this post was submitted on 14 May 2025

21 points (92.0% liked)

Privacy

42550 readers

525 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Aurora Store vs Google Play vs Micro G (lemm.ee)

submitted 5 months ago* (last edited 5 months ago) by Octavusss@lemm.ee to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

Hi guys I was thinking of installing either Calyx OS or Graphene OS on Pixel 7 I got from secondhand.

Meanwhile I was also wondering which one of these is most private but also best usable; Aurora Store or Google Play Mirror (Graphene OS) or Micro G?

Edit; Thanks for all info guys. I will take it into consideration and probably always first use F-Droid and web apps.

all 21 comments

sorted by: hot top controversial new old

[–] kami@lemmy.dbzer0.com 39 points 5 months ago

MicroG is not an alternative store, it's an alternative to Play Services.

[–] SilliusMaximus@mander.xyz 18 points 5 months ago (1 children)

Aurora Store is 3rd party client for Google Play Store while MicroG is open source implementation of Google libraries so they are not quite comparable.

I'd say MicroG with Aurora Store is most private you can be if you really need to use Google services. You can use Aurora Store with anonymous Google Account that they provide you and MicroG is only sharing necessary data with Google servers.

[–] 0x0@lemmy.zip 6 points 5 months ago (1 children)

What's "necessary data"?

[–] SilliusMaximus@mander.xyz 12 points 5 months ago (1 children)

Data only needed for that specific service to function

[–] 0x0@lemmy.zip 3 points 5 months ago (1 children)

If the app declares it needs location even though it's not needed (say it's a text editor) will microg filter it out and/or provide fake data?

[–] SilliusMaximus@mander.xyz 5 points 5 months ago (1 children)

I think it provides fake data but don't take my word.

[–] utopiah@lemmy.ml 5 points 5 months ago

Upvoted only because the comment got downvoted.

If you downvote a clearly stated opinion without clarifying why, e.g. a source clarifying that it is indeed no correct you are NOT helping the conversation.

[–] chemicalwonka@discuss.tchncs.de 6 points 5 months ago

GrapheneOS is far far better than CalyxOS in all categories

[–] Xanza@lemm.ee 5 points 5 months ago

https://github.com/Droid-ify/client

Can use any open-android store repository, including IzzyOnDroid and F-Droid. It's the only real choice.

[–] NewOldGuard@hexbear.net 5 points 5 months ago

So aurora with micro g is more private in the sense that you’re not required to have a google account which would be used to track the apps you use etc. But sandboxed google play on GrapheneOS is significantly more secure. It requires fewer privileges than microG, operates in a much stricter sandbox, and performs checksum verifications on your downloads to ensure they are legitimate. Aurora is hypothetically vulnerable to man in the middle attacks since it doesn’t check the file’s hash

[–] PatriPetriPutri@lemmy.ml 4 points 5 months ago* (last edited 5 months ago)

What I can tell u (as a normie) is that a few weeks ago I bought a refurbished google pixel 7, installed Calyx OS (via the web browser installer) with MicroG and I've been using f-droid and Aurora Store (without a google account) since then and I haven't had any issues with any app, for example, the banking ones

[–] shortwavesurfer@lemmy.zip 3 points 5 months ago (1 children)

Fdroid. No, seriously, none of the above. fdroid is the only option here.

[–] utopiah@lemmy.ml 11 points 5 months ago (1 children)

Unfortunately a lot of apps are not on the FDroid stores which is why people, me included, rely on other stores.

I always look at FDroid first but sometimes (hopefully less and less) the only apps (typically commercial ones, e.g. banking) are elsewhere.

[–] shortwavesurfer@lemmy.zip 4 points 5 months ago (1 children)

Use the websites whenever possible, instead of having to download another app, especially a commercial closed source one.

[–] utopiah@lemmy.ml 2 points 5 months ago (1 children)

Indeed, honestly most apps should just be URLs.

[–] shortwavesurfer@lemmy.zip 7 points 5 months ago (2 children)

My bank website would not let me do everything that the app would let me do, so I switched banks.

[–] utopiah@lemmy.ml 2 points 5 months ago

Nice, hopefully they are aware that former clients are moving away from them because they don't find their solution appropriate. I should do the same.

[+] sunzu2@thebrainbin.org 2 points 5 months ago* (last edited 5 days ago) (1 children)

[deleted]

[–] kixik@lemmy.ml 3 points 5 months ago* (last edited 5 months ago)

The battle is still there, and the GrapheneOS guy always bark at microG, like he really hates the whole concept of microG. What I have gotten from the discussion is that GrapheneOS is more secure, but although it sandboxes GPS denying some permissions, and some of those might be needed to be given away for some services any ways, it doesn't try to fake anything, which microG does. In that sense my preference has been microG, and I don't regret it.

That said, what you mentioned is true, both still access google app store, and still have to give some minimal information to google.

There's a 3rd option the OP didn't mentioned. If they are mainly interested in app store, and not the google services in general, there are a couple of somehow recognized 3rd party app store mirrors, which keep the same original signatures of the packages hosted by google app store, and they offer packages from other sources not provided by the google app store, in case interested on those packages: apkmirror and apkpure. From the two apkpure still allows to install and upgrade packages through FLOSS 3rd party apps like apkupdater, so that might be an option. For some months apkpure packages weren't able to be installed through apkupdater, but it seems that got corrected already.

But in general, the OP would benefit from always looking for FLOSS packages on the F-Droid repo, then other non official F-Droid repos which can be used through the F-Droid app, then see if they can be installed from their web site and updated without intevention of any installer, and then if there's no option but using proprietary software maybe looking for them on the apkpure/apkmirror sites or on apkpure through apkupdater or similar, and then aurora store, or if using grapheneOS finally google play if anything else fails, :)

I do understand the need for proprietary software, like bank OTP apps. It's sad banks, governments, medical services and so on never look for FLOSS software, they always require users to get proprietary software. I don't live in the EU, but I hope current hate/banning tendency ends up doing user a favor by starting to require banks, and the like to start using FLOSS apks, though doesn't really helps me, I hope in the end it helps people in the EU.

[–] upstroke4448@lemmy.dbzer0.com 2 points 5 months ago* (last edited 5 months ago)

Micro G is the worst option as it requires privileged access to your phone. This is the same major privacy issue with the regular Play Store. The only real difference is your shifting trust from Google to Micro G but, you shouldn't be trusting any third party with that type of access.

Aurora is a decent option as it allows you access to the Play Store without needing to actually install the Google Play Client.

I would say sandboxed Google Play is the best option. You get full access to the play store while still having the protections of a sandboxed app.

A lot of people will offer f-droid as an alternative but it also comes with some big issues. I'll quote privacy guides here

Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards.