Oddbean

The #Accrescent security and privacy focused Android app store is now available in the #GrapheneOS app store. Accrescent is a mobile security and privacy project that closely ties to our values. We hope the Accrescent project can benefit from having more users. Accrescent features: - App signing key pinning: first-time app installs are verified so you don't have to TOFU. - Signed repository metadata: repository contents are protected against malicious tampering. -Automatic, unattended, unprivileged updates (Android 12+): updates are handled seamlessly without relying on privileged OS integration. - Designed for split APKs: downloaded APKs are optimized for your device to save bandwidth. - No remote APK signing: developers are in full control of their app signing keys. - No account required: users don't need an account to install apps, improving privacy. https://image.nostr.build/0a5a749032e0fb2aecefd1cf258e1bba535b69f66bade881f2202bd3f481b320.jpg

While the app catalog is currently limited, it is the most private and secure option to get the apps that it has if you need them. Other apps we recommend like Molly (hardened Signal fork) also officially appear on Accrescent. Some popular apps you may recognise are AppVerifier, Aves Gallery, IVPN and ExifEraser (we do not make official ecommendations or endorsements for these apps or services, use at your own preference or risk). We may add our own builds of certain third party apps but we aren't ready to do that yet. Would be a lot of work.

Accrescent comes from within the GrapheneOS community and we're collaborating together. Accrescent is in alpha and isn't yet open to any developers uploading their apps. It will have a lot more apps available in the future. It will become a full alternative to Play Store permitting closed source apps too, but you'll be able to filter to show only open source apps for users who want this.

The lead dev of Accrescent is a GrapheneOS user and contributor. It'll be a good place to publish apps especially for GrapheneOS users. AppVerifier, BeauTyXT (text editor) and Transcribro (private, on device voice recognition and keyboard) are from the same person who wrote our GrapheneOS Info app. Molly is a security-focused fork of Signal from another GrapheneOS user.

AppVerifier was based on a planned GrapheneOS feature for users to verify APK files based on their key fingerprint. The feature is currently stalled since relying on the clipboard isn't ideal. For now, users can use AppVerifier from Accrescent until we ship a built-in approach to this.

Yes, but it can also verify currently installed apps too. Installing an app from an APK file is trust on first use. All apps are signed by a certificate from the app developer which the OS trusts. Apps can only update if it is both a newer version, and it is signed by the same certificate it came with. Updates are verified by only allowing updates from that same developer's certificate. If it doesn't match, it will fail. This prevents installing a fake or malicious update. AppVerifier checks the apps you installed are have the genuine certificate and package name from the developer. It can compare to keys you provide or it can check from an internal database of apps in the app if there is an entry for it. DB can be found here: https://github.com/soupslurpr/AppVerifier/blob/master/app/src/main/kotlin/dev/soupslurpr/appverifier/InternalVerificationInfoDatabase.kt

It's mostly used explicitly by GrapheneOS users. It's maintained by a supporting community member. Some strict security-focused users have been using it for a few years. I don't expect this to be the first choice app store for people due to how limited the app catalog is, but it is worth us mirroring on our App Store so users can get it quickly, and because it is the what we consider choice for security and privacy. Future progress and adoption will hopefully change things

Accrescent's catalog is maintained by a respected community member and checks dev signatures on a third-party database on Github. Correct me if I'm wrong. While zap.store currently is more or less that, we're aiming to change the status quo trust model. Users will be able to cryptographically verify an artifact came from a developer using nostr. They can do so directly, relying on a web-of-trust check, or indirectly via curators (choose your own walled gardens). In addition, we're targeting multiple operating systems and other features like relay-based communities, the ability to zap apps and developers, a marketplace for new apps and more.

Nostr or the like wont be involved for Accrescent, it's been designed to compliment GrapheneOS to be a private and secure app store in the same fashion that GrapheneOS is. There had been interests for us using Accrescent for a long time and this addition coming in a time where people are into using other app stores is just a coincidence. Accrescent has been in active development and maintenance since 2021 and we had expressed interest to mirror it in our Apps app for a while. > Accrescent's catalog is maintained by a respected community member and checks dev signatures on a third-party database on Github. Correct me if I'm wrong. This is not done through GitHub rather Accrescent's own hosted infrastructure. When you open the app it will download the current repository metadata JSON which has the app names, ID, signing cert hashes, etc. > Users will be able to cryptographically verify an artifact came from a developer using nostr. They can do so directly, relying on a web-of-trust check, or indirectly via curators (choose your own walled gardens). For Accrescent, apps are verified by key pinning of the apps and signing of the app store's repository data. The repository is signed by Accrescent and verified with the repository data public key (hard coded into the app) before it can be fetched. It has downgrade protection and also has a minimum revision hard coded to protect against being served old metadata on first use. It also can support key rotation. Downloading an app will make the client check the signed repository metadata and compare the app's certificate hash, minimum version, and app name from the signed repository metadata. If any of the parameters do not match it will not install the app for you. For updates it does not matter as Android won't let you update apps with a different certificate than your currently installed version. Minimum version protects against first install of an insecure, older version, and app name protects against malicious copycat apps. When someone submits an app on the Accrescent developer console (whitelist only right now) for the first time, it will put a hash of their app's signing key to the repository metadata. This makes sure users are only downloading apps by the real developer.

Regardless, when using an app store you are required to trust the app itself, the party who maintains the app, and the source of the apps. If your source to get the apps is from the same party who develops the app store, there is less parties to trust. It's a big reason we provide the option to install the apps like Markup, Android Auto, or Play Services directly from GrapheneOS as well. You'd only need to trust the apps and the developers rather than an arbitrary additional party just to get those apps specifically.

You will need to be on the latest GrapheneOS App Store, it may not have reached everyone yet. If you don't have it then try select Beta and update. You are free to set it back to Stable after updating.

Accrescent is alpha software (in terms of features) and likely wouldn't be appropriate to distribute it wider without further improvement. It is the maintainer's choice. It would be better for the future.

Transcribro, AppVerifier and BeauTyXT is by the same developer who worked on our Info app. Anyone looking for a voice input, app signature verifier or text / notes editor are free to use any of those.