###### **Your Cheat Sheet to Installing Android Apps the Privacy Respecting Way: From Direct Sources to Google Play Store** **1. Direct from Developer** - Get APKs directly from GitHub, GitLab, or Codeberg etc. using Obtanium - If the app is on Accrescent, use Accrescent **2. F-Droid** Use only in these cases: - When it's the developer's chosen release channel - When no other distribution option exists Most devs will put F-Droid instructions or a download button on their Git page or website. Use the developer's official F-Droid release repository or recommended repository whenever available (eg: many devs use IzzyOnDroid F-Droid repo for their releases instead of creating their own). **When using F-Droid:** - Use the official "**F-Droid Basic**" client - Benefits: Automatic background updates without privileged extension or root - Enhanced security through reduced feature set and attack surface - Do not use alternative clients like Neo Store **3. Google Play Store** Use only if the app is unavailable through any other official channel. Some prefer to use Aurora Store (a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps). This is threat model and usecase dependent. I prefer to just use Google Play since I have it installed on GrapheneOS where I use some paid apps not available anywhere else, and I want to keep all of my apps all in one place. (Optional) Create an anonymous Gmail account and use it for Google Play. --- *Note: This approach aligns with PrivacyGuides and GrapheneOS recommendations, as well as modern security standards. Third-party F-Droid clients are not recommended.* ``` #Ikitao #OPSEC #Privacy #Android #GrapheneOS