Bypass App Store Censorship With These Tools - The Sovereign Computing Show (SOV010) - ATL BitLab Podcast

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Jordan Bravo (00:00):
You may not know this app or even care, but it's just one example

(00:03):
of when Apple's draconian measuresbasically said our way or the highway.
They said, you can't have thisfeature unless you pay us 30%
of every zap that takes place.

Stephen DeLorme (00:15):
The Gutenberg press was kind of like a "f*** you".
Like, "**** you, I can printBibles if I want", right?
And then the web is kind of a like,**** you, I can publish content on the
internet, like I can host it on my ownweb server and anyone can access it.
There was nothing to me about app storesthat were like inherently "**** you".

Welcome to the Sovereign Computing Show, presented by ATL BitLab.
I'm Jordan Bravo, and this is apodcast where we teach you how to
take back control of your devices.
Sovereign Computing means you own yourtechnology, not the other way around.

This episode is sponsored by ATL BitLab.
ATL BitLab is Atlanta'sfreedom tech hacker space.
We have co working desks,conference rooms, event space,
maker tools, and tons of coffee.
There is a very activecommunity here in the lab.
Every Wednesday night isBitcoin night here in Atlanta.
We also have meetups for cyber security,artificial intelligence, decentralized

(01:14):
identity, product design, and more.
We offer day passes and nomad passesfor people who need to use the lab only
occasionally, as well as membershipsfor people who plan to use the lab
more regularly, such as myself.
One of the best things abouthaving a BitLab membership isn't
the amenities, it's the people.
Surrounding yourself with acommunity helps you learn faster
and helps you build better.

(01:35):
Your creativity becomes amplifiedwhen you work in this space,
that's what I think at least.
If you're interested in becominga member or supporting this space,
please visit us at atlbitlab.
com.
That's A T L B I T L A B dot com.
Alright, on to our show.

Welcome to the Sovereign Computing Show.
I'm Jordan Bravo and I'm heretoday with Stephen DeLorme

Sup.

We wanna remind you that you can contact the
show by boosting in on Fountain.
That's Fountain FM is their website.
And you can also download theFountain app on Android and iOS.
Search for the ATL Bitlab podcast.
And you can see all of our shows.
We also recently added a emailaddress that you can write in.

(02:27):
If you want to contact us,it's sovereign@atlbitlab.com.
That's sovereign.
Don't forget to spell it correctly.
S-O-V-E-R-E-I-G-N@atlbitlab.com.
All of this will be in the show notesif you want to go back and check it out.

Yeah, I was trying to like be a badass and pull up
crypt pad fr and like type it outon screen for everybody so we'd have
a visual aid for anybody watching.
But this encrypted stuffis just taking so long.
But I mean, I finally havemy document on screen now.
Um, and now I'm just killingtime, so I have an excuse to
actually, you know, type this out.

We are figuring this out as we go along.
So you're hearing all of the,the warts and the unpolished
aspects of the show production.
Uh, next we're gonna getinto the erota corrections or
updates from previous episodes.
So a couple episodes ago we talked aboutthe, in the private payments topic.

(03:35):
I wanted to update everybodyon in-person payments.
I have two great additions to that topic.
First, we had talked about how inperson it's hard to pay for things
privately because we, we talked abouthow virtual debit cards are available
with privacy.com, which is a greatservice if you're buying things online.

(03:56):
However, when you're in person, ifyou have to have a physical card, your
options are a little more limited.
During that topic, we only knewabout cash, or, or at least that's
the one we discussed at the time.
But a lot of places don't takecash anymore, so, uh, I now
have, I'm happy to announce twoadditional methods that we can use.

(04:16):
The first one is.
Getting a physical cardshipped to you from BitRefill.
We talked about BitRefill and howyou can go to BitRefill.com and you
can pay with Bitcoin to anonymouslybuy a virtual Visa gift card that
you can use anywhere online, but theyalso have a physical card option.
I tried this out this week andI had, I, I bought it with, with

(04:40):
Bitcoin and Lightning, so it wasvery quick and anonymous, and then
I selected the physical card option.
I put in a random name for the name,and then for the shipping address,
I put in a physical address ofa place that is not my house and
somewhere that I can get mail sent to.
Um, I would say even if you hadthis shipped to your home, you're

(05:01):
still getting a privacy benefit.
So if you have nowhere to shipit to other than your home, this
might still be a good option.
But anyway, that arrived today and it hassome random name that I put on it, on it.
I went to a coffee shop and Ibought myself some tea and I
swiped it and it worked perfectly.
So happy to announce thatthat is a good option.

(05:24):
The other in-person option thatwe can do is a lot of major
chains have their own app.
So if any store that you shop at hasits own app, uh, I'm gonna give the
example of the Kroger grocery store.
There's also something like Walmart wouldwork, but really any place that has its
own app where you can pay through the app.

(05:45):
So for example, if I'm at Kroger.
No, with the Kroger app, I'm at checkout.
I open up the app andthen it shows a QR code.
And when I go to pay, instead ofusing a payment card, debit or credit
card, I just scan that QR code onthe, the, the checkout scanner.
And what it does is it, it bills whateverpayment method I've hooked up in the app,

(06:07):
and that can be any bit, um, any debitor credit card, including my privacy.com
virtual card that I spin up for Kroger.
So by taking advantage of places whereyou can pay with an app, you can use
privacy.com and keep all of your paymentsprivate for that in-person store.

Sweet.

