[HN Gopher] Aurora Store Accounts Blocked by Google
___________________________________________________________________
Aurora Store Accounts Blocked by Google
Author : fodmap
Score : 124 points
Date : 2023-05-25 19:00 UTC (3 hours ago)
(HTM) web link (gitlab.com)
(TXT) w3m dump (gitlab.com)
| hef19898 wrote:
| Isn't Google forban antitrust fine from the EU with that? With
| all those new rules about sideloading?
| fodmap wrote:
| Yes, IANAL but that sounds like a clear abuse of a market
| dominant position to me.
| sigmar wrote:
| To be clear, aurora store is an alternative method to access
| the google play store and download apps from it. This change
| isn't making sideloading more difficult, it is making it more
| difficult to access play store apps without installing the play
| store.
| fyloraspit wrote:
| Welp.. lucky I updated a couple of days ago.
| CobrastanJorji wrote:
| I'm unfamiliar with what's going on here. It sounds like this
| thing vends Google account credentials for a small pool of
| accounts to be used anonymously? I've gotta be misunderstanding
| something because that sounds like something that definitely
| should be blocked and would be wildly outside of Google's terms.
| How does this thingy work?
| branon wrote:
| Yes, that's exactly how it works, and yes, I install my banking
| app this way. It's not an issue from my perspective but I can
| see why Google doesn't like it.
|
| I don't have a Google account and am unable to obtain Play
| Store APKs any other way, so Aurora Store fills an important
| niche for me.
|
| I guess I will hold off on updating any Play Store apps until
| this is fixed or I can find another software/workaround.
| ranger207 wrote:
| Yes, that's correct, and yes it's a massive violation of the
| terms. Aurora Store also lets you use your own Google account,
| which is also outside of Google's terms. But the only way to
| get apps from the Google Play Store without installing the
| entire set of Google Play Services is this, so the entire setup
| is outside of Google's terms
| 2h wrote:
| > But the only way to get apps from the Google Play Store
| without installing the entire set of Google Play Services is
| this
|
| No, that's not true:
|
| https://github.com/4cq2/googleplay
| yoshamano wrote:
| You're not wrong, but that method is way more involved in
| every way.
|
| - You need a PC to run GooglePlay - You need to install
| Golang on that PC - You need a Google Account - You need to
| sign into the actual Google Play Store from a real or
| virtual device using that account - You need to know the
| Google Play Store package name (com.google.android.youtube)
| instead of just YouTube - You then have to transfer the APK
| to your Android device and install it. - You have to
| manually monitor your collection of apps on your device to
| see if there are updates and then go through the same
| process again to get the updated version.
|
| With Aurora Store I had to
|
| - Install F-Droid from https://f-droid.org/ - Install
| Aurora Store from within F-Droid - Open Aurora Store where
| it logs me in with a random Google Account from their pool
| of accounts. - Search for whatever app I want to install. -
| Tap Install. - For updates I tap on the Updates button and
| then tap Install All.
| 2h wrote:
| > You're not wrong, but that method is way more involved
| in every way
|
| I didn't say it was an easy way, I said it was another
| way. and you dont need a golang environment to run, only
| to build.
| chasil wrote:
| It is quite convenient both from the perspective of a stock
| Kindle Fire (commercial Android), and for LineageOS (non-
| commercial, unlocked, root available).
|
| It will also indicate if the app requires Google Mobile
| Services, which would preclude correct functionality outside
| of MicroG or alternate implementations.
| ignoramous wrote:
| > _But the only way to get apps from the Google Play Store
| without installing the entire set of Google Play Services is
| this, so the entire setup is outside of Google 's terms_
|
| Some might argue _adversarial interoperability_ is fair game:
| https://news.ycombinator.com/item?id=20133151
| ReadCarlBarks wrote:
| >the only way to get apps [...] without [...] Google Play
| Services is this
|
| That's not true. You can download APKs from sites like
| APKPure (which has been a top search result for "[app name]
| APK" for many years on... Google).
| BiteCode_dev wrote:
| Yes but:
|
| - it's harder to trust apkpure than aurora
|
| - apkpure has a lot of ads
|
| - apkpure has some outdated packages
|
| - apkpure is missing packages
| als0 wrote:
| Why is Aurora more trustworthy?
