Good afternoon, y’all!
I have decided to take the plunge and switch over to Graphene OS. Is there anything I need to know before I use the web installer? I’m a bit bummed about having to set up all my apps again, but I’m exporting all my settings, thanks FOSS apps! to help with the transition. Most of my data is fully backed up through Nextcloud, so I’ll be able to just jump straight in with my photos and data.
So yeah, any tips or advice would be greatly appreciated before I go through with it tonight. Thanks, y’all and again, I love being a part of the Lemmy community.
Use Obtainium, get your apps directly from the code repositories !
I prefer f-droid builds whenever possible. Some github apks will still include google libraries, or not quite mention where they connect. F-droid goes the extra step of checking all of these for you, and give you warnings of any unintended connectivity for example. They’re quite strict for a reason. And I appreciate it.
This depends whether you care about security or software freedom guarantees. Because if it’s security that is the priority, F-Droid is a much weaker option than Obtanium+Appverifier because they use their own signing keys for nearly all apps. If F-Droid’s build infrastructure is ever compromised, then almost every app you have downloaded through it is also compromised. The inability for developers to control their own signatures is part of the reason Signal does not release on F-Droid.
Accrescent is a much better option than anything else because it still allows developer-managed keys, although it doesn’t have many apps. Google Play (although it does have high-security infrastructure) has the same problem as F-Droid of centrally managed keys. Obtanium with Appverifier at least lets you ensure that your app is signed by the developer.