[guardian-dev] Hello, and question about Android and gapps

Hans-Christoph Steiner hans at guardianproject.info
Wed Mar 28 10:06:07 EDT 2012


On Mar 27, 2012, at 6:02 AM, Rick Valenzuela wrote:

> On 2012/03/26 3:42 PM, Manuel wrote:
>> One note (and also the only thing that's keeping me from doing the 
>> same): You will likely not be able to use apps you bought in Market,
>> because their license check will probably fail if you aren't logged
>> in with the account you used for the purchase.
> 
> I expect some functionality will break sometime. But so far, all have
> been usable. The two separate pro licenses I have also backed up with
> Titanium Backup, and operate fine. But looking versions on the Play
> website, I can see that I'm missing updates. So that's one drawback. But
> at least I can see the "What's new" tab to see if it's a security patch
> or desirable bugfix.
> 
>> On Mon, Mar 26, 2012 at 10:35:14AM -0400, Hans-Christoph Steiner
>> wrote:
>>> 
>>> I think that's a save assumption.  AOSP (Android Open Source
>>> Project) provides a whole operating system that is truly free
>>> software.  Having to agree to Google's privacy policy to use it
>>> would make it non-free.  The ROMs are generally based off of AOSP.
>>> So congratulations! you have escaped Google on your phone :).
> 
> heh, well, not quite: I was stuck without update on one app that pushed
> me to flash gapps and log in to Play. I updated that and everything else.
> 
> Just to experiment, though, I then backed up with Titanium Backup and
> then made an update.zip of the TB itself, then made a nandroid backup.
> Went back and started over again . So my phone is back without the
> Google propietary apps on my phone, no account link, and updated apps.

Good point, didn't think of that.

>>> If you want a Free as in Freedom app store, check out F-Droid.
>>> We're working on getting all of our stuff in there, as well as all
>>> the things we find useful.
> 
> yep! already on there, with both repos. i've found quite a few
> replacement apps on fdroid, too, that have let me ditch ones with
> sketchy permissions I got from the market. One thing I did notice when
> adding the Guardian Project repo: The f-droid repo is not SSL.

Yes, we probably should provide TLS connections to our repo.  Since the APKs themselves are signed, it probably is not a big security risk to use plain text transfer.  It is definitely a privacy risk, since someone in the middle could follow which apps you are installing.

.hc



More information about the Guardian-dev mailing list