| BiteCode_dev wrote:
| The aurora client is open source, and you can see it
| fetches directly from the app store.
|
| apkpure is proprietary and store the apk in a
| intermediary opaque server. So basically they can inject
| pretty much anything in the packages you install, and
| it's much harder to check than aurora if they do.
| mschuster91 wrote:
| > and it's much harder to check than aurora if they do.
|
| APKs are fundamentally extended JARs so you can easily
| check if an APK has been tampered with using standard
| Java tools [1].
|
| [1] https://stackoverflow.com/questions/7104624/how-do-i-
| verify-...
| margalabargala wrote:
| APKs from the google play store are signed by the
| developer. Apkpure would not be able to change the APKs
| without resigning the file, something that would be
| trivially detectable against an authentic APK.
| saagarjha wrote:
| Where would you get one of those up compare against?
| esperent wrote:
| There's browser extensions for Chrome and Firefox that
| let you get the APK, and probably other ways too if you
| search.
| reaperducer wrote:
| _The aurora client is open source, and you can see it
| fetches directly from the app store._
|
| Am I correct to assume that you have to compile it
| yourself in order to keep this trust? Otherwise, there's
| no way to know if the binary being distributed alongside
| the source fetches from the same place, and we're right
| back to untrusted apps.
| Vt71fcAqt7 wrote:
| Fdroid compiles it not aurora themselves. So you just
| have to trust f-droid. (which I do)
| jraph wrote:
| and without using something personal like your email address
| to download programs, which should be granted and was before
| mobile OSes. And still is on regular computers.
| esperent wrote:
| That's not really true, you can make a throwaway Gmail
| account in about 5 minutes. Make one per Android device,
| throw the login details into a password manager and forget
| about it. I've done this for several Android devices now
| and never run into any issues.
|
| Ironically when I tried to set up a legitimate Gmail
| account for my business and used it to set up several
| accounts, within few days it got locked with no recourse
| for unlocking - there was a comment box where I could beg
| for an unlocking, never even got a response though. So
| Gmail is only for throwaway accounts from now on.
| novok wrote:
| Is it possible without a phone number or other forms of
| near PII?
| danjoredd wrote:
| For people that want to anonymously use Android...people using
| Graphene OS for example...it is endlessly useful. You get all
| the benefits of a mobile operating system without giving your
| private data to Google.
| amf12 wrote:
| If I understand correctly, people can use Graphene OS
| anonymously. This was a workaround to use Google Play
| Services (Store?) anonymously. So the users want to have a
| piece of cake and eat it too.
| chc wrote:
| It's to allow them to get apps. I wouldn't describe being
| able to run apps without being involuntarily tracked by a
| third party as "having your cake and eating it too." It's
| just a basic expectation of privacy. As it happens, Google
| makes this basically impossible to do without running afoul
| of their TOS, but I would characterize that as Google being
| unreasonable, not the users.
| danjoredd wrote:
| With this turn of events I am considering just getting a
| GPS for navigation and using nothing but F-droid. Google
| is going to continue doing this nonsense since it is
| against the terms, so going full open source might be the
| answer for me
| oynqr wrote:
| Have you tried Organic Maps from F-Droid?
| CameronNemo wrote:
| You've got it exactly right. Unfortunately, Google's Play Store
| is the only source for a number of proprietary applications
| that work mostly okay on degoogled android systems, including:
|
| * my bank app, and probably your's too
|
| * iNaturalist
|
| * various dating apps such as tinder, bumble, hinge, coffee
| meets bagel
|
| Edit: wonder if I could use a mirror instead?
|
| Edit2: ugh tried apkmirror. Might work. The client has ads
| (pretty sure google ads...) and popups. Some of the ads
| contained a download button? I got confused and concerned.
| Dipped out. I'll just be more dependent on my workstation(s).
| Phone still works as a phone, I presume.
| dublinben wrote:
| Those apps are almost certainly available in the iOS app
| store as well.
