Your Android, Your Rules: Secure App Installation Explained (and which stores we recommend!)

Android's openness enables flexibility, but more importantly—resilience. But all the app store options are confusing, and I've received many questions asking how to best install apps. In this blog I will explain how to take advantage of Android through open source app stores and other secure methods of installing applications. My goal is to empower you to receive software in the safest & most convenient method for you.

The Apple is Always Browner

Let's discuss the reality for the~30% of people using iOS outside the EU: There is a single way for the average user to install apps on iOS devices: The App Store. Many people understand the pros to this approach:

• Theoretically safer. All software is approved by Apple. Heavy emphasis on theoretically, since Apple isn't perfect and won't always protect you.
• Easy. One option means one language. 'Download my app' requires no further context outside your app's name.
• Convenience. When's the last time you had to manually update an app on your iPhone for a security update? Automatic updates through a centralized App Store means users don't need to worry about updating software.

But there are some critical drawbacks to Apple's approach:

• Apple's Rules. For the longest time:
  • Retro game emulators were banned by Apple.
  • Torrenting clients are still effectively banned.
  • Third party app stores (outside the EU) are banned.
  • Put simply: we don't think it's Apple's position to decide what you can & can't do on your device.
• Fees Fees Fees. Apple's infamous 30% Apple Tax is no secret. Money you give developers is inevitably shared with Apple.
• Privacy. Apple knows exactly which apps you install, revealing a great deal about you.
• A Dream for Government Censorship. Many are finally realizing the risk of a centralized company controlling which apps can be installed: it's an ideal target for government censorship. In the following examples, iOS users had no alternative to installing apps:
  • China forced Apple to ban WhatsApp, Threads, Signal, and Telegram from its app store.
  • Russia forced Apple to ban Proton VPN and hundreds of other VPNs.
  • The US was close to banning TikTok, leading to Apple proactively banning TikTok on the App Store. At the time of writing, TikTok has returned to the App Store, but the fact it disappeared due to government pressure speaks to the problem.

We're strong proponents of free access to software, so we believe the single point of failure Apple artificially created results in a lack of resiliency. This is especially relevant to the cryptocurrency space which is ever-evolving and has historically been banned by governments all around the world. So what's the alternative?

The Grass Is Truly Greener on Android

It's no secret: Android has more flexibility and resilience when it comes to software. While most people use Google's Play Store, the core difference lies in Android's approach to third-party app distribution.

For those unfamiliar: On Android, users can install apps via any .apk file from their web browser, or another app store, or from a flash drive! That's it. Just like an .exe on Windows or a .dmg on MacOS. While Apple has a similar .ipa file for iOS, it's not realistically usable for most users outside the EU without some workarounds. Installing software on Android has far more variety:

• Install Signal directly from their website.
• Install Cake Wallet directly from our GitHub.
• Install both Cake Wallet & Signal from the Google Play Store.
• Install both Cake Wallet & Signal from Aurora Store - an open source frontend to the Google Play Store.
• Compiling your favorite open source project yourself and installing the .apk manually.

In some ways this makes Android more confusing. But let's demystify the options and discuss the pros and cons of these methods in the context of Cake Wallet, followed by my personal opinion on the best ones for different users.

Google Play Store

Google's Play Store shares almost the same pros & cons as Apple's App Store. In short:

• Theoretically safer. All software is approved by Google. Though Google, like Apple, is not perfect in regulating software. They've even temporarily banned some genuine services by mistake.
• Easy. Users understand how and where to install software.
• Convenience. Automatic updates via a centralized App Store means users don't need to worry about keeping their software up-to-date.

Cons:

• Google's Rules. While Google's rules are generally less restrictive than Apple's, they still exist and impose limits on what you can install.
• Fees. Just like Apple, Google has fees.
• Privacy. Google knows exactly which apps you install, revealing a great deal about you.
• A Dream for Government Censorship. Governments can pressure Google to remove any app of their choice.