Alright.
Today's main topic that we're gonnatalk about is how to circumvent
app store censorship First,what is app store censorship?
Uh, I mean, it sounds prettyself-explanatory, but let's
give a few examples of whenthis occurred in the past.
And the problems that arise from it,and then we'll move on to solutions

(06:48):
and how to get around that censorship.
Um, spoiler alert, if you are an iOSuser, you're a little bit out of luck.
However, I encourage you to keeplistening because you're gonna
hear a lot of good information.
Uh, in addition to whether you mightsomeday try Android, just being aware
of the problem can also, uh, add toyour ability to master your technology.

(07:15):
So we're gonna go through a fewexamples of when censorship was a
huge issue on mobile app stores.
Now let's, let's lay out the,the context first when you
are on iOS or stock Android.
You can only get your apps through acentralized app store that's curated
by the owner of the operating system.

(07:36):
So Apple, in the case of iOS and Google,in the case of Android, that is a central
point of failure, which we've talkedabout a lot on sovereign computing and
how to avoid these or, or why we wannaavoid these because this can lead to
censorship or even, um, non-maliciousforms of, uh, failures, right?

(07:56):
Like if Google was hacked or.
They're, uh, tricked or misledor, or a government puts pressure
on them or there's any kind oflegal or jurisdictional issue.
They have to follow that and,and keep apps out for any reason.
You have no recourse because every singleapp has to go through that app store.

(08:16):
In addition, there are devs outthere that a lot of you may not know
because you don't ride on the mobile.
App development space, but it'sreally difficult for a lot of devs to
get their apps through the iOS, uh,app Store or the Google Play Store.
A lot of times it'sbecause of a money issue.

(08:36):
So there's a couple of examples.
The, the app, uh, 37 Signals, whichI think might be now called, or
excuse me, the company 37 Signals,which I think is now called Basecamp.
They have an app called, Hey, HEY.
And they famously had a problem in 2020,and again in 2024 when they, apple wanted

(08:58):
30 pers, 30% cut for the way that theywere getting payments from their users.
And it was a, a prettycontroversial thing where the
company pushed back against Apple.
And, um, this was, first it wasfor an email app and then in
2024 it was for a calendar app.
And, uh, it was.
You may not know this app or evencare, but it's, it's just one example

(09:22):
of a, a widely known example of whenthe, when Apple's draconian measures
basically said our way or the highway.
And if you don't conform, thenyou can't get in there the
way you wanna be in there.
Any additions you wanna add on that?

Yeah, minor correction.
I think they're still called 37 signals,but, uh, Basecamp is just like one
of their, like, earliest products.

Ah,

It's like a business collaboration thing.
It was kind of like Slackbefore Slack existed.
Um, but yeah, yeah, it was exactlytheir hey.com email service, email
product, and then it, 'em again withtheir hey calendar, uh, app, you
know, getting, you know, rejection.
They, I think, if I remembercorrectly, they tried to put their own.
Payment processing and theiroutside of like, you know, Apple's

(10:08):
payment system or whatever.
And that's where the, the issues came out.
Um, yeah, and I mean, it's like I, youknow, apple has the right to do that
as the owner of that, uh, platform.
I think there's no question about that.
But just, uh, you know, from abusiness perspective, they willed
an incredible amount of, uh, youknow, power and, and leverage over,

(10:31):
you know, the smaller businesses.

Yep.
Another example is Epic Games famouslyover the last couple years has been
battling with Apple because again,

in court, right?

And in court.
Yeah, they, they're actually app EpicGames is actually suing Apple and I
think that's still playing out in court.
Um, but a similar issue whereApple wants a 30% cut of.
All of the in-game purchases,something like that.
And so, uh, epic is challengingtheir stranglehold on the app

(11:05):
store, whether or not they win.
It's kind of besides the point of thepoint that we're making here, which
is that regardless of whether Appledoes have it right or doesn't have it
right, or is legally obligated to or,or isn't, or is perfectly justified in
charging, that they have the ultimate say.
And that's something that we wanna.

(11:26):
See if we can avoid and, uh, get around.
Another example that many of us mighthave noticed, this is a little bit more
widespread usage of the Amazon iOS app.
You might have noticed that if youtry to buy an ebook from Kindle or
an audiobook from Audible, whichis owned by Amazon, that you can't

(11:47):
actually do it in the Amazon iOS app.
You have to open up a separateweb browser, go into the web
interface and buy it through there.
And this, uh, is, was very confusingthe first time I encountered it because
it almost seemed like Amazon left outthis important piece of functionality.
Yeah.
But of course that wasn't the case.
It was because of this battle with.

(12:09):
With Apple and apple's, uh, 30% taxthat they have on every in-app purchase.
And so you might have noticed that.
I certainly noticed it with audio books.
I think Stephen, you,you noticed this as well.

It's, I've noticed it with Kindle actually with Kindle
and it's like, yeah, it's so weird.
'cause you can buy stuff through theAmazon app itself, but you can't.
You can't on iPhone go to, um, youcan't go buy Kindle books in the
Kindle app or in the Amazon app.
You have to go to an Amazon website.
It feels really clunky.

Is Apple's justification that these are digital products that are
being delivered through the app store.

That might be what it is.
That might be the distinction betweenlike, uh, you know, buying, um, a
broom or whatever off of amazon.com andbuying a, a digital book or something.
That's weird.
And it's just crazy that I even, even, um,uh, a company as big as, uh, Amazon, um.

(13:08):
Is, you know, like, no,we're not paying that.
Um, like I, I mean that'skind of a bold and risky move.
The thing is, is I think the smallercompanies that want to gain traction
probably are, you know, just, youknow, usually gonna acquiesce more to
Apple because they need exposure to thenetwork effects of the Apple App Store.