| 2h wrote:
| > Google's Play Store is the only source for a number of
| proprietary applications
|
| No, that's not true:
|
| https://github.com/4cq2/googleplay
| hellojesus wrote:
| It won't help with privacy, but if you want to use apps only
| sourced via the Google Play Store on degoogled, you can
| download the apk, extract it, and then load and install it on
| your device.
|
| I use grapheneos and have a separate profile that has GPS
| installed which allows me to download the apks. Then I adb in
| and transfer them from alt_profile->computer->no_gps_profile
| and install it.
| darkmighty wrote:
| I really wish commercial apps would support alternative app
| stores. There are far worse offenders than Google, but it's
| currently quite intrusive and who knows if it won't get
| worse. I doubt the billions in rent they must collect every
| year on app sales really go on improving the OS experience.
|
| F-droid repository format would be easy enough to support a
| commercial repository you could manually activate, with
| signing and all.
| londons_explore wrote:
| > I doubt the billions in rent they must collect every year
| on app sales really go on improving the OS experience.
|
| Google has _huge_ numbers of engineers working on
| Android...
|
| Although I do kinda wonder exactly what they're working on,
| considering each release of Android seems to be not very
| different from the previous one...
| kodah wrote:
| The larger the number of product devs, and the larger
| footprint of the product, the more people you need
| supporting them with tooling and infrastructure of
| various types.
| em-bee wrote:
| it seems you can get iNaturalist also from github:
| https://github.com/inaturalist/iNaturalistAndroid/releases
|
| i just checked my banks, they are on google play and on the
| huawei app store, the latter though is not really an
| alternative i would trust any more than google, and i didn't
| see if it allows download without an account, but fortunately
| for myself i don't want banking on my phone anyways, as the
| phone is the most likely device to break, lost or stolen, nor
| do i care about those others. but that's just me.
|
| i found apkmirror manageable, thanks to the adblocker i
| guess.
| mikece wrote:
| I don't know when it started but I had the same issue on a
| Samsung tablet yesterday afternoon. If Google permanently blocks
| access to the Play Store from Aurora then that will be sufficient
| for me to finally spend the money to get an iPad.
| worik wrote:
| > . If Google permanently blocks access to the Play Store from
| Aurora then that will be sufficient for me to finally spend the
| money to get an iPad.
|
| Google is a clumsy puppy compared to Apple. Good luck making a
| client for the iOS play store.
|
| It would be funny, if not for the fact that this duopoly is a
| dreadful break on innovation in the mobile software space. It
| is tragic
| usernew wrote:
| I'm seriously not getting this POV, which I see a lot.
|
| Yes, some apps are only available in the play store, and the
| maker of them does not publish them anywhere else. How's that
| google's fault again? Are you mad at Twitter because
| Starbucks doesn't sell their coffee there?
|
| There is no vendor "duopoly" between google and apple. There
| are about a thousand flavors of Android, and a bunch of phone
| makers - and google isn't even the top Android seller. The
| only one I've used with a play store was for like a year in
| 2010.
|
| There is a technology duopoly, but the technology part has
| nothing to do with google. Much like there's no triopoly
| between windows/macos/linux. Because "Linux" is not a vendor.
| Linux is like "car," not like "Toyota." Windows is like
| "bicycle with lawnmower engine held on with duct tape." Macos
| is like "you're eating this absolute shit, and it does taste
| good"
| lmm wrote:
| > Yes, some apps are only available in the play store, and
| the maker of them does not publish them anywhere else.
| How's that google's fault again? Are you mad at Twitter
| because Starbucks doesn't sell their coffee there?
|
| I can buy from Starbucks anonymously, or give my friend
| money to buy something for me. If they're calling it a
| "store" then that comes with an implication that you don't
| have to consent to being creeped on to get stuff from
| there.
|
| They also did a bait-and-switch where they initially touted
| android's openness, but then moved an increasing amount of
| core functionality into google play services and encouraged
| app makers to depend on that.
|
| > There is no vendor "duopoly" between google and apple.
| There are about a thousand flavors of Android, and a bunch
| of phone makers - and google isn't even the top Android
| seller. The only one I've used with a play store was for
| like a year in 2010.
