shows some progress over time in general, but the fact that anybody at any point thought that using shady API (that might supposedly be using `APKPure.com` as a source...) makes me really worried; note that even though it is written by "somebody from the internet" his concerns make sense to me (though again, I'm not any sort of expert). Also I don't want to have to read change-log or analysis after every system update to potentially find out that they flipped and started using something different again.
Aurora Store
The upside of Aurora Store is, that it is older, was posted on XDA and github couple years before App Lounge; it is based off some other project, that is even older. It is also independent from /e/, in fact it has been used in other ROMs (eg. CalyxOS), so I think it may be more stable and tested. However, here the issues are:
- As opposed to questionable resources/doc for App Lounge, there is basically almost no info about Aurora Store. The page itself has only download links, there is also a Github page, that links you to FAQ, that doesn't exist, and to XDA page that seems to be outdated. Generally, every official resource seems to be inconsistent in some way (like XDA page mentions work in progress when it comes to some features of V3, when 4.x.x was released years ago), so it's hard to determine how it actually works. I am about 99% sure, that it uses Google Play API as a source (which is mentioned on YalpStore page which Aurora is forked from) but I haven't found it explicitly stated anywhere in Aurora Store (the best we get is that it is "FOSS client to Google's Play Store"). That said, I hope this is just my nitpick, as it is FOSS and is used by some other ROMs, so I hope that somebody read this code.
- Last commit is from 2021, so it seems not to be in active development. It is fine with me, as long as it is safe and works, but I'm afraid it might be abandoned, and break in case of any changes to Play Store API (as opposed to App Lounge, which seems to be in active development alongside /e/ ROM itself).
- Since this app is completely independent from /e/, I wonder how would system apps in /e/ itself get updated without App Lounge active.
Practical tests
I have decided to use my secondary cheapo Pixel 3a as a playground for /e/ ROM, installed Aurora and F-Droid on the top of pre-existing App Lounge, and started comparing the behavior. Since both are supposedly using Google Play Store (though again, not 100% sure), you would think, that results for "closed" apps will be the same. Well, mostly yes, but there seem to be some edge-cases / exceptions.
Notes:
1. I'm not promoting any of those apps, those are just examples.
2. All tests done on the same physical device (Google Pixel 3a), around the same time, using the same network.
3. Device rebooted, and all apps force-closed right before the tests.
4. F-Droid: 1.16.3; App Lounge: 2.4.8; Aurora Store 4.1.1.
5. Checked version and sometimes update date, I wasn't interested in description, comments, etc.
6. Obviously I haven't checked every possible app, just some examples that I though might be problematic.
Results were:
1. First I tried a few "big" apps, no surprise here, the all seem to return the same version (checked FB, YT, Netflix, FB, Steam etc. not that I use all of them). For example, Steam returned 3.5 (2023-02-24) in both clients.
2. The only exception that I was able to find, was actually TikTok, 28.9.4 in App Lounge, and 29.0.3 in Aurora Store; maybe this has something to do with ban or source of this app, but again, I'm checking on exact same phone using the same network.
3. I decided to check some lesser-known but frequently-updated app, and the only one I could think of, that would fit that criteria was FairEmail. This example is also interesting, because it is hosted in both Play Store and F-Droid. It turned out, that both Aurora Store and F-Droid featured the same version (1.2060), but App Lounge had only 1.2052. I should also point out, that this app gets very frequent updates sometimes, so it is strange that App Lounge seems to have missed probably ~8 versions (albeit over short period of time).
4. I started checking some Poland-specific apps (though quite popular ones), and I was able to find at least one irregularity being Allegro app: 8.11.1 (2023-03-21) in App Lounge and 8.13.1 (2023-04-05) in Aurora Store.
5. I also checked some older and lesser-known apps, and for example Cyberlords game exists in both stores in the same 1.0.8 version (last updated in 2020).
6. On the other hand, quite ancient ADW Launcher (last updated in 2018) does not exist in App Lounge at all (it cannot be found), but can be installed from Aurora, I also confirmed that it actually still exists in Play Store.
7. I also checked some very niche Polish-specific app Semafor, it exists in both stores, can be found, the same version.
8. I was also able to find that one of the old games Move the Box by Exponenta (last updated in 2017) exists in Aurora Store, but is nowhere to be found in App Lounge.
9. The same goes for Rss Reader by Svyatoslav Vasilev, which is not even that old (and includes commercial/donate version) exists in Aurora Store, and is missing from App Lounge.
Link to screenshots -->
https://imgur.com/a/v6BquUG
Conclusion/questions
1. Which store would you recommend based on everything I provided? From my side, I'm leaning towards either Aurora Store, or coming back to Google Play Store.
2. Where do those apks come from in the end, am I understanding correctly that in the end they should come from Play Store API in both cases?
3. When it comes to my tests: am I missing something here? If the official descriptions (or rather my assumptions) are correct, and both of those clients are using official Play Store apks accessed using likely the very same API, them how would that disparity in versions or visibility would even be possible?
4. Any other Play Store alternatives, that I missed?
Small pushup topic
I am very suprised that no one has any comment about this topic. Specially when it is very wellwritten and documented.