(13:28):
A big company like Amazon, like kind ofknows that people love their products at
this point, and so like they, I think,feel a little bit more empowered to
fight it and just be like, no, we'rejust gonna send people to our website.
But not everyone has that kindof leverage in the marketplace.

I bet you Amazon, some team at Amazon did a a calculation.
And they said, how many, howmuch revenue do we lose by
sending users outside of the app?
Yeah.
Yeah.
And is that less than the 30% thatwe would lose from paying Apple?
And it was probably financiallyjustifiable to do it like that.

(14:04):
Yeah.

I'm sure it was a calculated risk.

Mm-hmm.
The next app that, or the next situationof censorship that we wanna talk about.
And for you Nostr users outthere, you may remember this.
Is Damus on iOS?
Damus is a Nostr client that'ssolely on iOS, although maybe
it's now on Android as well.

(14:26):
But I think it's, I thinkit's strictly on iOS.

Originally it was, but I know that they've been doing
some other stuff like Note deckand, and some of this other stuff.
Yeah, yeah, yeah.
Available on iOS, iPad, Mac os.
So I think, uh, I think Damus is,you're right, is still Apple only,
but they have this other applicationcalled Note Deck that I, I think, um.
Is avail might be availableon other platforms, but don't

(14:49):
quote me on that anyways.

Okay, so the thing that happened with Damus, uh, I believe it
was in 2023, what happened was theyintroduced a feature called zapping,
which is just lightning payments to otherDamus users, or excuse me, other Nostr
users, regardless of, of the client.

Yeah.

And what Apple did was.
They said, you can't, you have thisfeature unless you pay us 30% of
every, every zap that takes place.
For those of you who understand zapsand lightning payments, you understand
how ridiculous that is because on Nostr,when people are zapping each other, this
could be non-custodial lightning paymentsbetween lightning users on any client.

(15:34):
So Damus is not getting a cut of thesepayments and the fact that Apple.
Wants 30% of every single oneof those is kind of absurd.
And so what, after battling withApple, what the Damus app app
devs had to eventually do was justremove that feature from Damus.
Otherwise they were no longer gonnabe listed on the Apple App store.

Yeah.
I think if from memory serves,they left the, like the.
Ability to attack someone's lightningaddress and the, their like Nostr
profile and like pay them directly.
I think the issue Apple had was the ideaof like, um, zapping people's posts.
Like trying to argue that like, oh, thisis kind of like a digital product or like

(16:18):
digital content or something like that.
And yeah, it was kind of ridiculous'cause it was like, well, no, the
content is actually free in public.
Like everyone's Nostr posts are.
You know, public, if they'reon public relays, there's
nothing that's being unlocked.
You're just kind of leaving a tip tothat person and you're saying, I'm,
I'm leaving you a tip because of thiscontent right here, this particular post.

(16:42):
But that wasn't good enough for Apple.
And yeah, eventually they,they, I remember it was like, I
used to use DOIs all the time.
And then, uh, I don't know, oncethe Zap button, uh, disappeared on
iPhone, it was, uh, I don't know, alittle less, less pleasant to use.

30% seems really steep to me, and I think we're gonna see this.
I feel like this is an instance, and thisis me just opining, I have no evidence for
this except for kind of looking back inthe history of humanity, which is when,

(17:17):
when I. Organization has absolute power.
In this case, we're talking aboutthe business world rather than
like a monarch over a mm-hmm.
Territory.
But they have absolute power.
And so when you have a monopoly, youcan act in a really unsavory manner.
You can have like usurious.
Pricing schemes.
You know, you can have just ridiculouslyhigh pricing schemes that are

(17:40):
completely unfair and unethical, maybe.
Arguably.
And what happens is people have no choicein the beginning, and so for several years
or even decades, people put up with it.
But then eventually there's alot of pressure and incentive
for people to find alternatives.
And once the, the cracks and thedam start forming, people will

(18:00):
flock to those alternatives.
Pardon the mixed metaphors.
But, uh, I think we're gonna see thateventually with Apple, even though right
now they do have a complete monopoly.

Yeah.
Or maybe not like a to, andthey, they have a monopoly on
the i, the Apple user ecosystem.
Mm-hmm.
That's for sure.
Like they have for anybody using.
iPhone, iPad, the, that, that kind ofplatform they have, they definitely
have the monopoly over that.

The next thing we wanna point out is, this is kind
of a, a bit of historical trivia,but it, it, it gets to the heart of
the matter, which is for those ofyou who remember the Mutiny wallet.
I remember.

Rest in peace.

Yeah, rest in peace.
Mutiny Wallet.
They, they no longer are being developed,but they were a really cool wallet.
And the way they started was, I heardthe, one of the lead developers, Tony,
and he was describing the, the wholereason that they came up with this idea
for having a, uh, a lightning node walletin the browser was that they wanted to

(19:13):
make an app store, uh, an iOS app, andthey got banned from the app store.
I. Somehow Tony's name was on a, abad, a naughty, naughty list, right?
Like, uh, one of these OFAC or whateverorganizations that publishes a list, and
somehow Apple got it in their databasethat they weren't allowed to have this

(19:34):
guy publish an app on their app store.
So they said, screw it.
We're just gonna get around theapp store by making an app that
can run in the browser and, andtotally circumvent the app store.
And so that was the foundation and thegenesis of the idea for the Mutiny wallet.