|
| There is absolutely an app store duopoly - it's a different
| duopoly in China than the rest of the world, but that's a
| distraction. The fact that they're able to sustain their
| 30% cut shows how much market power they have.
| jeroenhd wrote:
| I get that you want to send a message, but what problem does
| moving to iOS solve? You have the same restrictions, in fact
| even worse ones, with way fewer options for accountless
| downloads.
| mikece wrote:
| I am less concerned that Apple will exploit my data because
| they make plenty on the hardware; in the case of Android gear
| Google's whole point is exploit any data they can for profit.
| I have few use cases for a tablet as it is (photography being
| the big one: Canon Camera Connect) so if Google makes it
| impossible to get/update that app I'll just switch platforms.
| (If not an iPad then perhaps a laptop but that's far more
| bulky to take on a photo shoot.)
| [deleted]
| Stiffly6471 wrote:
| The part where you said:"I am less concerned that Apple
| will exploit my data because they make plenty on the
| hardware." feels like such a naive way to think about
| Apple.
|
| This is what Forbes had to say about it: https://www.forbes
| .com/sites/johnkoetsier/2021/10/19/apples-...
| TylerE wrote:
| Be vary vary vary wary. This dude (like most Forbes
| contributors) is a lifestyle CEO/"media consultant" just
| shilling his own bags.
| yosito wrote:
| Verily, various variants of vary are very varied.
| malicka wrote:
| People switching from Android to iOS for privacy reasons
| seems myopic to me. Apple is, ultimately, a company. There
| is no such thing as them "making enough money." If they can
| double-dip by both selling data and selling hardware, they
| will. It's not a matter of if, but when. De-Googled Android
| is objectively a more privacy-friendly option than iOS.
| CharlesW wrote:
| > _People switching from Android to iOS for privacy
| reasons seems myopic to me. Apple is, ultimately, a
| company._
|
| They're not the same. Google generates ~80% of its
| revenue from an ads product built on user data. Apple has
| an ad product which generates ~5% of its revenue (mostly
| from App Store ads), collects far less info1, does not
| share user info with third parties, and lets users turn
| off personalized ad targeting with a simple toggle2.
|
| 1 https://www.apple.com/legal/privacy/data/en/apple-
| advertisin... 2 https://support.apple.com/en-us/HT202074
| CameronNemo wrote:
| Nobody said they were the same, just pointing out in the
| end both will pursue the ad market.
| CharlesW wrote:
| My point is that Google's business model is intrinsically
| privacy-eroding1, and Apple's business model is (for the
| foreseeable future) privacy-supporting1. This is not to
| claim that Apple is "good", but that privacy is good
| business to Apple and is odious to Google. This is why
| switching is not myopic, in my estimation.
|
| 1 (because that behavior supports their primary sources
| of revenue)
| lmm wrote:
| Both of them are trying to make as much money as they can
| from hardware and ads. Currently Apple is doing better at
| one and Google is doing better at the other, but that
| seems like a contingent fact rather than a deep
| difference.
| bioemerl wrote:
| > Google generates ~80% of its revenue from an ads
| product built on user data
|
| And apple will chase that revenue if it sees the
| opportunity. With their control over iOS devices, when
| they do, you'll be powerless to stop them.
| josephcsible wrote:
| That feels like cutting off your nose to spite your face, since
| iOS is still way more locked down than Android. If your
| employer cut your salary from $100k to $90k, would you respond
| by quitting and going to work somewhere else for $50k?
| Aachen wrote:
| Per another comment, and keeping with your analogy, they
| think the work at the 50k$ employer is nicer | that Apple
| isn't as evil as Google.
|
| Not saying they're right or wrong, but that's valid logic if
| true. Personally I find the other ways in which you get
| locked down+in to already be so not worth it that it's not
| even a question I've needed to consider.
| kornhole wrote:
| This is a major problem for most people with a degoogled phone.
| Luckily I am using Graphene which provides a sandboxed Google
| Play services. This means that the only access you need to give
| it is network access rather than the promiscuous normal access it
| has to just about everything on your device.
| https://grapheneos.org/features#sandboxed-google-play
|
| It would be helpful if others can share here how to extract and
| install APK's outside the Play store.
