Attached: 1 image
Last night Organic Maps was removed from the Play Store without any warnings or additional details due to "not meeting the requirements for the Family Program". Compared to Google Maps and other maps apps rated for 3+ age, there are no ads or in-app purchases in Organic Maps. We have asked for an appeal.
As a temporary workaround for the Google Play issue, you can install the new upcoming Google Play update from this link: https://cdn.organicmaps.app/apk/OrganicMaps-24081605-GooglePlay.apk
Organic Maps is also available via https://accrescent.app/ which is developed by a GrapheneOS community member and even hosted in the GrapheneOS App Store.
Accrescent is a private and secure Android app store built with modern features in mind. It aims to provide a developer-friendly platform and pleasant user experience while enforcing modern security and privacy practices and offering robust validity guarantees for installed apps.
Accrescent comes from within the GrapheneOS community and we’re collaborating together.
A grapheneos community member is just a random person
A random person that is mentioned specifically by the official GrapheneOS account, not to mention that GrapheneOS has said Accrescent is their recommended app store above F-Droid. Maybe Accrescent dev is not a GrapheneOS core dev, but still a step up, with more credibility, than just “a random person.”
The main thing they have going against them is the currently small list of apps, and it won’t grow unless people become aware of it and ask devs to put their apps there.
As for “not as open,” can you clarify what you mean? Yes, Accrescent does have “certain minimum requirements for all apps submitted to it to ensure the privacy and security of its users.” Is that what you mean,to loosen that?
https://accrescent.app/docs/guide/appendix/requirements.html
There’s no other repos. It’s not federated, it’s not decentral. It’s like google’s store but from someone who’s endorsed by grapheneos. Maybe it’ll become the official grapheneos app store. (Its just a random thought) in that case it’ll get graoheneos’ reputation but still, there’s a reason why many people love fdroid and with the rise of reproducible builds it’ll become difficult to conquer their castle
Or “just get it from Accrescent and be done with it?” Are you implying if you get it from Accrescent, you’re somehow not done with it? Sorry, I don’t follow your logic.
Also, no thanks on F-Droid as GrapheneOS recommends against and there are multiple security issues:
F-Droid has far too many security and trust issues for us to recommend it. The vast majority of apps in the official F-Droid repository are built on their sketchy infrastructure and signed with their own keys. We’re concerned about a future mass compromise of F-Droid users.
EDIT: I should note this doesn’t address the other issues in your second link (I have twitter blocked, can’t see that link) but it does fix the primary issue of the apps originally not being signed by the developer.
Graphene OS is not a good source of information. I call BS on anyone calling F-droid insecure. If you have a better option that is fine but Graphene does not have a better offering. F-droid is the best we have.
They’re not a good source of information on Android security? Granted, they’re not perfect, but they are one of the leading teams in terms of Android security. I call BS on anyone calling GrapheneOS a bad source of information for Android security lol.
I would trust GrapheneOS, but understand that everyone has their own tolerances for security and the Graphene project is probably at the highest levels.
The GrapheneOS devs were right about F-Droid being less secure when they would sign other dev’s apps. This meant that if anyone were to hack F-Droid, they would get full access to every device using an app installed by them. This issue was fixed just last September.
Now that F-Droid fixed this issue, the responsibility falls on each individual developer to secure their signing keys. Should an app’s signing key be compromised, it would now only impact users with that app installed. Security is about layers, not 100% foolproof solutions.
Organic Maps is also available via https://accrescent.app/ which is developed by a GrapheneOS community member and even hosted in the GrapheneOS App Store.
https://grapheneos.social/@GrapheneOS/112821386750410102
A grapheneos community member is just a random person
A random person that is mentioned specifically by the official GrapheneOS account, not to mention that GrapheneOS has said Accrescent is their recommended app store above F-Droid. Maybe Accrescent dev is not a GrapheneOS core dev, but still a step up, with more credibility, than just “a random person.”
True. I pushed them when they published the first build. I like it yet it’s not as open as an app store should be like fdroid or flatpak
The main thing they have going against them is the currently small list of apps, and it won’t grow unless people become aware of it and ask devs to put their apps there.
As for “not as open,” can you clarify what you mean? Yes, Accrescent does have “certain minimum requirements for all apps submitted to it to ensure the privacy and security of its users.” Is that what you mean,to loosen that? https://accrescent.app/docs/guide/appendix/requirements.html
There’s no other repos. It’s not federated, it’s not decentral. It’s like google’s store but from someone who’s endorsed by grapheneos. Maybe it’ll become the official grapheneos app store. (Its just a random thought) in that case it’ll get graoheneos’ reputation but still, there’s a reason why many people love fdroid and with the rise of reproducible builds it’ll become difficult to conquer their castle
Just get it from F-droid and be done with it.
Or “just get it from Accrescent and be done with it?” Are you implying if you get it from Accrescent, you’re somehow not done with it? Sorry, I don’t follow your logic.
Also, no thanks on F-Droid as GrapheneOS recommends against and there are multiple security issues:
https://x.com/GrapheneOS/status/1803185925112934533
https://privsec.dev/posts/android/f-droid-security-issues/
That’s old info. Apps are now signed by the developers on F-Droid since about a year ago:
Source: https://f-droid.org/2023/09/03/reproducible-builds-signing-keys-and-binary-repos.html
EDIT: I should note this doesn’t address the other issues in your second link (I have twitter blocked, can’t see that link) but it does fix the primary issue of the apps originally not being signed by the developer.
Graphene OS is not a good source of information. I call BS on anyone calling F-droid insecure. If you have a better option that is fine but Graphene does not have a better offering. F-droid is the best we have.
They’re not a good source of information on Android security? Granted, they’re not perfect, but they are one of the leading teams in terms of Android security. I call BS on anyone calling GrapheneOS a bad source of information for Android security lol.
News regarding vulnerabilities reported to Google and physical attack roadmap
Improvements to factory resets by Google due to reports by GrapheneOS
I would trust GrapheneOS, but understand that everyone has their own tolerances for security and the Graphene project is probably at the highest levels.
The GrapheneOS devs were right about F-Droid being less secure when they would sign other dev’s apps. This meant that if anyone were to hack F-Droid, they would get full access to every device using an app installed by them. This issue was fixed just last September.
Now that F-Droid fixed this issue, the responsibility falls on each individual developer to secure their signing keys. Should an app’s signing key be compromised, it would now only impact users with that app installed. Security is about layers, not 100% foolproof solutions.