Yeah, it was funny, they eventually ended up getting
into the app store later on, but itcreated, it kind of forced them to
innovate with the technology of like,how do we get a lightning node that
can run in this kind of, you know, ina browser environment where like, you
know, resources might be a little bitmore limited and not guaranteed, and.

(20:13):
It is kind of, that's one of thepromises of the early web that we, we
kind of lost, I think I remember, uh,you know, telling people about this,
like, uh, you know, like back in the,the early 2010s, I'm like, well, like,
yeah, I know apps are cool, but likeyou can't run them everywhere and like.

(20:34):
I remember trying to explain thisto like one of my coworkers in
like 2012 or 13 or so, that I waslike, you know, the Gutenberg press
was like kind of like a f you.
Like, you, I can printBibles if I want, right?
And like whatever language I want.
And then like, you know, the web is kindof a like, you know, you, I can publish

(20:54):
like content on the internet, like I canlike host it on my own web server and.
Anyone can access it.
And it was like, there wasnothing to me about app stores
that were like inherently, you.
Uh, am I allowed to curse on your podcast?

Absolutely.

Sorry.
But, uh, like, it was just like,that's what it was like, that's what
was kind of fun about when you look attechnology and like, that's one thing
that the web and the printing presshave in common is that they really were
these like, kind of, um, technologiesthat, uh, opened things up a lot.
And when we.
Uh, you know, get into,um, you know, app stores.

(21:31):
It's not, it's kind of the, it,you know, it's very much a like
ask for permission technology.
Now definitely it, it's packaged up ina very nice and simple ux and certainly
from a security perspective, I thinkthere, there app stores actually provide
a huge benefit because, you know, Iremember the dark ages before app stores.

(21:52):
It was like.
People, you know, who had noidea what they're doing on their
computer, just downloading whateverexecutables and running 'em.
And I mean, that was, you know, the,the nineties and two thousands were
certainly these just security nightmares.
Um, you know, I'm sure you rememberthe weather bug and, you know,

(22:12):
all kinds of stuff like that.
You know, you download somethingonto your computer and not knowing
what you're, you're doing and.
Next thing you know, you have allthese other bloatware and spyware
and stuff that gets installed.
Um, so definitely the app store hasreally improved on the, the usability.
Not just like finding quality apps,but also like finding apps that are

(22:33):
like, you know, um, while they maybe spying on you, they're not like.
There it is not the same kind of spyware.
Right.
Well, actually that's a philosophicalquestion, but a lot of times the stuff
you find on like the Google and, know,apple app stores aren't these like, you
know, just horrendous like, you know,virus applications that are like sucking

(22:54):
up, you know, you know all of your memoryand you know, all, all that kind of stuff.
But, um, so it, it really improvedon the security and usability of
it, but it returned a lot of power.
All the kind of power that Ithink humanity stripped away from
institutions with the printing pressand first the web, we just kind of
gave it back with the app store.

Exactly.
It, it feels like a bit of a stepbackwards for the internet in some ways,
um, in a similar way to when people,I think Facebook is on the decline.
At least that's the sense I get.
I don't have any hard numbersto justify that statement, but.
It seems like the peakFacebook time is, is passed.

(23:37):
And when that was happening, whenFacebook was on the Ascension, it felt
like we were losing the open internet.
We were stepping into this walled gardenwhere everything was going through
a, a single, uh, centralized party.
And it feels that way in, in some ways itfeels like that for mobile apps as well.

(23:58):
When we're talking about these app stores.
Yep.
Okay.
Well there is one more.
Um, there is one more example of acentralized app store censorship,
uh, an app that got censored.

(24:19):
And this is on Google Play?
Yeah.
Yeah.
And this is, well this is oniOS and Google Play, but, uh.
You may recall that a couple yearsago when the Samurai developers were
arrested, their servers were takendown and um, there was a lot of fear in

(24:41):
the Bitcoin industry about getting, I.About, uh, companies that were in the
Bitcoin space, they didn't want the USauthorities to come after them because
the US authorities had just flexed ahuge muscle and shown that we don't care
where you are, we're gonna arrest you.
And they had arrested one ofthe Samurai developers was in.

(25:03):
Portugal or Spain, I believe,and they just brought him
back to the us extradited him.
And, uh, they're, they're charging him.
The, the trial is, is currently unfoldingas we speak over the past several months
in, in the future, several months.
But, um, we don't know what theeventual outcome of that will be.

(25:24):
But the point is, when thatoccurred, we had a whole bunch
of apps that were Bitcoin based.
Pull out of the US It was reallykind of a dark time for the Bitcoin
space because of, there was a lot ofprogress being made in the lightning
space and my, one of my favoritewallets to use was the Phoenix Wallet.

(25:44):
This was on iOS and Android.
And what happened after they,they announced that they
were pulling outta the us.
Is they're still shipping their app andwith, along with updates to their app
on a regular basis all over the world.
But if you are located in the USand you are using the Apple App
Store or the Google Play Store,that app is no longer listed.

(26:06):
So if you had that installed andyou are, you have one of those
app stores in the us, you are notgonna be able to update your app.
And, and as most of you mayknow, apps have to be updated.
Um, software rots.
If you don't use it, there'sconstantly not only new features being
shipped, but bugs, bug fixes as well.
And so you don't wanna have an oldversion of an app, especially when you're

(26:30):
talking about Bitcoin and Lightningbecause your app might have, uh, an old
version of a protocol and then you'renot gonna be able to communicate mm-hmm.
With not only their server, butmaybe other people that are,
you're paying or receiving from.
So you really do need to havethis app being maintained
and and updated regularly.
So if you were getting your Phoenixwallet through one of these centralized

(26:52):
stores, you were kind of out of luck.
You had to get rid of the app,you had to pull off your funds
out of it and then uninstall it.
However, if you were using,if you were getting your app
via an alternative app store.
It didn't affect you.
And now we're gonnaget into the solutions.

