ATL BitLab LogoATL BitLab

Bypass App Store Censorship With These Tools - The Sovereign Computing Show (SOV010)

Tuesday, March 25, 2025

In this episode of the Sovereign Computing Show, Jordan Bravo and Stephen DeLorme discuss the challenges of app store censorship and explore various alternatives to the Google Play and Apple App Stores. They dive into the Aurora Store, Obtainium, F-Droid, Zap Store, and Accrescent, examining how these platforms can help preserve user privacy and circumvent censorship. Learn about the benefits and limitations of each alternative and get insights on how to take back control of your device's app ecosystem.

Chapters

  • 00:00 Introduction to Apple's App Store Policies
  • 00:35 Welcome to the Sovereign Computing Show
  • 00:52 ATL BitLab: A Hub for Tech Enthusiasts
  • 02:04 Contacting the Show and Listener Interaction
  • 03:22 Updates on Private Payments
  • 06:27 Main Topic: App Store Censorship
  • 07:15 Examples of App Store Censorship
  • 10:35 Epic Games vs. Apple
  • 14:08 Damus and the Zapping Feature
  • 18:34 The Mutiny Wallet Story
  • 25:30 Phoenix Wallet and Centralized App Stores
  • 27:15 Solutions: Alternative App Stores
  • 29:37 Privacy Concerns with Google Play Store
  • 31:09 Introducing Obtainium: Open Source App Store
  • 33:52 Exploring F-Droid: The Original Alternative App Store
  • 38:55 Zap Store: A Social Connection App Store
  • 43:27 Accrescent: A Promising New App Store
  • 53:11 The Future of Sovereign Computing
  • 53:49 Conclusion and Contact Information

Links

Transcript

Jordan Bravo: [00:00:00] You may not know this app or even care, but it's just one example of when Apple's draconian measures basically said our way or the highway. They said, you can't have this feature unless you pay us 30% of every zap that takes place.

Stephen DeLorme: The Gutenberg press was kind of like a "f*** you".

Like, "**** you, I can print Bibles if I want", right? And then the web is kind of a like, **** you, I can publish content on the internet, like I can host it on my own web server and anyone can access it.

There was nothing to me about app stores that were like inherently "**** you".

Jordan Bravo: Welcome to the Sovereign Computing Show, presented by ATL BitLab. I'm Jordan Bravo, and this is a podcast where we teach you how to take back control of your devices. Sovereign Computing means you own your technology, not the other way around.

Stephen DeLorme: This episode is sponsored by ATL BitLab. ATL BitLab is Atlanta's freedom tech hacker [00:01:00] space. We have co working desks, conference rooms, event space, maker tools, and tons of coffee. There is a very active community here in the lab. Every Wednesday night is Bitcoin night here in Atlanta. We also have meetups for cyber security, artificial intelligence, decentralized identity, product design, and more.

We offer day passes and nomad passes for people who need to use the lab only occasionally, as well as memberships for people who plan to use the lab more regularly, such as myself. One of the best things about having a BitLab membership isn't the amenities, it's the people. Surrounding yourself with a community helps you learn faster and helps you build better.

Your creativity becomes amplified when you work in this space, that's what I think at least. If you're interested in becoming a member or supporting this space, please visit us at atlbitlab. com. That's A T L B I T L A B dot com. Alright, on to our show.

Jordan Bravo: Welcome to the Sovereign Computing Show. [00:02:00] I'm Jordan Bravo and I'm here today with Stephen DeLorme

Stephen DeLorme: Sup.

Jordan Bravo: We wanna remind you that you can contact the show by boosting in on Fountain. That's Fountain FM is their website. And you can also download the Fountain app on Android and iOS. Search for the ATL Bitlab podcast.

And you can see all of our shows. We also recently added a email address that you can write in. If you want to contact us, it's s-o-v-e-r-e-i-g-n AT a-t-l-b-i-t-l-a-b DOT COM. That's sovereign. Don't forget to spell it correctly. S-O-V-E-R-E-I-G-N AT a-t-l-b-i-t-l-a-b DOT COM. All of this will be in the show notes if you want to go back and check it out.

Stephen DeLorme: Yeah, I was trying to like be a badass and pull up crypt pad fr and like type it out on screen for everybody so we'd have a visual aid for anybody watching. But this encrypted [00:03:00] stuff is just taking so long. But I mean, I finally have my document on screen now. Um, and now I'm just killing time, so I have an excuse to actually, you know, type this out.

Jordan Bravo: We are figuring this out as we go along. So you're hearing all of the, the warts and the unpolished aspects of the show production. Uh, next we're gonna get into the erota corrections or updates from previous episodes. So a couple episodes ago we talked about the, in the private payments topic. I wanted to update everybody on in-person payments.

I have two great additions to that topic. First, we had talked about how in person it's hard to pay for things privately because we, we talked about how virtual debit cards are available with privacy.com, which is a great service if you're buying things online. However, when you're in person, if you have to [00:04:00] have a physical card, your options are a little more limited.

During that topic, we only knew about cash, or, or at least that's the one we discussed at the time. But a lot of places don't take cash anymore, so, uh, I now have, I'm happy to announce two additional methods that we can use. The first one is. Getting a physical card shipped to you from BitRefill. We talked about BitRefill and how you can go to BitRefill.com and you can pay with Bitcoin to anonymously buy a virtual Visa gift card that you can use anywhere online, but they also have a physical card option.

I tried this out this week and I had, I, I bought it with, with Bitcoin and Lightning, so it was very quick and anonymous, and then I selected the physical card option. I put in a random name for the name, and then for the shipping address, I put in a physical address of a place that is not my house and somewhere that I can get mail sent to.

