###### **Your Cheat Sheet to Installing Android Apps the Privacy Respecting Way: From Direct Sources to Google Play Store**

**1. Direct from Developer**

- Get APKs directly from GitHub, GitLab, or Codeberg etc. using Obtanium

- If the app is on Accrescent, use Accrescent

**2. F-Droid**

Use only in these cases:

- When it's the developer's chosen release channel

- When no other distribution option exists

Most devs will put F-Droid instructions or a download button on their Git page or website. Use the developer's official F-Droid release repository or recommended repository whenever available (eg: many devs use IzzyOnDroid F-Droid repo for their releases instead of creating their own).

**When using F-Droid:**

- Use the official "**F-Droid Basic**" client

- Benefits: Automatic background updates without privileged extension or root

- Enhanced security through reduced feature set and attack surface

- Do not use alternative clients like Neo Store

**3. Google Play Store**

Use only if the app is unavailable through any other official channel.

Some prefer to use Aurora Store (a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps).

This is threat model and usecase dependent.

I prefer to just use Google Play since I have it installed on GrapheneOS where I use some paid apps not available anywhere else, and I want to keep all of my apps all in one place.

(Optional) Create an anonymous Gmail account and use it for Google Play.

---

*Note: This approach aligns with PrivacyGuides and GrapheneOS recommendations, as well as modern security standards. Third-party F-Droid clients are not recommended.*

```

#Ikitao #OPSEC #Privacy #Android #GrapheneOS