top | item 28421827

(no title)

flowinho | 4 years ago

Gotta step in as a GrapheneOS User. You have multiple options.

The easiest and most approachable one is: install Aurora Store from F-Droid. It gives you access to Google Play + App Updates without logging you into Google. This almost feels identical to Google Play itself.

Next: think about install the Experimental GMS Support that GrapheneOS offers. If you e.g. absolutely need an App that has troubles working without Google SDKs embedded, this might be an option. This is documented in the Usage Guide of the Website.

https://grapheneos.org/usage

However, just dont forget that you wanted a Google-FREE Phone. So dont overdo installing proprietär stuff.

Oh and stay as far away from MicroG as possible, it seriouly cripples the security of GrapheneOS by a lot.

discuss

josephcsible|4 years ago

> Oh and stay as far away from MicroG as possible, it seriouly cripples the security of GrapheneOS by a lot.

Doesn't this severely limit which apps you can install?

atatatat|4 years ago

Severely? Not even close.

Raed667|4 years ago

> Oh and stay as far away from MicroG as possible, it seriouly cripples the security of GrapheneOS by a lot.

I'm using MicroG on an unrooted stock Android just to be able to use Youtube Vanced.

What am I risking here?

passerby1|4 years ago

> stay as far away from MicroG as possible, it seriouly cripples the security of GrapheneOS by a lot.

Do you mind sharing some details on this? I did not hear strong statements like this one before.

0xdeadb00f|4 years ago

IIRC It requires allowing apps to mimic other app's signatures and pretend to be them, "signature spoofing". MicroG mimics the Google play services signature.

But that is really crippling, because apps can now spoof other apps signatures, essentially apps can pretend to be other apps. That opens a lot of opportunities for an attacker.