Um, I would say [00:05:00] even if you had this shipped to your home, you're still getting a privacy benefit. So if you have nowhere to ship it to other than your home, this might still be a good option. But anyway, that arrived today and it has some random name that I put on it, on it. I went to a coffee shop and I bought myself some tea and I swiped it and it worked perfectly.

So happy to announce that that is a good option. The other in-person option that we can do is a lot of major chains have their own app. So if any store that you shop at has its own app, uh, I'm gonna give the example of the Kroger grocery store. There's also something like Walmart would work, but really any place that has its own app where you can pay through the app.

So for example, if I'm at Kroger. No, with the Kroger app, I'm at checkout. I open up the app and then it shows a QR code. And when I go to pay, instead of using a payment card, debit or credit card, I just scan that QR [00:06:00] code on the, the, the checkout scanner. And what it does is it, it bills whatever payment method I've hooked up in the app, and that can be any bit, um, any debit or credit card, including my privacy.com virtual card that I spin up for Kroger.

So by taking advantage of places where you can pay with an app, you can use privacy.com and keep all of your payments private for that in-person store.

Stephen DeLorme: Sweet.

Jordan Bravo: Alright. Today's main topic that we're gonna talk about is how to circumvent app store censorship First, what is app store censorship? Uh, I mean, it sounds pretty self-explanatory, but let's give a few examples of when this occurred in the past.

And the problems that arise from it, and then we'll move on to solutions and how to get around that censorship. Um, spoiler alert, if you are an iOS user, you're a little bit out of luck. However, I encourage you to [00:07:00] keep listening because you're gonna hear a lot of good information. Uh, in addition to whether you might someday try Android, just being aware of the problem can also, uh, add to your ability to master your technology.

So we're gonna go through a few examples of when censorship was a huge issue on mobile app stores. Now let's, let's lay out the, the context first when you are on iOS or stock Android. You can only get your apps through a centralized app store that's curated by the owner of the operating system. So Apple, in the case of iOS and Google, in the case of Android, that is a central point of failure, which we've talked about a lot on sovereign computing and how to avoid these or, or why we wanna avoid these because this can lead to censorship or even, um, non-malicious forms of, uh, failures, right?

Like if Google was hacked or. They're, [00:08:00] uh, tricked or misled or, or a government puts pressure on them or there's any kind of legal or jurisdictional issue. They have to follow that and, and keep apps out for any reason. You have no recourse because every single app has to go through that app store. In addition, there are devs out there that a lot of you may not know because you don't ride on the mobile.

App development space, but it's really difficult for a lot of devs to get their apps through the iOS, uh, app Store or the Google Play Store. A lot of times it's because of a money issue. So there's a couple of examples. The, the app, uh, 37 Signals, which I think might be now called, or excuse me, the company 37 Signals, which I think is now called Basecamp.

They have an app called, Hey, HEY. And they famously had a problem in 2020, and again in 2024 when they, apple wanted 30 pers, [00:09:00] 30% cut for the way that they were getting payments from their users. And it was a, a pretty controversial thing where the company pushed back against Apple. And, um, this was, first it was for an email app and then in 2024 it was for a calendar app.

And, uh, it was. You may not know this app or even care, but it's, it's just one example of a, a widely known example of when the, when Apple's draconian measures basically said our way or the highway. And if you don't conform, then you can't get in there the way you wanna be in there. Any additions you wanna add on that?

Stephen DeLorme: Yeah, minor correction. I think they're still called 37 signals, but, uh, Basecamp is just like one of their, like, earliest products.

Jordan Bravo: Ah,

Stephen DeLorme: It's like a business collaboration thing. It was kind of like Slack before Slack existed. Um, but yeah, yeah, it was exactly their hey.com email service, email product, and then it, 'em again with their hey calendar, uh, app, you know, getting, [00:10:00] you know, rejection.

They, I think, if I remember correctly, they tried to put their own. Payment processing and their outside of like, you know, Apple's payment system or whatever. And that's where the, the issues came out. Um, yeah, and I mean, it's like I, you know, apple has the right to do that as the owner of that, uh, platform.

I think there's no question about that. But just, uh, you know, from a business perspective, they willed an incredible amount of, uh, you know, power and, and leverage over, you know, the smaller businesses.

Jordan Bravo: Yep.

Another example is Epic Games famously over the last couple years has been battling with Apple because again,

Stephen DeLorme: in court, right?

Jordan Bravo: And in court. Yeah, they, they're actually app Epic Games is actually suing Apple and I think that's still playing out in court. Um, but a similar issue where Apple wants a 30% cut of. All of the in-game purchases, [00:11:00] something like that. And so, uh, epic is challenging their stranglehold on the app store, whether or not they win.

It's kind of besides the point of the point that we're making here, which is that regardless of whether Apple does have it right or doesn't have it right, or is legally obligated to or, or isn't, or is perfectly justified in charging, that they have the ultimate say. And that's something that we wanna.

See if we can avoid and, uh, get around. Another example that many of us might have noticed, this is a little bit more widespread usage of the Amazon iOS app. You might have noticed that if you try to buy an ebook from Kindle or an audiobook from Audible, which is owned by Amazon, that you can't actually do it in the Amazon iOS app.

You have to open up a separate web browser, go into the web interface and buy it through there. And this, uh, is, was very confusing the first time I [00:12:00] encountered it because it almost seemed like Amazon left out this important piece of functionality. Yeah. But of course that wasn't the case. It was because of this battle with.

