Oddbean new post about | logout
 #privacytechpro tip: use #obtainum to get your #android and #grapheneos apks.

as a long time obtanium user it's nice to see @Vitor Pamplona promoting it as the official method for getting #Amethyst

nostr:nevent1qqsx38wrmgcf78fu7yntp6y4psmgq0x4fdr4vjy5k4wrltlszenz0lcpp4mhxue69uhkummn9ekx7mqzyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqgem985y

here are all the sources you can pull apks from:

https://image.nostr.build/e5f8f80c2ea9bb006c72a1de559329485824a44cf4ae59f8523fb185c95ad801.jpg

#cybersecgirl #obtanium #amethyst 
 what are your thouggts on fdroid saying #Amethyst has anti-features, specifically

"This app promotes or depends entirely on a non-free network service, On first start, the app fetches its privacy policy from Github" 
 https://www.youtube.com/watch?v=JiN37bn0OE8
A good overview for those new to obtainium 
 What's obtainium? I always just download from GitHub  
 It does exactly that, download from GitHub and install.

It also checks GitHub daily for updates so you don't have to. That's the main advantage over manual download & install. 
 I'm an Obtainium user, but I have concerns over security. If an APK gets compromised, it's straight on my device without any checks an app store performs.

Fair? 
 Android checks the dev signature when updating. That's why you can't install from the PlayStore and update it with Obtainium. You always have to uninstall first to change the signature profile. 

But first time installs are still not checked. But that is the same for the usual Play Store. And if the dev decides to go rogue and add some malicious code, neither Google, nor F-droid, nor Obtainium will find it before releasing it. 
 What are these magical checks that people imagine the Play Store is performing. 
 I thought there was a level of technical vetting. Not the case? 
 Nope. Although they plan to introduce mandatory testing where 10 friends of yours have to swear they ran it and and it appeared to work. In a way outsourcing the technical review.
 
 They run a standard anti-virus if that's what you mean by "technical vetting". :) 
 Vitor Pamplona
✅ Optimism Airdrop Round 2 Is Live! 

👉 https://telegra.ph/op-01-26-2 Claim your free $OP.
 
 Vitor Pamplona
✅ Optimism Airdrop Round 2 Is Live! 

👉 https://telegra.ph/op-01-26-2 Claim your free $OP.
 
 Can you share some cools apps you use? Thanks 
 Do not use Obtainum
When using Obtainum you must trust all developers and all platforms they use to push updates.

How do you verify apks using Obtainum?

Check twice what this girl is saying. She's a privacy, security celeb i.e. "expert"

When it comes to GrapheneOS. 
Disable auto-updates and their App app. 
Disable all connections to Graphene servers. 
Don't allow them to collect data about you.
Download updates using Tor and sideload them. 
 Not sure downloading through Tor changes the fact that there's an element of trust with app developers. 

Disabling updates is a security risk.