So what's the main advantage of this over F-Droid? Theoretically more secure?
this post was submitted on 21 Jul 2024
43 points (100.0% liked)
GrapheneOS [Unofficial]
1693 readers
6 users here now
Welcome to the GrapheneOS (Unofficial) community
This feed is currently only used for announcements and news.
Official support available on our forum and matrix chat rooms
GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.
Links
More Site links
Social Media
This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.
founded 3 years ago
MODERATORS
AFAIK the main difference is that on F-Droid (at least the main repo), all apps are signed by F-Droid. On Accrescent however, each app is signed by its developer. This can be seen as it being more secure.
If you're further interested in the topic, there's at least one discussion thread about the 'insecurity of F-Droid', I believe also directly comparing it to Accrescent, on the GrapheneOS forum.
@metaphortune@lemmy.world Article about this issue: https://privsec.dev/posts/android/f-droid-security-issues/
While F-Droid has issues, most of the points in the article are minor inconveniences blown out of proportion. Slow updates because they're mostly community-funded. I kinda like their app approval and low level permission listing. It's a double edge sword because there's an additional level of audit, but also an additional layer for tampering. But that can also happen if devs turn malicious themselves.
Low target SDK lets me use apps that make old devices still usable. It keeps me from throwing them off on the landfill. Most browsers are fucked on old devices (no support for modern TLS) but youtube still works with newpipe forks. So at least I can carry it to watch youtube when travelling. Confusing UX is not a f-droid problem, there are already multiple alternatives.
The only problem they actually have is unstable leadership that has made some of the team leave and there are problems with key signing and they force devs to use old versions.
There's a lot of wannabe "privacy" sites popping up since a couple years and everyone's trying to start a big controversy off of small things. It's easy to complain than rather do the work to make things better and most of these authors can fuck right off.
It’s a double edge sword because there’s an additional level of audit, but also an additional layer for tampering
If I've learned one thing about computers, it's that you can't ever trust the developers to properly package their software. Sooner or later they will abuse this privilege by introducing unsafe defaults, or bundle some useless, stupid, or outright malicious stuff.
Yeah, significantly more secure, while also being way more modern.
What's the difference between Accrescent and Obtainium?
Accrescent is a store where developers can publish their software (will be able to, it's in alpha), just like F-Droid but more secure. It's trying to be an alternative to the Play Store.
Obtainium is a tool that can fetch and check the versions of APKs from different sources.
ah kk, thx for clarifying
Accrescent has a list of apps that can be easily installed, unlike Obtainium, Accrescent doesn't require the user to spend a lot of time adding each app they want to auto update/install to Accrescent as the apps are aleeady there. Similar to playstore.
Obtainiums only advantage to me is that you can add almost any app source, while Accrescent still is in development and as such lacks lots of apps at the moment.
Looks neat. I look forward to seeing what new additions will come
Me too!