With Apple and apple's, uh, 30% tax that they have on every in-app purchase. And so you might have noticed that. I certainly noticed it with audio books. I think Stephen, you, you noticed this as well.

Stephen DeLorme: It's, I've noticed it with Kindle actually with Kindle and it's like, yeah, it's so weird. 'cause you can buy stuff through the Amazon app itself, but you can't.

You can't on iPhone go to, um, you can't go buy Kindle books in the Kindle app or in the Amazon app. You have to go to an Amazon website. It feels really clunky.

Jordan Bravo: Is Apple's justification that these are digital products that are being delivered through the app store.

Stephen DeLorme: That might be what it is. That might be the distinction between like, uh, you know, buying, um, a broom or whatever off of amazon.com and buying a, a digital book or something.[00:13:00]

That's weird. And it's just crazy that I even, even, um, uh, a company as big as, uh, Amazon, um. Is, you know, like, no, we're not paying that. Um, like I, I mean that's kind of a bold and risky move. The thing is, is I think the smaller companies that want to gain traction probably are, you know, just, you know, usually gonna acquiesce more to Apple because they need exposure to the network effects of the Apple App Store.

A big company like Amazon, like kind of knows that people love their products at this point, and so like they, I think, feel a little bit more empowered to fight it and just be like, no, we're just gonna send people to our website. But not everyone has that kind of leverage in the marketplace.

Jordan Bravo: I bet you Amazon, some team at Amazon did a a calculation. And they said, how many, how much revenue do we lose by sending users outside of the app? Yeah. Yeah. And is that less than the 30% that we would lose from paying [00:14:00] Apple? And it was probably financially justifiable to do it like that. Yeah.

Stephen DeLorme: I'm sure it was a calculated risk.

Jordan Bravo: Mm-hmm. The next app that, or the next situation of censorship that we wanna talk about. And for you Nostr users out there, you may remember this. Is Damus on iOS? Damus is a Nostr client that's solely on iOS, although maybe it's now on Android as well. But I think it's, I think it's strictly on iOS.

Stephen DeLorme: Originally it was, but I know that they've been doing some other stuff like Note deck and, and some of this other stuff. Yeah, yeah, yeah. Available on iOS, iPad, Mac os. So I think, uh, I think Damus is, you're right, is still Apple only, but they have this other application called Note Deck that I, I think, um.

Is avail might be available on other platforms, but don't quote me on that anyways.

Jordan Bravo: Okay, so the thing that happened with Damus, uh, I believe it was in 2023, what happened was they [00:15:00] introduced a feature called zapping, which is just lightning payments to other Damus users, or excuse me, other Nostr users, regardless of, of the client.

Stephen DeLorme: Yeah.

Jordan Bravo: And what Apple did was. They said, you can't, you have this feature unless you pay us 30% of every, every zap that takes place. For those of you who understand zaps and lightning payments, you understand how ridiculous that is because on Nostr, when people are zapping each other, this could be non-custodial lightning payments between lightning users on any client.

So Damus is not getting a cut of these payments and the fact that Apple. Wants 30% of every single one of those is kind of absurd. And so what, after battling with Apple, what the Damus app app devs had to eventually do was just remove that feature from Damus. Otherwise they were no longer gonna be listed on the Apple App store.

Stephen DeLorme: Yeah. I think if from memory [00:16:00] serves, they left the, like the. Ability to attack someone's lightning address and the, their like Nostr profile and like pay them directly. I think the issue Apple had was the idea of like, um, zapping people's posts. Like trying to argue that like, oh, this is kind of like a digital product or like digital content or something like that.

And yeah, it was kind of ridiculous 'cause it was like, well, no, the content is actually free in public. Like everyone's Nostr posts are. You know, public, if they're on public relays, there's nothing that's being unlocked. You're just kind of leaving a tip to that person and you're saying, I'm, I'm leaving you a tip because of this content right here, this particular post.

But that wasn't good enough for Apple. And yeah, eventually they, they, I remember it was like, I used to use DOIs all the time. And then, uh, I don't know, once the Zap button, uh, disappeared on iPhone, it was, uh, I don't know, a little less, less pleasant to use.

Jordan Bravo: 30% seems [00:17:00] really steep to me, and I think we're gonna see this.

I feel like this is an instance, and this is me just opining, I have no evidence for this except for kind of looking back in the history of humanity, which is when, when I. Organization has absolute power. In this case, we're talking about the business world rather than like a monarch over a mm-hmm.

Territory. But they have absolute power. And so when you have a monopoly, you can act in a really unsavory manner. You can have like usurious. Pricing schemes. You know, you can have just ridiculously high pricing schemes that are completely unfair and unethical, maybe. Arguably. And what happens is people have no choice in the beginning, and so for several years or even decades, people put up with it.

But then eventually there's a lot of pressure and incentive for people to find alternatives. And once the, the cracks and the dam [00:18:00] start forming, people will flock to those alternatives. Pardon the mixed metaphors. But, uh, I think we're gonna see that eventually with Apple, even though right now they do have a complete monopoly.

Stephen DeLorme: Yeah. Or maybe not like a to, and they, they have a monopoly on the i, the Apple user ecosystem. Mm-hmm. That's for sure. Like they have for anybody using. iPhone, iPad, the, that, that kind of platform they have, they definitely have the monopoly over that.

Jordan Bravo: The next thing we wanna point out is, this is kind of a, a bit of historical trivia, but it, it, it gets to the heart of the matter, which is for those of you who remember the Mutiny wallet. I remember.

Stephen DeLorme: Rest in peace.

Jordan Bravo: Yeah, rest in peace. Mutiny Wallet. They, they no longer are being developed, but they were a really cool wallet.