Assuming Cake Wallet is available on the Play Store in your region, we think the Play Store is a great option for people who may not understand the concepts in this blog post. The convenience and baseline security offered by the Play Store makes it a trusted place for anyone to download Cake Wallet and other open source applications. With that said, this comes at the cost of resilience & privacy. Google has mistakenly banned monero.com (our Monero-only wallet) from the Play Store, and in some regions this is the perpetual reality. If you choose to go with Google's Play Store, we encourage you to have at least one of the options below ready as a backup.

Aurora Store

Aurora Store is an open source app store which installs apps directly from the Play Store. Why not just use Google's Play Store? Let's break it down, starting with pros:

• Still safe. All software is approved by Google indirectly, as Aurora fetches apps from the Play Store.
• Easy. With Aurora, installing & updating apps is nearly just as easy as using the Google Play Store.
• Privacy. In addition to being open source, Aurora currently allows users to download apps without needing a Google account—hiding your apps from Google.
• Flexibility. Aurora is widely supported across de-Googled Android operating systems (like LineageOS, CalyxOS, and GrapheneOS) and is not dependent on Google Play Services.

Cons:

• Reliability. There have been times where Aurora's anonymous login doesn't work.
• Resilience. Since Aurora grabs applications from the Play Store, it's still indirectly victim to apps that Google chooses to list & unlist. However, users may be able to bypass certain geographic restrictions through Aurora's anonymous login.
• Trust. There is a layer of trust you give Aurora. While it has an excellent track record and is open source, it's undeniably adding an extra party.

Aurora Store shines on de-Googled operating systems that don't natively come with the Play Store. Even on standard operating systems, users can install Aurora alongside the Play Store to see how it works. If you shift some app installations to Aurora, you'll reduce your Google dependance, which is also advantageous for privacy.

I see Aurora as a rope that connects the Play Store to the more advanced options we're about to discuss. It enables users to begin transitioning away from Google in a safe, trusted manner—giving them confidence to eventually use more advanced tools. It also enables more advanced users to still download apps not available via other methods without needing to revert to using the Play Store.

F-Droid

F-Droid is an exclusively open source app store for Android. Pros:

• Privacy. F-Droid is open source itself, and has native settings for Tor usage to better protect users. There is also no personal information required to use it.
• Open Source Requirement. F-Droid's core focus is free & open source software. If you're a FOSS absolutist, you'll enjoy F-Droid's dedication to scanning apps and reporting anything about an app that could be interpreted as proprietary.
• Open Source Marketplace. If you have a favorite open source app, it's likely on F-Droid. While there are exceptions to this (like ourselves and Proton Mail), a majority of FOSS apps are natively found in F-Droid.
• Resilience & Flexibility. F-Droid allows third-party repos, so developers can host their own apps by their own rules with censorship-resistance.

Cons:

• Limited Apps. F-Droid only lists open source applications, so you won't find many popular Google Play apps on F-Droid. There are third-party repos you can use to increase app availability, but few users will be able to only use F-Droid for all applications.
• Security Concerns. While there has never been a major security incident, F-Droid has some concerns like requiring developers to submit apps which F-Droid compiles themselves, not the developer. However, these methods are how F-Droid is able to assess which apps are truly open source; this system is a conscious decision based on their project's priorities—open source. It's the user's choice how much this means to them.

The answer to this is easy since Cake Wallet is unfortunately no longer available on F-Droid. When we hosted our repo, we dealt with logistical challenges building our app with F-Droid requirements—including numerous delays, failed builds, and slow updates. We instead migrated to Accrescent to offer a similar experience to F-Droid free of the challenges we were facing. For other open source apps F-Droid may still be a good fit if you value FOSS and enjoy the store's vast selection.

Accrescent

Accrescent is a rising app store with a focus on security, privacy, and usability. Much of the good stuff is currently developer-centric, but it also features a modern experience for users. Pros:

• Private & Secure. Accrescent balances both privacy & security for both developers and users. Specifically aiming to tackle security concerns found in F-Droid.
• Modern. Accrescent offers a more modern experience compared to other app stores.

Cons:

• Alpha Software. Accrescent is currently in alpha, so until it hits public release we will caution users.
• App Availability. Since Accrescent is newer, its app selection is very small at the time of writing.
• No Third-Party Repos. Developers aren't able to host their own repos. This makes Accrescent in some ways less resilient than other platforms, but with the benefit of security.
• Not Open Source Exclusive. While Accrescent is open source itself, some FOSS-exclusive users may not agree with their philosophy to list proprietary apps. However, some may prefer the potential for wider availability of applications.

