Using GrapheneOS, my main profile has a handful of apps from PlayStore(Aurora): 1password, ProtonVPN, ProtonMail, etc.
I think I read somewhere that, for an app to appear in PlayStore, it must be compiled with linked libraries that implement check-ins with Google infrastructure… or something like that.
Obviously I’d expect apps like 1password and Proton to be “less evil,” but am curious whether everything from playstore leaks telemetry, or if it’s just “up to the developer”.
(in my case, I don’t have Google services or apps in the main profile at all)
Why not just use Proton Pass?
Because you should have your email, password manager, and authenticator be 3 different services. Otherwise there is 1 point of failure.
My understanding is the password manager is fully local to the device. Its only compromise-able if you back it up to their cloud. Same goes for the authenticator.
Offline mode is available for free on the mobile app, but not desktop. Doesn’t work offline for browser extension at all, which is how auto fill works on desktop, which is much more useful. And offline mode for Proton just means you can view the passwords you already created, not create more.
There are true offline local password managers but as long as the cloud sync is encrypted, I see no reason to avoid using it and miss out on half the functionality. Auth is more debatable but I’ve found uses for cloud hosted Auth too.