And the way they started was, I heard [00:19:00] the, one of the lead developers, Tony, and he was describing the, the whole reason that they came up with this idea for having a, uh, a lightning node wallet in the browser was that they wanted to make an app store, uh, an iOS app, and they got banned from the app store.

I. Somehow Tony's name was on a, a bad, a naughty, naughty list, right? Like, uh, one of these OFAC or whatever organizations that publishes a list, and somehow Apple got it in their database that they weren't allowed to have this guy publish an app on their app store. So they said, screw it. We're just gonna get around the app store by making an app that can run in the browser and, and totally circumvent the app store.

And so that was the foundation and the genesis of the idea for the Mutiny wallet.

Stephen DeLorme: Yeah, it was funny, they eventually ended up getting into the app store later on, but it created, it kind of forced them to innovate with the [00:20:00] technology of like, how do we get a lightning node that can run in this kind of, you know, in a browser environment where like, you know, resources might be a little bit more limited and not guaranteed, and.

It is kind of, that's one of the promises of the early web that we, we kind of lost, I think I remember, uh, you know, telling people about this, like, uh, you know, like back in the, the early 2010s, I'm like, well, like, yeah, I know apps are cool, but like you can't run them everywhere and like. I remember trying to explain this to like one of my coworkers in like 2012 or 13 or so, that I was like, you know, the Gutenberg press was like kind of like a f you.

Like, you, I can print Bibles if I want, right? And then like, you know, the web is kind of a like, you know, you, I can publish like content on the internet, like I can like host it on my own web server and. Anyone can [00:21:00] access it. And it was like, there was nothing to me about app stores that were like inherently, you.

Uh, am I allowed to curse on your podcast?

Jordan Bravo: Absolutely.

Stephen DeLorme: Sorry. But, uh, like, it was just like, that's what it was like, that's what was kind of fun about when you look at technology and like, that's one thing that the web and the printing press have in common is that they really were these like, kind of, um, technologies that, uh, opened things up a lot.

And when we. Uh, you know, get into, um, you know, app stores. It's not, it's kind of the, it, you know, it's very much a like ask for permission technology. Now definitely it, it's packaged up in a very nice and simple ux and certainly from a security perspective, I think there, there app stores actually provide a huge benefit because, you know, I remember the dark ages before app stores.

It was like. People, you know, who had no idea what they're doing on their computer, just downloading whatever executables and running 'em. [00:22:00] And I mean, that was, you know, the, the nineties and two thousands were certainly these just security nightmares. Um, you know, I'm sure you remember the weather bug and, you know, all kinds of stuff like that.

You know, you download something onto your computer and not knowing what you're, you're doing and. Next thing you know, you have all these other bloatware and spyware and stuff that gets installed. Um, so definitely the app store has really improved on the, the usability. Not just like finding quality apps, but also like finding apps that are like, you know, um, while they may be spying on you, they're not like.

There it is not the same kind of spyware. Right. Well, actually that's a philosophical question, but a lot of times the stuff you find on like the Google and, know, apple app stores aren't these like, you know, just horrendous like, you know, virus applications that are like sucking up, you know, you know all of your memory and you know, all, all that kind of stuff.

But, [00:23:00] um, so it, it really improved on the security and usability of it, but it returned a lot of power. All the kind of power that I think humanity stripped away from institutions with the printing press and first the web, we just kind of gave it back with the app store.

Jordan Bravo: Exactly. It, it feels like a bit of a step backwards for the internet in some ways, um, in a similar way to when people, I think Facebook is on the decline.

At least that's the sense I get. I don't have any hard numbers to justify that statement, but. It seems like the peak Facebook time is, is passed. And when that was happening, when Facebook was on the Ascension, it felt like we were losing the open internet. We were stepping into this walled garden where everything was going through a, a single, uh, centralized party.

And it feels that way in, in some ways it feels like that for mobile apps as well. When we're talking about these [00:24:00] app stores. Yep. Okay. Well there is one more. Um, there is one more example of a centralized app store censorship, uh, an app that got censored. And this is on Google Play? Yeah. Yeah. And this is, well this is on iOS and Google Play, but, uh.

You may recall that a couple years ago when the Samurai developers were arrested, their servers were taken down and um, there was a lot of fear in the Bitcoin industry about getting, I. About, uh, companies that were in the Bitcoin space, they didn't want the US authorities to come after them because the US authorities had just flexed a huge muscle and shown that we don't care where you are, we're gonna arrest you.

And they had [00:25:00] arrested one of the Samurai developers was in. Portugal or Spain, I believe, and they just brought him back to the us extradited him. And, uh, they're, they're charging him. The, the trial is, is currently unfolding as we speak over the past several months in, in the future, several months. But, um, we don't know what the eventual outcome of that will be.

But the point is, when that occurred, we had a whole bunch of apps that were Bitcoin based. Pull out of the US It was really kind of a dark time for the Bitcoin space because of, there was a lot of progress being made in the lightning space and my, one of my favorite wallets to use was the Phoenix Wallet.

This was on iOS and Android. And what happened after they, they announced that they were pulling outta the us. Is they're still shipping their app and with, along with updates to their app on a regular basis all over the world. But [00:26:00] if you are located in the US and you are using the Apple App Store or the Google Play Store, that app is no longer listed.

So if you had that installed and you are, you have one of these app stores in the us, you are not gonna be able to update your app. And, and as most of you may know, apps have to be updated. Um, software rots. If you don't use it, there's constantly not only new features being shipped, but bugs, bug fixes as well.