(27:13):
I just kind of teased it a little bit.
Um, but the, the way that we canget around this is to use app
stores that are not Google Play.
Again, iOS users are out of luck.
For the time being, I would liketo take the moment to encourage
you if you are, um, if you areinterested in sovereign computing.

(27:34):
Maybe consider, just consider buying a lowprice Android device and putting a privacy
respecting version of Android on there.
And then installing one of thesealternative app stores and just kind
of running it in parallel with yourmain iOS device and seeing if you, uh.

(27:56):
You know, could get used to it.
So the alternative app store that Iwanna mention first before I get into
the solution of how I got around thePhoenix issue is called the Aurora Store.
And the Aurora store is essentiallya layer between you, the user,

(28:16):
and the Google Play Store.
So the problem with the Google PlayStore, as we already talked about,
is it's a centralized place for appsthat can be censored, but it's also
incredibly invasive for privacy.
Uh, you have to be signed into yourGoogle account, and so there is a
record of every single app that youdownload and install, uh, that's
associated with your Google account.

(28:38):
And what the, what Aurora storedoes is it's an app you download
and then it's an app store,just like the Google Play Store.
And, and instead of opening the GooglePlay, you open the Aurora store and
all of the exact same apps are therebecause they're just spinning up servers
with account, with anonymous accounts,and you're accessing the Google Play
Store through their anonymous accounts.

(29:00):
It's, I use it for apps that I canonly get through the App Store.
So, for example, my banking app, theydon't ha, that's not an open source app.
And so I can't go on GitHub and downloadtheir binaries or go on OID as I'm gonna
talk about in a moment and install itbecause it's completely closed source.
And the only place that, that my bankdistributes their app is via Google Play.

(29:23):
But what I can do is go on Aurorastore and without having to sign in or
associate it with my identity in any way.
And I can search and I'm gonnasee all of this exact same search
results as you would get with GooglePlay, and I can download it and
install it and it works just great.

So, well, let's dig into that a little bit more.
So you, you said like, you have the,the bank, they, they make an app,
they put it on the Google, you know,Google place for only none of these,
you know, cyberpunk app stores.
So why not just download it fromthe, uh, Google Play App store?

The reason is because if I'm downloading anything from Google Play, I
have to sign in with my Google account.
Mm-hmm.
Now, there's, they have a completelist of every app I've ever
downloaded and installed fromthem, and it's, and the Google Play
Store itself has super privileges,super user privileges on Android.
So stock Android.

(30:17):
Most apps are, are, uh, sandboxed.
It's a pretty good security model.
Mm-hmm.
The Google Play Store, it has kindof root access to the whole phone.
Mm. And even when it's closed, even ifyou're not using it, it's constantly
communicating with Google servers,it's monitoring your app usage,
your GPS data, basically everything.

(30:39):
It's like.
The, uh, the core spyware of,of, uh, Android because it's
embedded in there with superprivilege, super user privileges.

Got it, got
it.

So by using the Aurora store, you get, I would argue all of
the benefits without the tracking.

Got it.
Okay.

Uh, however, that doesn't get around the issue of censorship.
So if there are apps that are not allowedin the Google Play Store, you're not gonna
see them in the Aurora store as well.
Which brings me to, uh, the next appI wanna recommend, which is Obtainium.
Obtainium is actually my favorite wayto get open source apps because you

(31:21):
can add it directly from the source.
And when I say that, I mean youcan add apps that are listed on
GitHub, on GitLab or or anywhere elsewhere there is a open repository.
And once it's installed, it'sjust like any app store where
it's gonna automatically update.

(31:41):
And that's really one of the, thegreat benefits of these alternative app
stores is keeping your apps updated.
Because on Android you candownload an Android binary,
which is, has the extension APKK Android package, I believe.
And you can just throw thoseon your phone and run anything
anywhere that you can download ana PK, you can run it on your phone.

(32:04):
The problem is good luck tryingto keep everything updated.
That's, I mean, imagine how manyapps do you have on your phone?
Stephen can't count exactly.
Probably in the dozens, maybe hundreds.
And so trying to keep all of thoseupdated is an impossible task, and
that's where app stores come in.

Yeah, so it sounds like with this one, like if there was an
open source Android app that I wanted torun, and it wasn't on Obtainium already,
but I could find a GitHub repo for thisproject, and if that repo did publish
binaries and their releases, then Icould like add that project to Obtainium.

(32:41):
Is that right?

Exactly.

Oh, very cool.
Does, does Obtainium do anykind of verification of like
signatures and all that?
Because like one, one thing.
I think is interested, I think is kindof underutilized with app stores and
particularly with Bitcoin stuff islike, um, just being able to validate
the binary that you're running.

(33:03):
Being able to say like, you know,the developer signed off and said
that, you know, the binary hashedto this value or the developer.
Provided a signature for the binary here.
That's really powerful.
And you know, unfortunately the UXaround kind of validating that stuff
just isn't there most of the time.
And I'd love to see more services justbeing able to like tell you with a

(33:26):
green check mark if a particular appvalidates against, you know, a set
of known hashes or known signatures.

That's a good question.
And I don't know ifObtainium has that feature.
I don't think they've implemented it yet.
It might be on the roadmap.
One of the other options we'regonna get into in a moment
does have that feature though.

