and some people are ignorant

Thats so wack

Nostr is awesome. I’m hoping it grows much further.

Aurora Store isnt needed because of Graphene’s Sandboxed Google Play Services.

Obtainium app is best for installing APKs from github, fdroid, etc because of the auto updates.

My favorite feature of GOS is the scopes for contacts, storage, and MTE support on Pixel 8

Everything should work perfectly fine.

Just make sure you know which apps are not supported on GOS such as Netflix, Hulu, Cash App, etc because of the Play Integrity API. Don’t be afraid to use the Play Store as well. Its treated like any other app on the system so it isn’t highly privileged.

Also, one thing that was a problem for me at first was the restore solution (and backup solution). You will have to transfer your files from an external drive whether its the cloud or a local one.

Feel free to join the GrapheneOS Discord/Matrix/Telegram server and ask more questions because they’re very knowledgeable people that can support you.

deleted by creator

A lot of the security work on Linux is being done by Google. It’s highly unlikely they are putting backdoors in their products.

The desktop security model is insecure in general. Phone OSes are much more secure.

Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

This all doesn’t matter if you’re running an EoL device. Make sure your receiving official security and firmware updates.

that’s about it

I would use Firefox on Android but I’m waiting until the security is on par with Chromium such as having internal sandboxing and site isolation.

Also since Firefox doesn’t have a WebView implementation, it has to be used with the Chromium based one so it doesn’t make sense for me to use two browser engines.

security theater

Please do not tell me you use Mull over Vanadium

Have you tried enabling the Exploit protection compatibility mode on the PF app setting info page?

Passkeys are replacing MFA and passwords.

I just use the AOSP messenger. If I used google play services, I would switch to Google messages because of RCS and it looks much nicer.

deleted by creator

lmao please give us another chance

There’s no evidence of them actually doing this and if they were to do it, its most likely detectable via reverse engineering.

Keep in mind setting the internet permission on gboard then giving other google apps internet access is privacy theatre. This applies to Google certified devices as well because Google Play Services are privileged.

Here is a more detailed explanation: https://privsec.dev/posts/android/f-droid-security-issues/

Accrescent is a new appstore that fixes all these issues but its still in alpha stage and has 11 apps right now.

I replaced fdroid with Obtainium that pulls apks from github,gitlab,fdroid,etc and it has support for auto updates. It’s a little better than Fdroid but still has its own issues.

If your referring to GBoard with network perms disabled, its highly unlikely that its using IPC as keylogger. There would be way too much useless data to store and not useful. Theoretically if they were to be a keylogger, the user would have to be in a super high threat model bracket for them to do this, but there no evidence of Google ever doing this.

Also OpenBoard hasn’t been updated since August 2022. I recommend using the OpenBoard Fork.

Why Fdroid is not secure:

1. Hosts an outdated APK client.
2. Utilizes an obsolete installation method.
3. Does not take advantage of modern appstore features.
4. Has no moderation.
5. Has no old app deletion.
6. Has an arbitrary FOSS only rule.
7. Does all building and signing themselves.