And so you don't wanna have an old version of an app, especially when you're talking about Bitcoin and Lightning because your app might have, uh, an old version of a protocol and then you're not gonna be able to communicate mm-hmm. With not only their server, but maybe other people that are, you're paying or receiving from.

So you really do need to have this app being maintained and and updated regularly. So if you were getting your Phoenix wallet through one of these centralized stores, you were kind of out of luck. You had to get rid of the app, you had to pull off your funds out of [00:27:00] it and then uninstall it. However, if you were using, if you were getting your app via an alternative app store.

It didn't affect you. And now we're gonna get into the solutions. I just kind of teased it a little bit. Um, but the, the way that we can get around this is to use app stores that are not Google Play. Again, iOS users are out of luck. For the time being, I would like to take the moment to encourage you if you are, um, if you are interested in sovereign computing.

Maybe consider, just consider buying a low price Android device and putting a privacy respecting version of Android on there. And then installing one of these alternative app stores and just kind of running it in parallel with your main iOS device and seeing if you, uh. You know, could get used to it. So the [00:28:00] alternative app store that I wanna mention first before I get into the solution of how I got around the Phoenix issue is called the Aurora Store.

And the Aurora store is essentially a layer between you, the user, and the Google Play Store. So the problem with the Google Play Store, as we already talked about, is it's a centralized place for apps that can be censored, but it's also incredibly invasive for privacy. Uh, you have to be signed into your Google account, and so there is a record of every single app that you download and install, uh, that's associated with your Google account.

And what the, what Aurora store does is it's an app you download and then it's an app store, just like the Google Play Store. And, and instead of opening the Google Play, you open the Aurora store and all of the exact same apps are there because they're just spinning up servers with account, with anonymous accounts, and you're accessing the Google Play Store through their anonymous [00:29:00] accounts.

It's, I use it for apps that I can only get through the App Store. So, for example, my banking app, they don't ha, that's not an open source app. And so I can't go on GitHub and download their binaries or go on OID as I'm gonna talk about in a moment and install it because it's completely closed source.

And the only place that, that my bank distributes their app is via Google Play. But what I can do is go on Aurora store and without having to sign in or associate it with my identity in any way. And I can search and I'm gonna see all of this exact same search results as you would get with Google Play, and I can download it and install it and it works just great.

Stephen DeLorme: So, well, let's dig into that a little bit more. So you, you said like, you have the, the bank, they, they make an app, they put it on the Google, you know, Google place for only none of these, you know, cyberpunk app stores. So why not just download it from the, uh, Google Play App store?

Jordan Bravo: The reason is because if I'm downloading [00:30:00] anything from Google Play, I have to sign in with my Google account.

Mm-hmm. Now, there's, they have a complete list of every app I've ever downloaded and installed from them, and it's, and the Google Play Store itself has super privileges, super user privileges on Android. So stock Android. Most apps are, are, uh, sandboxed. It's a pretty good security model. Mm-hmm. The Google Play Store, it has kind of root access to the whole phone.

Mm. And even when it's closed, even if you're not using it, it's constantly communicating with Google servers, it's monitoring your app usage, your GPS data, basically everything. It's like. The, uh, the core spyware of, of, uh, Android because it's embedded in there with super privilege, super user privileges.

Stephen DeLorme: Got it, got

it.

Jordan Bravo: So by using the Aurora store, you get, I would argue all of the benefits without the tracking.

Stephen DeLorme: Got it. Okay.

Jordan Bravo: Uh, however, that doesn't get [00:31:00] around the issue of censorship. So if there are apps that are not allowed in the Google Play Store, you're not gonna see them in the Aurora store as well.

Which brings me to, uh, the next app I wanna recommend, which is Obtainium. Obtainium is actually my favorite way to get open source apps because you can add it directly from the source. And when I say that, I mean you can add apps that are listed on GitHub, on GitLab or or anywhere else where there is a open repository.

And once it's installed, it's just like any app store where it's gonna automatically update. And that's really one of the, the great benefits of these alternative app stores is keeping your apps updated. Because on Android you can download an Android binary, which is, has the extension APK K Android package, I believe.

And you can just throw those on your phone and run [00:32:00] anything anywhere that you can download an a PK, you can run it on your phone. The problem is good luck trying to keep everything updated. That's, I mean, imagine how many apps do you have on your phone? Stephen can't count exactly. Probably in the dozens, maybe hundreds.

And so trying to keep all of those updated is an impossible task, and that's where app stores come in.

Stephen DeLorme: Yeah, so it sounds like with this one, like if there was an open source Android app that I wanted to run, and it wasn't on Obtainium already, but I could find a GitHub repo for this project, and if that repo did publish binaries and their releases, then I could like add that project to Obtainium.

Is that right?

Jordan Bravo: Exactly.

Stephen DeLorme: Oh, very cool. Does, does Obtainium do any kind of verification of like signatures and all that? Because like one, one thing. I think is interested, I think is kind of underutilized with app stores and particularly with Bitcoin stuff is like, um, [00:33:00] just being able to validate the binary that you're running.

Being able to say like, you know, the developer signed off and said that, you know, the binary hashed to this value or the developer. Provided a signature for the binary here. That's really powerful. And you know, unfortunately the UX around kind of validating that stuff just isn't there most of the time.

And I'd love to see more services just being able to like tell you with a green check mark if a particular app validates against, you know, a set of known hashes or known signatures.

Jordan Bravo: That's a good question. And I don't know if Obtainium has that feature. I don't think they've implemented it yet. It might be on the roadmap.

One of the other options we're gonna get into in a moment does have that feature though.

Stephen DeLorme: Okay, cool.