Okay, cool.

So let's, let's revisit that in a moment.
Uh, you, you'll notice if you arelooking, if you're watching the video,
you can see we have the Obtainium siteup here, and it, it advertises that.
It Suppo supports over a dozensource websites, including
GitHub, GitLab, and F-Droid.
Now, for those of you who aren'taware, FDR is an alternative app store

(34:12):
as well, along with a repository.
So Android was actually the originalalternative app store on Android.
As far as I know, they'rethe, the, the OG in the space.
So let's take a look at F-Droid.
Okay, let's see there.
They're, and F-Droid is.
It, it's interface is a little old schoollooking, it looks like, uh, earlier

(34:34):
internet.
So

they're flashing their, uh, copy left symbol on
their, their logo, you know?

Yep.
Yep.
Their, their logo is a, is a sort ofAndroid logo, but with the copy left
symbol, and I, I believe the F inasteroid stands for free as in freedom.
And what they are is an app store, justlike Google Play where you download it,
you can go into it and search for apps.
They even have a homepagewith recommendations.

(35:04):
But the whole idea of asteroidis that everything is either
free and open source or it, itpasses various checks in terms of.
Privacy and, uh, not doing anything shady.
And they do use, uh, they do usesignature verification for this app store.

Very cool.
Yeah, it looks like, uh, so you can kindof be assured that, uh, if you're using
stuff on this, it's probably going to bea decent app that's not selling your data.
Like when I look at the stuff on here, I'mlike, okay, this is like stuff I recognize
from the open source ecosystem, like.
You got Mastodon right here andyou know, I saw, um, uh, what else?

Next cloud.

Next cloud.
Yeah.
I saw, uh, I saw a matrixclient on here somewhere.
Mm-hmm.
So it's all kind of, uh, yeah.
You know, trustworthyopen source applications.

And the reason that I don't use asteroid as
my preferred source is because.
They tend to be a littleslow releasing updates.
F-Droid does, you said F-Droid.
Yeah.
And this is because they're arelatively small organization.
I think it's just like a fewman shop, few developer shop.
And so they, they constantly haveto be reviewing apps and then

(36:27):
publishing the new versions, and sothey tend to be a little bit behind.
So if there's an app that I already knowand trust, like let's say Next Cloud or
the Element Matrix client instead of.
Subscribing to the feed on F-Droid,I'm gonna plug it into Obtainium,
get it straight from the developers.
Mm-hmm.
And then I'm al always gonnahave the latest version.

Yeah.
Obtainium sounds great.
I mean, that sounds like a greatidea, especially for the stuff
that you, um, trust already.
'cause just trust the, you know, go, goto that GitHub repo, that'd be great.
But yeah, F-Droid, I get it.
That sounds good.
This could kind of give you,sounds like what F-Droid is doing
as opposed to Obtainium is thatlike Obtainium is just like.
When you need access to an open sourceAndroid application, um, by whatever

(37:13):
means like you where, whereas FDR seemslike it's trying to kind of fill the gap
left behind by the Google Play Store,but in an open source context, it's
trying to provide the kind of like.
Curation and, you know, perhapssome level of safety assurances.
I get that it is like a volunteereffort, but it, it looks just like

(37:35):
from the screenshot and from theway you described it, like there's,
they're trying to provide a little bitof like, um, a, a UX of like, okay,
you can, you can somebody with, youknow, somebody has looked at these
applications, they had certain benchmarks.
There's some kind oflike community curation.
That sort of thing.
Does that sound about right?

Yeah, that's right.
And they, they provide discoverability,whereas Obtainium, I'm, I'm gonna be using
Obtain, I recommend using Obtainium whenyou know the app that you want already.
Mm-hmm.
But if you were to go into F-Droidand say, you know, I'm interested in
a Notes app that's open source, andyou would just type in, you could do a
search for notes, and you might get abunch of search, you might get a bunch

(38:17):
of results, and then maybe if you.
Uh, started using an app and youreally liked it and you were gonna
keep using it for the long term, andthen you noticed that, hey, they don't
have the latest version on asteroid.
Maybe you wanna just plug thatfeed into Obtainium and get it
straight from the developers.

That makes sense.

The next two, uh, app store that we're gonna talk
about is actually these next two.
These are in what I wouldcall the more experimental.
Phases, because these are pretty recent.
I would say they're a yearless than two years old.
Um, one of 'em is called Zap Store, andthis is a Nostr based app store, or at

(39:02):
least the, the creators of this are inthe Nostr space and they, they advertise
it as a social connection app store.
Meaning if somebody I know and trust.
Is using it and they're my Nostr,uh, they're on my Nostr follow list
and I trust them then, and they're,they've downloaded this app, then

(39:24):
I can be more reasonably sure thatthis app is decent and I'm gonna
be getting the same signatureverified app that they downloaded.

That's kind of, and that's kind of a cool idea, I think.
Um, have you used it?

Uh, I have downloaded and installed it and I believe I
tried downloading an app with it.
Could not get it to work.
Might be a bug.
Um, but I, I'm gonnado more research on it.
And the, the nap, the Zap storeblog, they have this question here,
can Nostr fix app distribution?

(40:06):
And they, they talk about why,what their motivation was for.
Making the Zap store, and theyactually talk about here how the
Google Play store and apps, appleApp Store lead the pack with around
95% market share outside of China.
So that, that goes to what we weretalking about, which is pretty, a pretty,

(40:27):
uh, big stranglehold on the market.