| 2h wrote:
| > how to extract and install APK's outside the Play store.
|
| https://github.com/4cq2/googleplay
| jeroenhd wrote:
| The linked thread claimed you can still create a Google account
| and use that to sign into the Aurora store. They only ban the
| shared accounts.
| fodmap wrote:
| Graphene OS is a very interesting option but it only runs in
| Google's Pixel phones for now, so I'm waiting for the day it
| could be installed in other devices.
| [deleted]
| fyloraspit wrote:
| You might be waiting a while. If you read the documentation I
| think they get into to the reasons for that pretty
| thoroughly. As a side note, I think the prices for 5's and
| 6's is pretty reasonable right now (they seem to have fallen
| a bit from a year or 2 ago).
| brewdad wrote:
| I've always loved the irony of needing a Google phone so that
| you can run an OS the de-Googles your phone.
| nibbleshifter wrote:
| IIRC the devs are only supporting Pixel devices because they
| are at least vaguely sane.
|
| Supporting random other devices would be a nightmare.
| probably_wrong wrote:
| > It would be helpful if others can share here how to extract
| and install APK's outside the Play store.
|
| I use APKPure. I have the suspicion that it must be some kind
| of malware/spying operation, but I couldn't find any proof so I
| kept it. Another HN user [1] followed up on a comment on mine
| on the topic and they didn't find anything particularly strange
| either.
|
| [1] https://news.ycombinator.com/item?id=32409557
| celsoazevedo wrote:
| APK Mirror seems to be a more popular option:
| https://www.apkmirror.com/
|
| Created by https://twitter.com/ArtemR which is known in the
| Android space.
| noman-land wrote:
| Absolutely loving GrapheneOS for the past year plus. It's my
| primary device and I have no problems.
| smnrg wrote:
| Obtainium is open source and can download/update directly from
| source on GitHub or GitLab--or even use directly F-Droid,
| IzzyOnDroid, Mullvad, Signal, APKMirror, APKPure, Steam,
| Telegram, VLC, Neutron.
|
| https://github.com/ImranR98/Obtainium
| blangk wrote:
| For those affected, I just tested, and there was a Signal update
| available which successfully completed. Perhaps updates for
| existing / old users will continue to work? Fingers crossed
| 0xedd wrote:
| Use a Linux phone. Contribute. My bank has a website.
| mmsnberbar66 wrote:
| which do you recommend? maybe I get one as a toy project at
| first...
| hinata08 wrote:
| toy phones are mostly the Google pixel, and Fairphones
|
| - You can flash anything on these.
|
| - You have 5-10 years of update on the android out of the box
|
| - huge communities.
|
| - consistent VoLTE and VoWIFI support
|
| - lines are easy to understand (only a few models in each
| generation)
|
| Samsung offers no long term support of phone, do hardly any
| publication to help open source communities to make a new
| image of android, and have the knox thing that makes it
| harder that it could be to flash. They just poop billions of
| different models every year without further support.
|
| Xiaomi is like Porsche with the 911, which means they brand
| all of their phones the same, even when they have very
| different processors, vowifi support or not,... So pay
| attention to your exact model (the "pro" keyword isn't
| marketing, it can make the difference between a locked in
| Mediatek processor and a open source snapdragon)
|
| I'm annoyed to have got the only flavour of Mi10-something
| without Vowifi support, for example, because I didn't read
| properly.
|
| Sony has some OK phones to hack as well. And they look good !
| But I think there was an article on HN a few days ago, about
| the hardware of the XA2 that called home to send analytics
| even with a custom ROM.
|
| I'm also annoyed because I have had that exact model with
| iodeOS.
|
| So yeah, I'd recommend to just get a Pixel phone if you want
| something compact (the 6A is pretty narrow), or the Fairphone
| if you want something large that you can physically repair,
| and update for the longest even if you don't hack it.
|
| (I now have a Mi10 Lite and a Pixel 6A. I just had the
| latter, so that I can use one of these to hack a bit.)
| em-bee wrote:
| for a toy project, the pinephone is on my shopping list.
