I know all apps are checked before approved but are updates also approved before being delivered to users? When having signature spoofing it is quite risky to have anything being installed via third party sources so i am kinda paranoid that i have to use an alternative app store to download banking apps.
As far as I know, all new builds from source (also any update) will go through a series of automated checks. Not sure which those are exactly, but I image exchanging large parts of the source code would set of some alarms.
However you will still have to trust the App developer, that he would not deliberately let the App download stuff from dubious sources.
But with FOSS you can also actually check the source for any modifications made. I am no expert in Android programming but you can for example check this file or this for the URL used to download Apps from the G%%gle server.
To answer you, yes it is safe. However, like any other failsafe process, spoofing has its own consequences. That said, it does not mean Aurora is not safe. I have done a thorough check on it, and can state for sure it is safe.
You can check the details through the post in TG: http://t.me/op5_files/1324
What is your default one? What’s so great with its policy? What “log” ?
The default stores are all privacy breaches. They log everything you do. How is it preferred?
I have the Google Play store in my android device and app gallery which is by default on a Huawei devices.
log means they store your data and use for advertisement purposes.
So you’ve read their policies and you agree with them (and whatever third parties they share your data with), right? That’s nice I guess.
Yes, you got my point now.
Because we have a conversation here…but I’m not sure why…
Not like that, what you are trying to say?
Not sure why your first post here on the F-Droid forum is about how you trust Google Play store more.
Not sure but I think @edwardbailey is some kind of spam account. Looking at his account details…
it does not depend on your thinking @stonerl and I don’t do anything wrong and I see this topic so that’s why I comment on it and there is an issue with it. that’s disgusting
Basically for banking activity, the sole safe is to use Fennec (with embedded geckoview) for login and actions.
Otherwise you can be lucky for some official bank apps when signature spoofing is sufficient, but don’t rely on it : they will probably break in future updates with locked Google PlayServices & bootloader as mandatory (actually MicroG SafetyNet is broken/wip?)…
Have a look to some alternative solutions : https://f-droid.org/en/packages/network.ubic.ubic/ (or gift your spouse a padlocked iPhone ?).
I agree. I would only use my bank’s app from the PS.
@edwardbailey , I read somewhere that all analytics harvested by Google PlayServices are sold to the highest bidder via a real-time auction system (including deep logs ?).
Isn’t that true for everything Google collects anyway?
With each change made by Google, Magisk or microG will have to make a corresponding change, and banking apps will stop working for some time. It’s a trench warfare I don’t want to be part of. It’s better to break free from banks and big corpos and to use cryptocurrencies and cash.