I've been using App Lounge with e/OS but I am not able to answer to your question although as you well say, App Lounge unite very well both F-Droid and Play store App.
Great topic, thanks. For the last few years, I use a combination of Aurora Droid + Aurora Store for open source and normal apps. The big downside is that paid apps aren't supported with an anon login through Aurora.
Right now I'm on a stock ROM, but with no google account. Previously I did a more hard-core degoogling with a custom rom wirh no google play services and MicroG. I found it to be too flaky for me (for example, I need uber to work on my phone 100% reliably). So this level of just not having a google account but still leaving play services installed seems like the right middle ground.
Also, Aurora Store is under relatively active development, not sure where you see no updates since 2021. It's at https://gitlab.com/AuroraOSS/AuroraStore
Note that just in the last few days there's been a breaking issue where the pool of anon accounts needs to be rebuilt, so until that gets fixed you probably won't be able to get started with Aurora Store.
Related
Updated google play store 3.5.15
Here is the Link, http://dl.dropbox.com/u/25795010/com.android.vending-3.5.15.apk Thanks Android Police. Whats new: You now have the Installed and All tabs you can swipe between. The former one is what we used to have before - it lists all apps installed on your device. The latter lists all apps you've ever installed in case you want to download them again or travel down the memory lane. This is quite handy, and I've seen this list before in the Play Store on the web, so it's great to get it here in the mobile app. The All tab contains a handy dropdown with all your accounts (if you added more than one) and lets you switch between them very easily (as opposed to clicking Menu, etc). The list of apps you have purchased but uninstalled or haven't installed yet has moved to the All tab... which means it's now mixed in with the free apps you no longer have on the device. I'm not sure how I feel about that - on one hand, I like that it's gone from the first list, but ideally there should be a way to filter paid apps from free in the All list. Maybe someday... A few of the stock apps that apparently never got linked to the Play Store before got identified and picked up this time, and updates to such orphans were waiting for me when I fired the Store up. I've complained about this very bug in my last rant, and it looks like someone listened. Just like in the web Play Store: - reviews now show the device used by the reviewer - reviews can now be sorted by Most Helpful first or Newest first - you can now filter reviews to show ones for the latest version of the app as well as made by only the device you are using
hahahahaha....I always love threads like this, they'll be about 100 of these by the end of the day! Also you should search before posting ESPECIALLY with a thread like this..... http://forum.xda-developers.com/showthread.php?t=1534295
Google's Android For Work App Hits The Play Store
In February, Google proclaimed "Android is yare for work," marking an official opening to the Android for Work effort first introduced at Google I/O 2014. Today, Google's official Android for Work app has hit the Play Store, yare to avail users running Android 4.0-4.4W (since setup is built into Lollipop) and working with Android for Work partner solutions set up their contrivance for work use. For those out of the loop, Android for Work is Google's take on dual-persona contrivance management, sanctioning users to have two replicas of the same app - one for personal use and one for business. The two are securely kept separate from one another but appear on the same contrivance, betokening users can jump between work and personal apps effortlessly, kenning that data from work apps can't carry over or commix in with the apps' personal counterparts. Download from Google Play: Download from Here Google Play
Sounds cool but can you name examples of this when it would be useful? And to who? Good explanation but I guess I'm more out of the loop than I thought.
The status of Android without a Google Account
Hi everyone, I have been researching and I've compiled a list of all the options available to use an Android device with Cyanogenmod without a Google account and I was wondering if anyone has a better solution considering the options I've found are all lacking. Here is what I found including the issues for each option: - Amazon web store (Not every app is available) - Third party repositories, like apkmirror (Security implications of running apk that anyone can upload) - F-Droid (Not every app is available) - Getting the apps I need from the play store once and then backup the apks with a file manager (No updates) or I am going to need a different phone with a Google account and the play store. Moral of the story, it's not easy to run an android phone without a google account. Ps. A solution that I think could work (but I wasn't able to find a project that works) is an open source apk downloader (maybe on github) that get the apps straight from google via command line but all the projects I've seen are either out of date or not working... Any suggestion is really appreciated! Thank you all!
Keep an android device with google play installed, then move the apks of things i really want, or bought already. But honestly, after some choices I've made (running my own dropbox-like service on my server) I could definitely live with just F-Droid. Of course I'm not using some stuff like facebook or snapchat, so my needs in terms of apps isn't as extensive as others. Sometimes it does feel like i'm hamstrung when the next new fad comes and goes, but I'll live without them.
surfinpika said: Keep an android device with google play installed, then move the apks of things i really want, or bought already. But honestly, after some choices I've made (running my own dropbox-like service on my server) I could definitely live with just F-Droid. Of course I'm not using some stuff like facebook or snapchat, so my needs in terms of apps isn't as extensive as others. Sometimes it does feel like i'm hamstrung when the next new fad comes and goes, but I'll live without them. Click to expand... Click to collapse Hi surfinpika, thanks for your input, I am starting to feel like your solution (of having a separate device with just the google account setup) is the cleanest option. I am not into facebook or snapchat or the next fad either... but f-droid wouldn't cut it for me, stuff like keepass2android or some of the other apps I use are definitely not there. I wonder what are the security implications of using F-Droid compared to getting the apks from apkmirror. Considering my level of paranoia I wouldn't feel safe with either option.