|
| for serious use i stick to /e/OS supported phones. /e/OS has
| its own store that also gets apps from google play using
| their API. i wonder if that will be affected too. so far it's
| still working
| fodmap wrote:
| I'd recommend not the Pinephone but the Pinephone Pro. The
| former is extremely slow.
| Operyl wrote:
| Some banks don't expose everything on their website, sometimes
| it's only available in their mobile app.
| staringback wrote:
| Change banks then. Free market at work
| Operyl wrote:
| I wish it were that simple, sometimes. Not everybody is in
| a position to, for varying reasons. We're privileged to
| have that ability. There are entire groups of people who
| just can't because of being "black listed" for one reason
| or another.
| usernew wrote:
| Please let me know what bank lets me deposit a check on
| their website by taking a photo of it.
| Aachen wrote:
| GP may not be in the USA. I haven't ever seen a cheque in
| my life (I'm 30 and from Europe).
| [deleted]
| fodmap wrote:
| My daily driver is a Linux phone running Ubuntu Touch. Besides
| that I have three more phones running other Linux projects,
| basically to test them, and to report bugs.
|
| In addition to those devices, I also have another one running
| Lineage OS because I need some apps that I can't run in any
| other way, v.gr. Monash University Low FODMAP Diet App.
| [deleted]
| BiteCode_dev wrote:
| Seems like Google is spending way more energy in preventing user
| to avoid being spied upon by them than they are actually
| moderating the app store against spywares and malwares.
|
| Aurora wouldn't need to exist if they gave us an easy way to get
| apps from the Play store without giving control of our entire
| phone to the worst privacy offenders on earth.
| keb_ wrote:
| It's been a great app, but I've found myself relying on APK
| Mirror more and more. Would be nice if there was a more up-to-
| date APK Mirror client that can handle updates automatically.
| wildredkraut wrote:
| I hope they file a report to the EU's Digital Market Act
| Commission.
| ktosobcy wrote:
| oh ffs... i do hope tha we will soon see alter alternative
| stores. unfortunately android (with iOS) has virtual monopoly and
| they force dumb stores...
| ewoodrich wrote:
| Aurora isn't an alternative app store, it's an alternative
| method of accessing the Google Play Store. F-Droid is an
| alternative app store on Android usually used by degoogled
| phones.
| Aachen wrote:
| With alternative stores, I'm hoping that we'll get a choice
| in where to install public transport apps, Spotify, Discord,
| games, et cetera from, rather than having the choice between
| Google and illegal mirroring sites (the app's owner holds
| copyright and didn't authorise something like
| apkmirror/apkpure to distribute with ads and potential
| malware, though they've proven more reliable on the latter
| front than early apk redistribution sites).
|
| That's how I also read GP's comment, but your reading is also
| a valid one.
| netfortius wrote:
| Huge issue with those having to use a phone from one country with
| apps local to another country - very common for extensive travel,
| as the formal Google play store locality change is only allowed
| once per year.
| Freak_NL wrote:
| Yeah, that's annoying. Public transport companies sometimes
| have this issue, where they don't offer travel planning on
| their normal website, but tell everyone to use their app, only
| you can't install it because you're not from that country nor
| in that country when you're preparing to travel there from the
| comforts of your home.
| gavaw wrote:
| You can change your account's country by opening the store
| and tapping on your avatar. It's a bit convoluted (requires
| you to make up an address) but it's not the end of the world.
| netfortius wrote:
| 1. Only once a year - at least according to the config
| instructions, which I tried to avoid "testing"
|
| 2. You run the risk of losing Google voice, if the main US
| account is switched to another country where they do not
| provide voice services
| gavaw wrote:
| I was talking about Apple, sorry.
| CameronNemo wrote:
| Does Amtrak still only tweet whenever their trains are
| delayed?
| crazygringo wrote:
| That's never been true.
|
| That's been available on their site for as long as I can
| remember. Long before they had an app that would tell you
| as well. Heck, I'm pretty sure before Twitter even existed.
| jsnell wrote:
| It's trivial to have multiple Google accounts, one from each
| country, on the same phone. The apps installed by any account
| will be accessible to all of them.
___________________________________________________________________
(page generated 2023-05-25 23:00 UTC)