###### **Your Cheat Sheet to Installing Android Apps the Privacy Respecting Way: From Direct Sources to Google Play Store**

**1. Direct from Developer**
- Get APKs directly from GitHub, GitLab, or Codeberg etc. using Obtanium
- If the app is on Accrescent, use Accrescent

**2. F-Droid**

Use only in these cases:
- When it's the developer's chosen release channel
- When no other distribution option exists

Most devs will put F-Droid instructions or a download button on their Git page or website. Use the developer's official F-Droid release repository or recommended repository whenever available (eg: many devs use IzzyOnDroid F-Droid repo for their releases instead of creating their own).

**When using F-Droid:**
- Use the official "**F-Droid Basic**" client
  - Benefits: Automatic background updates without privileged extension or root
  - Enhanced security through reduced feature set and attack surface
- Do not use alternative clients like Neo Store

**3. Google Play Store**

Use only if the app is unavailable through any other official channel.

Some prefer to use Aurora Store (a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps).

This is threat model and usecase dependent.

I prefer to just use Google Play since I have it installed on GrapheneOS where I use some paid apps not available anywhere else, and I want to keep all of my apps all in one place.

(Optional) Create an anonymous Gmail account and use it for Google Play.

---

*Note: This approach aligns with PrivacyGuides and GrapheneOS recommendations, as well as modern security standards. Third-party F-Droid clients are not recommended.*
```

#Ikitao #OPSEC #Privacy #Android #GrapheneOS 

 
nostr:nevent1qqsth9q9qg0gu2s9a708mz756cgkmz03f85gw99w2sax6927aghhdcqprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqz0fkljl 

 Great standards and exactly what I naturally landed on after 15 years in the space. It's the best strategy I have found. 
nostr:nevent1qqsth9q9qg0gu2s9a708mz756cgkmz03f85gw99w2sax6927aghhdcqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzxxsvwg 

 nostr:nevent1qqsth9q9qg0gu2s9a708mz756cgkmz03f85gw99w2sax6927aghhdcqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzxxsvwg 

 nostr:nevent1qqsth9q9qg0gu2s9a708mz756cgkmz03f85gw99w2sax6927aghhdcqpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzxxsvwg 

 What are your thoughts on zap.store, where devs can sign their own releases using their Nostr key? 

 Was about to ask the same. 

 I plan to give it a thorough test and review once it matures a bit. 

 I THINK YOU WILL LOVE @Zapstore  

 Thanks! franzap has been adding the open-source privacy respecting apps I find and post about to Zapstore for a little while now. I plan to give it a thorough test and review once it matures a bit. 

 Thank you! It will get much better 

 Obvio que la uso 

 I would, maybe... but first I need to install it. APK anyone?🤔😅 

 My phone won't download the cdn link for some reason. Maybe I have to go through the share dialogue on Firefox or something... 

 I approve this note 

 There is nothing wrong with installing fdroid apps with Obtainium. 

 The risk is much smaller than using a third party F-Droid client like Neo Store as I outline in the post.

However, it is still best security practice to not introduce a third party when the side-load apk release is only made available by the dev on F-Droid. 

Hence, I side with the recommendation of PrivacyGuides and modern security best practices in recommending F-Droid Basic if the dev officially releases the apk on F-Droid and it is not available on their website or git.