Post AqVMLsuwpQZ7LHLkY4 by rufposten@social.tchncs.de
 (DIR) More posts by rufposten@social.tchncs.de
 (DIR) Post #AqVMLl3s2MwuydSlLU by rufposten@social.tchncs.de
       2025-01-27T10:20:37Z
       
       1 likes, 0 repeats
       
       Vorsicht mit dem neuen @accrescent App-Store:Das ist ein neuer alternativer Android-App-Store, der von sich behauptet, auf Privacy und Security fokussiert zu sein. Er wird auch über den @GrapheneOS Appstore angeboten. Bei genauerem Hinsehen finden sich allerdings Apps, die Werbe- und Analysetracking enthalten, wie ich nach kurzer Prüfung feststellte. Der Entwickler sieht darin kein Problem …1/2
       
 (DIR) Post #AqVMLsuwpQZ7LHLkY4 by rufposten@social.tchncs.de
       2025-01-27T10:22:09Z
       
       0 likes, 0 repeats
       
       "In addition, "trackers" are subjective. Accrescent has no plans to enumerate specific libraries or classes and blacklist them solely based on the fact that they connect to Google, Amazon, etc.; collect analytics; or contain proprietary code."https://github.com/accrescent/accrescent/issues/637Man kann diese Meinung haben, aber eine Fokussierung auf Privatsphäre passt nicht zu dieser Haltung. Daher kann ich nur warnen, den Appstore als Laie zu verwenden, ohne Apps vorher zu prüfen. Bleibt besser bei @fdroidorg 2/2
       
 (DIR) Post #AqZrB51ZLkEOutc9q4 by GrapheneOS@grapheneos.social
       2025-01-27T13:11:24Z
       
       0 likes, 0 repeats
       
       @klopf @rufposten GrapheneOS and our community care about real privacy rather than a performative approach. The implication that GrapheneOS and our community care about security rather than privacy is nonsense. It's misinformation that's propagated by people who are pushing products far less private and secure than if people simply used iOS. Privacy is the main focus of GrapheneOS and our community. Our work and focus on security is entirely to defend privacy. It makes no sense to separate it.
       
 (DIR) Post #AqZrB6Xrh9evdLjSoi by manu@freiburg.social
       2025-01-27T13:46:42Z
       
       0 likes, 0 repeats
       
       @GrapheneOSI'm very new to grapheneos and I was surprised to find accrescent and not fdroid as an installable option.I performed some web searches (not very extensive) and found no reason for this choice (yet).Especially with #qlango containing so many trackers (see OP) - could you elaborate your point a bit more? Why is #Accrescent favored by #GrapheneOS by offering it as an installable app and how is this privacy focused?@klopf @rufposten
       
 (DIR) Post #AqZrB7edZSfd4duO0m by GrapheneOS@grapheneos.social
       2025-01-27T14:01:59Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten F-Droid isn't a secure or trustworthy way to obtain open source apps. We're all for having a high quality app store which only packages apps meeting a high standard, but F-Droid is definitely not that app store and almost certainly never will be. It is not in our App Store because it's not safe and the developers have clearly demonstrated they cannot be trusted. Use it at your own risk, we don't recommend it and expect it to end very badly for people who use it.
       
 (DIR) Post #AqZrB8kLVipaSdaSY4 by GrapheneOS@grapheneos.social
       2025-01-27T14:03:53Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten Accrescent is an alternative to the Play Store where developers can distribute their apps to users securely with objective standards put in place for privacy and security. It is not supposed to be only privacy focused apps or only open source apps. We include it as being the best way for people to get specific apps available in it. It is not included as a way for people to get a list of recommended apps. We have the Play Store in our App Store too, so what's the issue?
       
 (DIR) Post #AqZrB9phTIhxpX6FX6 by GrapheneOS@grapheneos.social
       2025-01-27T14:05:32Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten If you're using F-Droid to obtain open source apps, you're making a mistake and putting your privacy and security at risk. You are far better off using the builds from the open source app developers which are signed by the developers. That way, you don't have unpredictable massive delays for updates which can go on for months. You avoid the apps being built on known to be poorly maintained infrastructure with outdated tools with sketchy downstream changes to them.
       
 (DIR) Post #AqZrBAsZa6bH4jS3eK by GrapheneOS@grapheneos.social
       2025-01-27T14:06:55Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten Either way, you're trusting the actual developers of the apps. By getting them from F-Droid, you're getting builds made on F-Droid's sketchy infrastructure with outdated tooling where you still trust the app developers just as much (it's not as if they review the code or changes to it) but are also trusting a whole additional set of infrastructure and people who we think have quite clearly demonstrated themselves to be highly untrustworthy for multiple reasons.
       
 (DIR) Post #AqZrBBjOPiqpiYAEym by linos@graz.social
       2025-01-27T14:51:51Z
       
       0 likes, 0 repeats
       
       @GrapheneOS @manu @klopf @rufposten Are your arguments only targeting the Official F-Droid Repository, or the Repository architecture of F-Droid in general?E.g. when I install Molly or Newpipe via the F-Droid repositories of their developers.
       
