Oddbean new post about | logout
 ###### **Your Cheat Sheet to Installing Android Apps the Privacy Respecting Way: From Direct Sources to Google Play Store**

**1. Direct from Developer**
- Get APKs directly from GitHub, GitLab, or Codeberg etc. using Obtanium
- If the app is on Accrescent, use Accrescent

**2. F-Droid**

Use only in these cases:
- When it's the developer's chosen release channel
- When no other distribution option exists

Most devs will put F-Droid instructions or a download button on their Git page or website. Use the developer's official F-Droid release repository or recommended repository whenever available (eg: many devs use IzzyOnDroid F-Droid repo for their releases instead of creating their own).

**When using F-Droid:**
- Use the official "**F-Droid Basic**" client
  - Benefits: Automatic background updates without privileged extension or root
  - Enhanced security through reduced feature set and attack surface
- Do not use alternative clients like Neo Store

**3. Google Play Store**

Use only if the app is unavailable through any other official channel.

Some prefer to use Aurora Store (a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps).

This is threat model and usecase dependent.

I prefer to just use Google Play since I have it installed on GrapheneOS where I use some paid apps not available anywhere else, and I want to keep all of my apps all in one place.

(Optional) Create an anonymous Gmail account and use it for Google Play.

---

*Note: This approach aligns with PrivacyGuides and GrapheneOS recommendations, as well as modern security standards. Third-party F-Droid clients are not recommended.*
```

#Ikitao #OPSEC #Privacy #Android #GrapheneOS