Jordan Bravo: So let's, let's revisit that in a moment. Uh, you, you'll notice if you are looking, if you're watching the video, you can see we have the Obtainium site up here, and [00:34:00] it, it advertises that. It Suppo supports over a dozen source websites, including GitHub, GitLab, and F-Droid.

Now, for those of you who aren't aware, FDR is an alternative app store as well, along with a repository. So Android was actually the original alternative app store on Android. As far as I know, they're the, the, the OG in the space. So let's take a look at F-Droid. Okay, let's see there. They're, and F-Droid is. It, it's interface is a little old school looking, it looks like, uh, earlier

internet.

So

Stephen DeLorme: they're flashing their, uh, copy left symbol on their, their logo, you know?

Jordan Bravo: Yep. Yep. Their, their logo is a, is a sort of Android logo, but with the copy left symbol, and I, I believe the F in asteroid stands for free as in freedom. And what they are is an app store, just like Google Play where you download it, you can [00:35:00] go into it and search for apps.

They even have a homepage with recommendations. But the whole idea of asteroid is that everything is either free and open source or it, it passes various checks in terms of. Privacy and, uh, not doing anything shady. And they do use, uh, they do use signature verification for this app store.

Stephen DeLorme: Very cool. Yeah, it looks like, uh, so you can kind of be assured that, uh, if you're using stuff on this, it's probably going to be a decent app that's not selling your data.

Like when I look at the stuff on here, I'm like, okay, this is like stuff I recognize from the open source ecosystem, like. You got Mastodon right here and you know, I saw, um, uh, what else?

Jordan Bravo: Next cloud.

Stephen DeLorme: Next cloud. Yeah. I saw, uh, I saw a matrix client on here somewhere. Mm-hmm. So it's all kind of, uh, yeah. You [00:36:00] know, trustworthy open source applications.

Jordan Bravo: And the reason that I don't use asteroid as my preferred source is because. They tend to be a little slow releasing updates. F-Droid does, you said F-Droid. Yeah. And this is because they're a relatively small organization. I think it's just like a few man shop, few developer shop. And so they, they constantly have to be reviewing apps and then publishing the new versions, and so they tend to be a little bit behind.

So if there's an app that I already know and trust, like let's say Next Cloud or the Element Matrix client instead of. Subscribing to the feed on F-Droid, I'm gonna plug it into Obtainium, get it straight from the developers. Mm-hmm. And then I'm al always gonna have the latest version.

Stephen DeLorme: Yeah. Obtainium sounds great.

I mean, that sounds like a great idea, especially for the stuff that you, um, trust already. 'cause just trust the, you know, go, go to that GitHub repo, that'd be great. But yeah, F-Droid, I get it. [00:37:00] That sounds good. This could kind of give you, sounds like what F-Droid is doing as opposed to Obtainium is that like Obtainium is just like.

When you need access to an open source Android application, um, by whatever means like you where, whereas FDR seems like it's trying to kind of fill the gap left behind by the Google Play Store, but in an open source context, it's trying to provide the kind of like. Curation and, you know, perhaps some level of safety assurances.

I get that it is like a volunteer effort, but it, it looks just like from the screenshot and from the way you described it, like there's, they're trying to provide a little bit of like, um, a, a UX of like, okay, you can, you can somebody with, you know, somebody has looked at these applications, they had certain benchmarks.

There's some kind of like community curation. That sort of thing. Does that sound about right?

Jordan Bravo: Yeah, that's right. And they, they provide discoverability, whereas [00:38:00] Obtainium, I'm, I'm gonna be using Obtain, I recommend using Obtainium when you know the app that you want already. Mm-hmm. But if you were to go into F-Droid and say, you know, I'm interested in a Notes app that's open source, and you would just type in, you could do a search for notes, and you might get a bunch of search, you might get a bunch of results, and then maybe if you.

Uh, started using an app and you really liked it and you were gonna keep using it for the long term, and then you noticed that, hey, they don't have the latest version on asteroid. Maybe you wanna just plug that feed into Obtainium and get it straight from the developers.

Stephen DeLorme: That makes sense.

Jordan Bravo: The next two, uh, app store that we're gonna talk about is actually these next two.

These are in what I would call the more experimental. Phases, because these are pretty recent. I would say they're a year less than two years old. Um, one of 'em is called Zap Store, and this is a [00:39:00] Nostr based app store, or at least the, the creators of this are in the Nostr space and they, they advertise it as a social connection app store.

Meaning if somebody I know and trust. Is using it and they're my Nostr, uh, they're on my Nostr follow list and I trust them then, and they're, they've downloaded this app, then I can be more reasonably sure that this app is decent and I'm gonna be getting the same signature verified app that they downloaded.

Stephen DeLorme: That's kind of, and that's kind of a cool idea, I think. Um, have you used it?

Jordan Bravo: Uh, I have downloaded and installed it and I believe I tried downloading an app with it. Could not get it to work. Might be a bug. Um, but I, I'm gonna do more research on it. And the, the nap, the Zap store [00:40:00] blog, they have this question here, can Nostr fix app distribution?

And they, they talk about why, what their motivation was for. Making the Zap store, and they actually talk about here how the Google Play store and apps, apple App Store lead the pack with around 95% market share outside of China. So that, that goes to what we were talking about, which is pretty, a pretty, uh, big stranglehold on the market.

Stephen DeLorme: Yeah, it's an interesting idea. Uh, my, my, I don't know if this is a criticism, but just concern, I, I, I have, I have one. Reservation about this kind of platform, which I also apply to the, like Bitcoin Mints website. I forget the, the URL of it. But it's this kind of idea that like, okay, you have a social graph of people and like, you know, um, people can attest to liking something or using [00:41:00] something or downloading something with their Nostr profile.