Accrescent is a great option for users who want a traditional app store experience that's not connected to Google. Installing Cake Wallet from Accrescent offers you privacy, security, resilience, and convenience. If an app you currently use is available on Accrescent, it's difficult to find many reasons not to install it from Accrescent.

Obtainium

GitHub and other similar sites are where a majority of open source projects are hosted online, including Cake Wallet. To install apps directly from these sites, you have two options:

1. Manually install the .apk directly. While this is easy to do once, most apps don't include self-update mechanisms. This means you'll need to manually check and download each update as it's released.
2. Third-party tools like Obtainium. Obtainium allows you to 'follow' things like GitHub repos where it automatically fetches and installs software for you. With this method you're getting software directly from a developer's repo. Obtainium offers an app-store-like experience, but you're ultimately in control.

Pros:

• Zero middlemen. You're downloading software directly from a developer. You are in full control.
• Zero App Stores. You're independent without needing to rely on any app stores.
• Resilient. There is no app store or central party deciding which software you're able to install.
• Private & Secure. Being open source without any requirements for an account, Obtainium allows you to directly install apps as if you were installing them manually.

Cons:

• Requires Trust. You need to trust that the .apk uploaded is safe. While challenging, it's not far-fetched for an attacker to target a developer's GitHub account to push malicious software. Theoretically Google's oversight in a situation like this would make this harder to pull off. We suggest users verify .apk hashes if they are able to.
• Human Error. While this is unlikely, please make sure you're adding the correct repo. There are countless instances of malicious repos put up to impersonate genuine ones. Check the URL of the repository when adding it!
• Limited to mostly open source. Most proprietary apps don't distribute public APKs, making this method only accessible to specific applications.

This is hands down our favorite option for most users. While it sounds complicated, Obtainium makes access to open source tools like Cake Wallet incredibly simple. Here's how:

1. Install Obtainium from its website or from an app store like F-Droid.
2. Select 'Add App'
3. In the App Source URL field, enter: github.com/cake-tech/cake_wallet/
4. Select your desired APK, for most users it will be the newest version of Cake Wallet.

With Obtainium set up, you will now independently (and automatically) receive Cake Wallet updates. We can be banned from all app stores and you wouldn't tell a difference. If GitHub shut down our repo, someone can publish our code on another repo which you can then migrate to in Obtainium. This allows you to use Cake Wallet with the utmost privacy, security, and resilience.

Putting it All Together

We've covered a lot, so let's summarize and I'll leave you with some takeaways.

• Android is far more resilient than iOS, since users can install apps outside a centrally controlled app store.
• Aurora Store offers all apps from the Google Play Store but in a more private method, functioning as a middle-ground for users unable to migrate all apps to better alternatives.
• F-Droid & Accrescent are app stores with different focuses & priorities. The former focuses on resilience and open source software, the latter prioritizes security. Both offer less app availability than Apple & Google's native app stores.
• Obtainium is a simple method for users to forgo an app store altogether and automatically install apps from a developer's repo. This is our top pick for Cake Wallet users.

While most people have a favorite app store, Android doesn't limit you to just one app store. In the real world, people utilize multiple app stores to reap maximum benefits. For example, Todd may:

• Install Signal from their website, which includes a self-update mechanism.
• Install his banking app from Aurora, as it's not on other app stores.
• Install Newpipe from F-Droid, as that's where it mainly exists.
• Install IVPN from Accrescent, as it's a more secure alternative than F-Droid of the same open source app.
• Install Cake Wallet from Obtainium, as it's a more resilient way to ensure you'll get updates regardless of any censorship attempts.
• Pro Tip: If Todd prefers Obtainium only, he can install Signal, Newpipe, IVPN, and Cake Wallet all with Obtainium!

Use them, get familiar with them, and enjoy the glorious world of app resiliency. Maybe someday iOS will join the fun. And until then, I call on you to try any app store you haven't already tried. Decentralized software distribution is the future, and you can be a part of that future right now.