Yeah, it's an interesting idea.
Uh, my, my, I don't know ifthis is a criticism, but just
concern, I, I have, I have one.
Reservation about this kind ofplatform, which I also apply to
the, like Bitcoin Mints website.
I forget the, the URL of it.
But it's this kind of idea thatlike, okay, you have a social graph

(40:54):
of people and like, you know, um,people can attest to liking something
or using something or downloadingsomething with their Nostr profile.
So when I'm trying to review something.
I can go be like, oh, well, like I see,you know, Jordan's nostr profile on this.
Like he signed off on thislike mint, maybe it's good.

(41:14):
Or he downloaded thisapp, maybe it's good.
And I like the idea kind of like,I think it, it, it might work.
Uh, I do think the idea of.
Um, looking at your social graph, Idon't even know if social graph is even
a well-defined term, but just like theidea of like people you know, that you

(41:37):
have strong connections with, um, orpeople that you know, people that you
know, that you know, how do I say this?
Like second second.
Node connections.
Third.
Third node connections.
Third degree connections,that, that can be a good idea.
I think.
Um, it's kind of like a webof trust, so it's a cool idea.

(41:59):
But having said that, I, I do kindof wonder sometimes, like I, I think
to some degree people are just lazyand like, especially with like.
You know, some, there's like some appsthat you might just download and like
not really vet before you download it.
'cause it's just like, I'mfeeling lazy, I want this, I
need whatever this is right now.
I wanna download it and give this a shot.

(42:20):
And like, I, I think there can be likea false sense of reputation perhaps if,
um, you know, like how do you know yourfriends are really like super qualified
to like vet these kinds of apps, right?
Like, which is worth more the opinion of.
10 of your friends or the opinion oflike one person you don't know all that

(42:42):
well, but who really knows their shit.
Um, so I, I don't know.
I'm not saying it's a bad idea.
I'm not saying we shouldn't try it.
It's just one of those kind ofedge cases to kind of think about.
I think the social graph verification,there's an idea we should explore, but
I don't know that it's like the, youknow, panacea that that fixes everything.

I agree with what you're saying and I really wanted
to mention Zap Store becauseit's a new interesting project.

Yeah.

That's trying to do something different.
So I would say keep an eye on this.
Don't necessarily make it your onlysource of apps, but um, this could
be something big in the future.

Yeah, that's a cool idea.
Okay.

The next app store that I wanna talk about is called a Accrescent,
and that's A-C-C-R-E-S-C-E-N-T.
It's a weird name, but thisis actually a promising app.
It's got, uh, they advertise themself ashaving security, privacy, and usability.

(43:49):
And they actually do areally good job on the ux.
I've downloaded this and played withit a little, and their UX is great.
This actually feelslike a modern app store.
You know, it doesn't look like Froy,like it was made in the nineties.
And it's a little bit, it'ssmoother UX than Obtainium.
It actually has more discoverability.

(44:12):
Um, they also talk about severaltechnical details for security.
In terms of, they have appsigning, key pinning, which is, uh,
basically you're getting signatureverification by the developers.
Um, they also have unattendedautomatic updates without relying

(44:35):
on privilege OS integration.
And these are kind of technical details,but they're important for security.
There's no account required.
So privacy is good and.
They are also available in the GrapheneOS app store and I actually hadn't
planned on talking about the GrapheneOS App Store, but um, there are a small

(44:58):
number of apps when you install Grapheneos, which is a de Googled version of
Android, where you can, they have avery high bar for allowing apps to be
in there in their, in their app store.
The built-in OS app store.
So there's a small number of them inthere, but you can have pretty good
assurance that these are heavily vetted.

(45:18):
And so the fact that a Accrescent isalready in there and it's kind of a
default app on, it's almost blessedby the Graphos developer project.
That's a good sign to me that a Accrescentmight be worth taking a look at.

Hmm.
And the app signing, key pinning,I'm guessing this has to do with like
verifying the signature of the apps.

Yeah, that's right.
They, they talk about how firsttime installs are verified
so you don't have to tofu.
That's trust on first use.
And this is a, a bad, uh, a negativesecurity feature of other app stores.
For example, the F-Droid store, whenyou download an app, it, it uses

(46:02):
the keys that comes with the app andyou're basically saying, if I install
this, consider this key Trusted.

Yeah.
And I, I was reading, that's interesting.
I had never heard the tofuacronym, but it makes sense.
It was just comparing in the Wikipediaarticle I brought up to like when
you s when you SSH into a server thefirst time and it's like, warning,
we've never connected to this server.
Do you want to trust this, youknow, server's certificate?
And it's like, well, yeah, sure.

(46:30):
And you know, I guess you, you know, intheory that could be an attack, vector
and all of that, but a lot of timeswe just say, yeah, sure, whatever.

Right.

Added to known hosts.

So ag again, it's not a make or break feature, but
it is a nice to have it soundslike from a security point of view.

Totally.
I mean, I'd love it.
Um, I, I, I like, I like the ideaof being able to say like, um, you
know, to not have to do the tofu.
I think it'd be really cool to, uh, youknow, I, I, I mean, I think it's, it'd be
a really cool idea, like in one of theseapp stores, if I could see something.
Like, you know, let's say it was aBitcoin wallet it or something like that.

(47:08):
I'd love it if in the app store it couldbe like, you know, it will show you the
latest version, like, you know, version2.3 and it would say like, signed by Alice
and Bob, or whoever the developers are.
And I could tap on that and it wouldlike, you know, I don't know, take me to
the GitHub repo or take me to some kindof like, you know, like place where that

(47:30):
developer is like publish their key.
Something like that, thatcould be really cool.