 (DIR) Post #AqZrBClCaTtOuS1CRE by GrapheneOS@grapheneos.social
       2025-01-27T15:00:49Z
       
       0 likes, 0 repeats
       
       @linos @manu @klopf @rufposten Molly is available in Accrescent already. If all the apps you wanted were available there, what would be the reason to use another way to obtain them? That includes whatever closed source apps people want to use. If they were in Accrescent, why get them from the Play Store? It would of course not replace the apps depending on Google Play services and the Play Store for the services it provides but it would be a start.
       
 (DIR) Post #AqZrBDkAvmfJxYXtTc by manu@freiburg.social
       2025-01-29T11:56:54Z
       
       0 likes, 0 repeats
       
       @GrapheneOSHi, thanks four your summary and the pointer to the wireguard dev comment. I'll certainly follow up on this to better gauge the extent to which I'll trust F-Droid from here on out.I've re-read my question and I've put the emphasis too much on the absence of F-Droid. I actually wouldn't have expected it to be part of GrapheneOS in the first place because it's easy to install for anyone who's capable of installing Graphene.However, I was stumped to see Accrescent offered prominently because it does offer apps with privacy-invasive tracking and doesn't (and has no ability to) warn users about this. Considering the low number of apps in Accrescent, this is even more surprising because they probably know details about every single app in there. The Accrescent publication requirements do not regulate online-tracking at all. While I do understand your issues with F-Droid, I still don't understand how Accrescent deserves this favored place on GrapheneOS. I don't mean to challenge your decision but I'd like to understand how it came to be.And yes, the Play Store is also offered but that has technical reasons beyond privacy. Anyone who cares the least bit will know that it's to be used cautiously. And it doesn't explain the reasons for why Accrescent is being favored beyond promising that privacy is important to them. Google would say the same, so do the F-Droid devs.@linos @klopf @rufposten
       
 (DIR) Post #AqZrBEqwo5g1Oqiofg by manu@freiburg.social
       2025-01-29T12:29:42Z
       
       0 likes, 0 repeats
       
       @GrapheneOSP.S.: I've found this closed issue on the Accrescent github and it's very verbose on how Accrescent decides about user tracking.I don't know if this reasoning extends to GrapheneOS but I'll share for completenes' sake:https://github.com/accrescent/accrescent/issues/637@linos @klopf @rufposten
       
 (DIR) Post #AqZrBFrL47aGWLudv6 by linos@graz.social
       2025-01-29T12:43:39Z
       
       0 likes, 0 repeats
       
       @manu @GrapheneOS @klopf @rufposten Hmm, I would enjoy seeing a contributions welcome or a label that indicates that possible better solutions need to be sketched out first, rather than having a not planned label on that issue
       
 (DIR) Post #AqZrBG6w883pIjD6ES by GrapheneOS@grapheneos.social
       2025-01-27T14:08:35Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten Repeatedly denying and covering up security flaws, downplaying the importance of app sandboxing and other security measures which they consistently claim are not useful, engaging in extreme harassment and libel towards multiple security researchers talking about flaws in an attempt to silence or discredit them, etc. The harassment is at the extreme level that they are actively involved in encouraging attacks which include violence such as swatting and double down more.
       
 (DIR) Post #AqZrBH6cQnOuO24MNM by GrapheneOS@grapheneos.social
       2025-01-29T12:53:35Z
       
       0 likes, 0 repeats
       
       @linos @manu @klopf @rufposten See https://github.com/accrescent/meta/issues/25. The criteria for labels have to be objective and enforceable. An open source label, reproducible build label, etc. has to be well defined. They do have it as a planned feature, but it's meant to be an alternative to the Play Store and that includes packaging apps you don't like. It wouldn't be an alternative to the Play Store if it only permitted open source apps. If people want that they'll be able to get it from it.
       
 (DIR) Post #AqZrBI3Su0TLKXbM6C by GrapheneOS@grapheneos.social
       2025-01-29T13:07:53Z
       
       1 likes, 0 repeats
       
       @linos @manu @klopf @rufposten Accrescent is also not a GrapheneOS project. It meets our standards for an app repository distributing developer builds of apps securely and was therefore included in our App Store. Other app stores meeting our standards can be included there too. F-Droid does not and will not meet our standards. It will never be included in our App Store. A secure and trustworthy implementation of a repository of only open source apps would be happily included there.
       
 (DIR) Post #AqZrBL7TVYSipqV6GW by GrapheneOS@grapheneos.social
       2025-01-27T14:10:04Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten Why would we include software from a group of people who have pushed completely fabricated stories about our development team and engaging in endless harassment from repeatedly calling us schizophrenic, etc. across dozens of rooms to directly supporting/spreading content from Kiwi Farms users targeting our team? That is who the people behind F-Droid are. There's no good reason to trust them with building and signing your apps. Obtainium is flawed but better than that.
       
 (DIR) Post #AqZrBQYbI88BhQEKjw by GrapheneOS@grapheneos.social
       2025-01-27T14:18:19Z
       
       0 likes, 0 repeats
       
       @manu @klopf @rufposten We're more than willing to include additional app stores within our App Store if they meet basic standards for security and trustworthiness. It's not going to be limited to Accrescent and the Play Store. F-Droid definitely won't be included in it. Obtainium won't be included but a similar approach which instead had a curated + extensive list of app sources and key fingerprints to obtain apps directly from where developers publish them would be something we'd like to have.