Resources

FOSS Apps: What Are They and Are They Safe?

whatisfoss

Here we’ll dive into what exactly Free and Open Source Software (FOSS) apps are, discuss how to find them, how to evaluate if they’re actually secure, and how to install them safely on your Ghost Phone running GrapheneOS.

For a complete list of apps we pre-install on the Ghost Phone, visit our detailed app list page.

What inspired this article?

We often hear from customers who’ve just received their new Ghost Phone asking, “What are these F-Droid and Aurora Store apps pre-installed on my device?” or “How do I know which apps are safe to install?”

These are excellent questions! With Big Tech constantly collecting your data and traditional app stores like Google Play spying on your every move, knowing where to find privacy-respecting apps and how to evaluate them has never been more important.

If you’re wondering whether your favorite apps will work on your Ghost Phone, check out our article: Will my app work on the Ghost Phone?

What Are FOSS Apps?

FOSS stands for Free and Open Source Software. Let’s break this down:

Free: This doesn’t just mean “no cost” (though many FOSS apps are free to download). It refers to freedom – the freedom to use, study, modify, and share the software without restriction.

Open Source: The app’s source code (the programming instructions that make it work) is publicly available for anyone to inspect, modify, or enhance.

Why does this matter? When an app is closed source (like most apps on the Google Play Store), you’re forced to trust that the developers aren’t doing anything sneaky behind the scenes. It’s like buying a locked box where you can’t see what’s inside – you just have to take the seller’s word that it’s safe.

With FOSS apps, the “box” is transparent. Security researchers can examine the code to verify there’s no spyware, malware, or excessive data collection happening. This transparency doesn’t automatically make an app safe (more on that later), but it’s a significant advantage over the “trust us” model of closed-source apps.

App Stores on Your Ghost Phone

Your Ghost Phone comes pre-loaded with alternative app stores that prioritize privacy and security. Let’s explore each one:

F-Droid

F-Droid is a catalog of FOSS applications for Android. Think of it as a privacy-focused alternative to the Google Play Store.

Key features:

  • Contains only free and open-source apps
  • No tracking or advertising
  • Shows what anti-features exist in each app (tracking, ads, etc.)

F-Droid comes pre-installed on your Ghost Phone, and it’s the first place you should look when searching for privacy-respecting alternatives to mainstream apps.

Aurora Store

Aurora Store is an unofficial, privacy-focused client for the Google Play Store. Here’s what makes it special:

  • Allows you to access Google Play Store apps without a Google account
  • Doesn’t track your searches or downloads
  • Provides anonymous access to paid and free apps
  • Gives you access to apps not available on F-Droid

Think of Aurora Store as a privacy shield between you and Google. You get access to mainstream apps when needed, but without exposing your identity or allowing Google to track your behavior. Your Ghost Phone comes with Aurora Store pre-installed, providing you with an anonymous way to view, install, and update apps from the Google Play Store without Google accessing your user data.

Accrescent

Accrescent is the official GrapheneOS app store, containing a small but growing collection of apps specifically vetted by the GrapheneOS team.

Key points:

  • Most stringent vetting process of any app store
  • Apps meet GrapheneOS’s high security standards
  • Limited selection, but extremely trustworthy
  • Perfect for security-critical applications

While Accrescent offers fewer apps than other stores, each app undergoes rigorous security analysis by some of the most respected privacy experts in the industry. The key difference from F-Droid is that developers submit their own signed apps rather than the store rebuilding them, which can provide better security guarantees and allows for more timely updates.

Quick App Store Tutorial

Obtainium

Obtainium is a newer tool that allows you to install and update apps directly from their developers’ official sources (like GitHub, GitLab, etc.).

What makes Obtainium unique:

  • Bypasses app stores entirely
  • Gets updates directly from developers’ release pages
  • No middleman or intermediary server
  • Great for apps that aren’t available on other stores

With Obtainium, you’re getting apps straight from the source, which can be more secure when dealing with trustworthy developers, but requires more diligence on your part to verify the source’s legitimacy. It’s particularly useful for keeping up with faster app updates that might not be immediately available in F-Droid or other app stores. Although Obtainium is not pre-installed on the Ghost Phone, you can install it from F-Droid or directly from the developer’s website.