So when I'm trying to review something. I can go be like, oh, well, like I see, you know, Jordan's nostr profile on this. Like he signed off on this like mint, maybe it's good. Or he downloaded this app, maybe it's good. And I like the idea kind of like, I think it, it, it might work. Uh, I do think the idea of.

Um, looking at your social graph, I don't even know if social graph is even a well-defined term, but just like the idea of like people you know, that you have strong connections with, um, or people that you know, people that you know, that you know, how do I say this? Like second second. Node connections.

Third. Third node connections. Third degree connections, that, that can be a good idea. I think. Um, it's kind of like a web of trust, so it's a cool idea. [00:42:00] But having said that, I, I do kind of wonder sometimes, like I, I think to some degree people are just lazy and like, especially with like. You know, some, there's like some apps that you might just download and like not really vet before you download it.

'cause it's just like, I'm feeling lazy, I want this, I need whatever this is right now. I wanna download it and give this a shot. And like, I, I think there can be like a false sense of reputation perhaps if, um, you know, like how do you know your friends are really like super qualified to like vet these kinds of apps, right?

Like, which is worth more the opinion of. 10 of your friends or the opinion of like one person you don't know all that well, but who really knows their shit. Um, so I, I don't know. I'm not saying it's a bad idea. I'm not saying we shouldn't try it. It's just one of those kind of edge cases to kind of think about.

I think the social graph verification, there's an idea we should explore, [00:43:00] but I don't know that it's like the, you know, panacea that that fixes everything.

Jordan Bravo: I agree with what you're saying and I really wanted to mention Zap Store because it's a new interesting project.

Stephen DeLorme: Yeah.

Jordan Bravo: That's trying to do something different.

So I would say keep an eye on this. Don't necessarily make it your only source of apps, but um, this could be something big in the future.

Stephen DeLorme: Yeah, that's a cool idea.

Jordan Bravo: Okay.

The next app store that I wanna talk about is called a Accrescent, and that's A-C-C-R-E-S-C-E-N-T. It's a weird name, but this is actually a promising app. It's got, uh, they advertise themself as having security, privacy, and usability. And they actually do a really good job on the ux.

I've downloaded this and played with it a little, and their UX is great. This actually feels like a [00:44:00] modern app store. You know, it doesn't look like Froy, like it was made in the nineties. And it's a little bit, it's smoother UX than Obtainium. It actually has more discoverability. Um, they also talk about several technical details for security.

In terms of, they have app signing, key pinning, which is, uh, basically you're getting signature verification by the developers. Um, they also have unattended automatic updates without relying on privilege OS integration. And these are kind of technical details, but they're important for security. There's no account required.

So privacy is good and. They are also available in the Graphene OS app store and I actually hadn't planned on talking about the Graphene OS App Store, but um, there are a small number of apps when you install Graphene [00:45:00] os, which is a de Googled version of Android, where you can, they have a very high bar for allowing apps to be in there in their, in their app store.

The built-in OS app store. So there's a small number of them in there, but you can have pretty good assurance that these are heavily vetted. And so the fact that a Accrescent is already in there and it's kind of a default app on, it's almost blessed by the Graphos developer project. That's a good sign to me that a Accrescent might be worth taking a look at.

Stephen DeLorme: Hmm. And the app signing, key pinning, I'm guessing this has to do with like verifying the signature of the apps.

Jordan Bravo: Yeah, that's right. They, they talk about how first time installs are verified so you don't have to tofu. That's trust on first use. And this is a, a bad, uh, a negative security feature of other app stores.

For example, the F-Droid store, when you [00:46:00] download an app, it, it uses the keys that comes with the app and you're basically saying, if I install this, consider this key Trusted.

Stephen DeLorme: Yeah. And I, I was reading, that's interesting. I had never heard the tofu acronym, but it makes sense. It was just comparing in the Wikipedia article I brought up to like when you s when you SSH into a server the first time and it's like, warning, we've never connected to this server.

Do you want to trust this, you know, server's certificate? And it's like, well, yeah, sure. And you know, I guess you, you, you know, in theory that could be an attack, vector and all of that, but a lot of times we just say, yeah, sure, whatever.

Jordan Bravo: Right.

Stephen DeLorme: Added to known hosts.

Jordan Bravo: So ag again, it's not a make or break feature, but it is a nice to have it sounds like from a security point of view.

Stephen DeLorme: Totally. I mean, I'd love it. Um, I, I, I like, I like the idea of being able to say like, um, you know, to not have to do the tofu. I think it'd be really cool to, uh, you know, I, I, I mean, I think [00:47:00] it's, it'd be a really cool idea, like in one of these app stores, if I could see something. Like, you know, let's say it was a Bitcoin wallet it or something like that.

I'd love it if in the app store it could be like, you know, it will show you the latest version, like, you know, version 2.3 and it would say like, signed by Alice and Bob, or whoever the developers are. And I could tap on that and it would like, you know, I don't know, take me to the GitHub repo or take me to some kind of like, you know, like place where that developer is like publish their key.

Something like that, that could be really cool.

Jordan Bravo: And so if I'm reading this right, I think what a Accrescent is doing is when you submit an app to the app store, you upload your keys, the developers do. Mm-hmm. And then it can use that to verify without having to just trust this random key. Like if you've

installed a Accrescent in a secure manner, for example, from the Graphos store. Mm-hmm. Then, you know, there's kind of that chain of trust like. You [00:48:00] trust graphos. You trust a Accrescent, you trust the developer keys. Got it. Uh, anything else you wanna cover when it comes to alternative app stores or censorship on the mainstream app stores?

