Using GrapheneOS, my main profile has a handful of apps from PlayStore(Aurora): 1password, ProtonVPN, ProtonMail, etc.
I think I read somewhere that, for an app to appear in PlayStore, it must be compiled with linked libraries that implement check-ins with Google infrastructure… or something like that.
Obviously I’d expect apps like 1password and Proton to be “less evil,” but am curious whether everything from playstore leaks telemetry, or if it’s just “up to the developer”.
(in my case, I don’t have Google services or apps in the main profile at all)
FWIW, you can install the entire proton suite with Obtainium. For whatever reason though, 1password exclusively distributes through the Google play store, but AFAIK that doesn’t make the app itself any less private.
Can you? I just looked into this this other day and I didn’t see proton calendar on github, it was just an apk you could download on protons site
Looking at Proton calendar, it seems I just put the website into Obtainium, I think there’s a monorepo somewhere, but I couldn’t find it.
Huh, okay, I thought it had to be a github repo. I’ll look into that. Thx.
No, Play Store does not require Play Services integration, nor does it mandate any trackers.
In practice though, most use Play Services for push notifications, and there are a LOT of apps with at least Google Crashlytics, Google Firebase Analytics, and Google Admob trackers. Check out Exodus for tracker reports. Or use the Tracker Controller app. Just note that some trackers are pretty benign, or even a security feature, like Sentry.
Aurora should actually say in the description of the installation/update screen if the app requires google play services or any telemetry at all (or for that matter, google sign in).