How to Evaluate App Safety

Just because an app is open source doesn’t automatically mean it’s safe. Here’s how to evaluate apps before installing them:

Check the Permissions

One of the biggest advantages of GrapheneOS is its robust permission system. When installing an app, carefully review what permissions it’s requesting:

  • Does a simple calculator app need access to your contacts? 🚩 Red flag!
  • Does a messaging app need access to your camera, files and microphone? That makes sense if you care to send pictures or do voice calls through the app. No worries.
  • Does a photo editing app need constant location access? 🚩 Red flag!

With GrapheneOS, even after installing an app, it will ask your permission before allowing access to sensitive data or device functions. This is different from standard Android, which often grants permissions automatically when you agree to an app’s terms of service. On your Ghost Phone, you can always deny these permissions or grant them only while using the app.

Pro Tip: In your Ghost Phone’s Settings app, go to Privacy > Permission Manager to review and modify permissions for all installed apps. This is a great way to audit which apps have access to what data on your device.

Look at Update History

An abandoned app can be a security liability. Before installing, check:

  • When was the app last updated?
  • How frequent are the updates?
  • Does the developer respond to security issues quickly?

Apps that haven’t been updated in 6+ months might have unpatched security vulnerabilities. Active development typically indicates that security issues will be addressed promptly.

Verify the Source

Where are you getting the app from?

  • F-Droid and Accrescent build apps from source and add their own verification
  • Aurora Store gives you access to Play Store apps (check developer reputation)
  • Obtainium requires you to know and trust the developer’s source

Always be wary of downloading APK files directly from random websites – this is how malware spreads!

Remember: FOSS ≠ Automatically Safe

This bears repeating: just because an app is open source doesn’t automatically make it safe. There are plenty of examples of FOSS apps that:

  • Have security vulnerabilities that haven’t been fixed
  • Collect more data than necessary
  • Come from developers with questionable motives
  • Request excessive permissions
  • Haven’t been updated in years (abandoned projects)

The advantage of FOSS isn’t guaranteed security; it’s transparency and community oversight. Someone has to actually look at the code to identify problems – and sometimes small projects don’t get enough eyeballs to catch everything.

As we like to say at MARK37: “Trust, but verify.” Or better yet, “Verify, then trust.”

Even when using FOSS apps, you should still apply the same scrutiny to their permissions and behavior. The fact that an app is open source is just one factor in evaluating its trustworthiness.

Our Recommended FOSS Apps

We pre-install around 40 vetted apps on your Ghost Phone, which you can explore in our complete app list. We’ve carefully selected these apps after extensive research to provide you with a privacy-respecting alternative to just about every mainstream app you might need.

Some standout FOSS apps worth exploring include:

  • Aegis – For secure two-factor authentication
  • Thunderbird – A full-featured email client
  • QUIK – An excellent SMS/text messaging app
  • AntennaPod – For podcast listening
  • Fossify Music Player – A simple, private music player
  • NewPipe – YouTube without the tracking

If you’re wondering whether a specific app you rely on will work on the Ghost Phone, our article Will my app work on the Ghost Phone? explains that most Android apps will work just fine – and for those that require Google Play Services, GrapheneOS provides a sandboxed version that allows these apps to function without compromising your privacy.

Need help finding privacy-focused alternatives to your favorite mainstream apps? Contact us at support@mark37.com or reach out to one of our online forums and ask for personalized recommendations tailored to your specific needs!

Still confused and want to learn more? Check out the article “What is FOSS?” from ItsFoss.com HERE.

Remember, taking control of your digital privacy isn’t about being “techie” – it’s about being aware of the choices available to you. By understanding where your apps come from and how to evaluate them, you’re taking an important step toward digital sovereignty.

Connect on Social Media

Get updates by email
Shopping cart0
There are no products in the cart!
Continue shopping