_polymar said: Hi surfinpika, thanks for your input, I am starting to feel like your solution (of having a separate device with just the google account setup) is the cleanest option. I am not into facebook or snapchat or the next fad either... but f-droid wouldn't cut it for me, stuff like keepass2android or some of the other apps I use are definitely not there. I wonder what are the security implications of using F-Droid compared to getting the apks from apkmirror. Considering my level of paranoia I wouldn't feel safe with either option. Click to expand... Click to collapse One issue I can think of with this approach is that both the device with google play store and the device where the apps are going to be installed will require the same CPU architecture. Won't be able to download the apk on a cheap android (most likely ARM) and install it on ARM64...
_polymar said: One issue I can think of with this approach is that both the device with google play store and the device where the apps are going to be installed will require the same CPU architecture. Won't be able to download the apk on a cheap android (most likely ARM) and install it on ARM64... Click to expand... Click to collapse Yeah, luckily my back up is the same architecture as my non-gapps phone. And there are also ways of getting some of the apks straight from the sources, like keepass2android from the project's website. but even if it is google, they sort of give a sense of security in that the apk won't be messed with. It's such a mess though otherwise, hard to separate the google from the android, and no other viable OSs are any better. hope some competition at least makes a nice little niche to get away from the big G.
Is there a good Non-Google App Store (already tried Amazon and LG)
(this is a duplicate of my other thread. I realized the question doesn't ONLY apply to my old Nexus 4) I'm trying to build an android phone with no Google apps on it, for privacy purposes. I've got LineageOS on my rooted phone with no issues. Getting apps is another matter. Amazon's app store doesn't even have Amazon's app, the LG store won't run on my phone. The various .apk-download sites I've seen either don't do paid apps, have outdated versions, or are basically for "cracked" apps, which i don't want to use. Downloading .apk files can work, but most apps do not have such thing available, and I find often my phone's browsers choke on the link, and I have to download to my pc and then use adb to push the file across. Is there a decent app store (or other app source) that isn't Google?
You could try Fdroid This is the website for Apk Fdroid is all open source Apk's
bigfatguy said: (this is a duplicate of my other thread. I realized the question doesn't ONLY apply to my old Nexus 4) I'm trying to build an android phone with no Google apps on it, for privacy purposes. I've got LineageOS on my rooted phone with no issues. Getting apps is another matter. Amazon's app store doesn't even have Amazon's app, the LG store won't run on my phone. The various .apk-download sites I've seen either don't do paid apps, have outdated versions, or are basically for "cracked" apps, which i don't want to use. Downloading .apk files can work, but most apps do not have such thing available, and I find often my phone's browsers choke on the link, and I have to download to my pc and then use adb to push the file across. Is there a decent app store (or other app source) that isn't Google? Click to expand... Click to collapse What's wrong with Google? Whatever I have a few: GetJar (Has not be well maintained, spam, malware etc. Lurking on there now) SlideME (Abondon, apps are so old) Aptoid (Has some stolen apk, malware) TutuApp (dumb kids use it to get modded games and apps, don't go there) The Internet (APKMirror is the best) Google Play Sent from my KFAUWI using Tapatalk
dro3m said: What's wrong with Google? Click to expand... Click to collapse 1: I've decided, if possible, to act on the privacy concerns I've had about google for quite some time now 2: I'm a gun nut law abiding firearms enthusiast and don't appreciate their recent policy changes on Youtube. Since my information is the product they sell to make money, I wish to withhold it. it might be a pipe dream, but a guy can try. Thanks for the places to try, all.
In addition to Google Play and Amazon Appstore, I suggest Huawei App Store. http://appstore.huawei.com/ Just for your reference.
You could use the Yalp store app which is an app that will get and down load your apk from play store anonymously You can download it here
Hi7m3up said: You could use the Yalp store app which is an app that will get and down load your apk from play store anonymously You can download it here Click to expand... Click to collapse That may be an ideal solution... use Google's store, but don't have Google's app on my phone...
Yeah ideal for people who have restriction's of some type. You probably noticed that yalp store (well at least the yalp bit) is play store backward's "very fitting"
Google App Implementations
Got my OnePlus 9 Pro today, before I start flashing LOS I wanted to ask a couple questions about my Google choices. Is it possible to not have any Google apps/services on the phone but still have access to the Play Store? I've seen Aurora store mentioned a couple times, but it doesn't seem like it works that well on my current device (searching for apps that I know are there but get no results, etc.). Those apps would likely still rely on Google services and break without them, correct? Is it possible to use Mozilla's location services instead of Google's? If no to the above, can I use Google's location services through a proxy? What are the differences between OpenGApps/MindTheGapps/microG? I'm considering the latter (microG) but it looks like there hasn't been much progress on it and I don't know how functional it will be. I want as little Google on my phone as possible while still having access to GPS, apps that rely on Google having bare minimum functionality, and privacy. What is the best way to do this?
1. You have access to the web of Play Store. play.google.com