Stephen DeLorme: Oh, no, I don't think so. Um, yeah, I, I, I am curious about trying some of these more on my own. Um, I. Yeah, I'm curious. I wish, I wish, uh, we had more options available to us in Apple Land and maybe one day I'll, uh, make the, uh, the adventure of, uh, leaving, leaving Apple behind. Um, I would be nice. So yeah, I'm excited to try sometime.

Jordan Bravo: I encourage you and the people listening and. Excuse me, listening and watching to give it a try. You don't have to leave behind iOS. You can run both in parallel, even if it's just a tinker. You know, I buy a [00:49:00] inexpensive older generation Android store or Android, uh, phone and throw some freedom loving apps on there.

Freedom loving stores.

Stephen DeLorme: You know, I do have an Android phone that I sometimes use just for like, you know, well, especially back when I was, uh, doing Bitcoin design guide work. I'd be like testing wallets all the time, and. I'd really like to test wallets on, like how they perform on like really crappy, like old, like Android devices with like, you know, not much memories, low CPUs, all that kind of stuff.

Because I think like when you're thinking about like, you know, stuff like that globally, it's like you get a little biased because like in in, in the US you'll just have like a ton of people on iPhone and 5G and stuff like that. And it's just not the same all over the world. Um. You know, people could have slower phones, slower internet connection, so it's good to test.

But anyways, I have noticed like those phones, for me, those like cheap Android phones are just like the most painful things to use. They're like, it's just like so slow. [00:50:00] Just like. Waiting for like you have to log into Google and it's like, okay, let me press the login button. And it just like wheel spinning for like 30 seconds and then it'll come up with like, Hey, it's like our cool like Google motion graphics animation to show how like fun, loving and approachable our UX is.

And then the animation just goes so like slow. You're like waiting to like watch one of these like cartoon characters animate in the. One of the apps just, you know, anyways, I'm, I'm riffing off this a little too hard, but point is some of these like slow Android phones are just way, like annoying to even do basic things on, and I'd really love to try, um, this would be expensive, but I would love to try Obtainium and, uh, F-Droid and Zap store and all the rest on like the most cutting edge, fastest Android capable device.

Like, I would like that, like apple-like speed of like a just beautiful camera [00:51:00] with, you know, lenses of varying focal lengths and like, you know, GPU accelerated graphics and all this stuff. I love that. But to try it with like graphene or something sometimes .

Jordan Bravo: You make a great point. When I put out the option for older androids and cheaper androids.

This is just to tinker with, but you're never gonna be able to replace your latest generation iPhone with one of these older, cheaper devices. You really have to go with the Pixel. To me, there's no other option. The Google Pixel is the Android competitor to the iPhone. Mm-hmm. And so for me, it's Pixel or nothing.

And so if you have a modern pixel with a D, Googled Android running on it, like Graphos, you're gonna get a a. In my opinion, a great experience. But uh, if you are Tin Green with an old Android, just be aware. Like Stephen said, you're gonna, it's a lot slower, but this is a lot cheaper hardware.

Stephen DeLorme: Yeah, so that's crazy that it is the [00:52:00] Google made phone, but the people, the people who hate Google the most by the Google made phone so that they can get away from Google.

Jordan Bravo: The irony is so juicy.

You can just taste it.

Stephen DeLorme: It's like I tell people like five times a week, we're already living in the cyberpunk future. Like we have all this like science fiction that's like. Whoa. In the future everything's gonna be like dark and dreary like Blade Runner and people with Mohawks are gonna run around hacking shit all the time to survive on the streets.

But we're already there. Like, it's like just the amount of like stories I hear like, like this kind of thing. I hear a story like this every day of like people having to. Uh, tamper with, or tweak or, you know, for basically hack the technology. Like not always developer types, but just common people essentially having to kind of hack the technology in their lives to get what they want out of it.

So like, even though it's like stylistically and aesthetically. Doesn't [00:53:00] look like Blade Runner or like cyberpunk 20 79 3, whatever the number is. Like we're basically already living in the cyberpunk future. It's just a little bit more evenly lit.

Jordan Bravo: And this is, this is the beautiful part about sovereign computing, right?

This is making the technology serve us rather than serving some other third party like a, a company or a government. And I think it's a beautiful thing. We will get into this topic a lot deeper in terms of Android de Googled, Android and the operating system itself, uh, both on desktop and mobile. And this this'll be an upcoming episode.

We're really gonna dive into it and I'll talk more about the benefits of it and the hardware and the software. But, um, let that be a little teaser for you. Boost in and let us know. Do you have iOS? Do you have Android? Do you have a de Googled Android? Are you interested in trying out an [00:54:00] alternative app store?

You can also message us at s-o-v-e-r-e-i-g-n AT a-t-l-b-i-t-l-a-b DOT COM.. Again, s-o-v-e-r-e-i-g-n AT a-t-l-b-i-t-l-a-b DOT COM., and if you are in any. Podcast app, including Fountain. You can search for us by searching for the ATL Bitlab podcast.

Thanks everybody. We'll see you next time.

Stephen DeLorme: Catch you later.

Hey, thanks for listening. I hope you enjoyed this episode. If you want to learn more about anything that we discussed, you can look for links in the show notes that should be in your podcast player, or you can go to atlbitlab. com slash podcast. On a final note, if you found this information useful and you want to help support us, you can always send us a tip in Bitcoin.

Your support really helps us so that we can keep bringing you content like this. All right. Catch you [00:55:00] later.