And so if I'm reading this right, I think what a Accrescent
is doing is when you submit anapp to the app store, you upload
your keys, the developers do.
Mm-hmm.
And then it can use that to verify withouthaving to just trust this random key.
Like if you've
installed a Accrescent in a secure manner,for example, from the Graphos store.

(47:56):
Mm-hmm.
Then, you know, there's kindof that chain of trust like.
You trust graphos.
You trust a Accrescent, youtrust the developer keys.
Got it.
Uh, anything else you wanna cover whenit comes to alternative app stores or
censorship on the mainstream app stores?

Oh, no, I don't think so.
Um, yeah, I, I, I am curious abouttrying some of these more on my own.
Um, I. Yeah, I'm curious.
I wish, I wish, uh, we had moreoptions available to us in Apple
Land and maybe one day I'll, uh,make the, uh, the adventure of,
uh, leaving, leaving Apple behind.

(48:39):
Um, I would be nice.
So yeah, I'm excited to try sometime.

I encourage you and the people listening and.
Excuse me, listening andwatching to give it a try.
You don't have to leave behind iOS.
You can run both in parallel,even if it's just a tinker.
You know, I buy a inexpensiveolder generation Android store
or Android, uh, phone and throwsome freedom loving apps on there.

(49:07):
Freedom loving stores.

You know, I do have an Android phone that I sometimes
use just for like, you know, well,especially back when I was, uh,
doing Bitcoin design guide work.
I'd be like testingwallets all the time, and.
I'd really like to test wallets on,like how they perform on like really
crappy, like old, like Android deviceswith like, you know, not much memories,
low CPUs, all that kind of stuff.

(49:29):
Because I think like when you're thinkingabout like, you know, stuff like that
globally, it's like you get a littlebiased because like in in, in the US
you'll just have like a ton of peopleon iPhone and 5G and stuff like that.
And it's just not thesame all over the world.
Um.
You know, people could haveslower phones, slower internet
connection, so it's good to test.

(49:49):
But anyways, I have noticed likethose phones, for me, those like
cheap Android phones are just likethe most painful things to use.
They're like, it's just like so slow.
Just like.
Waiting for like you have to loginto Google and it's like, okay,
let me press the login button.
And it just like wheel spinning for like30 seconds and then it'll come up with

(50:10):
like, Hey, it's like our cool like Googlemotion graphics animation to show how like
fun, loving and approachable our UX is.
And then the animationjust goes so like slow.
You're like waiting to likewatch one of these like cartoon
characters animate in the.
One of the apps just, you know, anyways,I'm, I'm riffing off this a little too
hard, but point is some of these likeslow Android phones are just way, like

(50:36):
annoying to even do basic things on, andI'd really love to try, um, this would
be expensive, but I would love to tryObtainium and, uh, F-Droid and Zap store
and all the rest on like the most cuttingedge, fastest Android capable device.
Like, I would like that, like apple-likespeed of like a just beautiful camera

(50:59):
with, you know, lenses of varyingfocal lengths and like, you know, GPU
accelerated graphics and all this stuff.
I love that.
But to try it with likegraphene or something sometimes
.Jordan Bravo: You make a great point.
When I put out the option for olderandroids and cheaper androids.
This is just to tinker with, butyou're never gonna be able to replace

(51:21):
your latest generation iPhone withone of these older, cheaper devices.
You really have to go with the Pixel.
To me, there's no other option.
The Google Pixel is the Androidcompetitor to the iPhone.
Mm-hmm.
And so for me, it's Pixel or nothing.
And so if you have a modern pixelwith a D, Googled Android running on

(51:44):
it, like Graphos, you're gonna get aa. In my opinion, a great experience.
But uh, if you are Tin Green withan old Android, just be aware.
Like Stephen said, you'regonna, it's a lot slower, but
this is a lot cheaper hardware.
Yeah, so that's crazy that it is the Google made phone, but
the people, the people who hate Googlethe most by the Google made phone so

(52:06):
that they can get away from Google.

The irony is so juicy.
You can just taste it.

It's like I tell people like five times a week, we're
already living in the cyberpunk future.
Like we have all this likescience fiction that's like.
Whoa.
In the future everything's gonnabe like dark and dreary like Blade
Runner and people with Mohawks aregonna run around hacking shit all
the time to survive on the streets.
But we're already there.
Like, it's like just theamount of like stories I hear

(52:33):
like, like this kind of thing.
I hear a story like this everyday of like people having to.
Uh, tamper with, or tweak or, you know,for basically hack the technology.
Like not always developer types, butjust common people essentially having
to kind of hack the technology in theirlives to get what they want out of it.

(52:55):
So like, even though it's likestylistically and aesthetically.
Doesn't look like Blade Runner or likecyberpunk 20 79 3, whatever the number is.
Like we're basically alreadyliving in the cyberpunk future.
It's just a little bit more evenly lit.

And this is, this is the beautiful part about
sovereign computing, right?
This is making the technology serve usrather than serving some other third
party like a, a company or a government.
And I think it's a beautiful thing.
We will get into this topic a lotdeeper in terms of Android de Googled,

(53:31):
Android and the operating systemitself, uh, both on desktop and mobile.
And this this'll be an upcoming episode.
We're really gonna dive into it andI'll talk more about the benefits of
it and the hardware and the software.
But, um, let that be alittle teaser for you.
Boost in and let us know.
Do you have iOS?

(53:53):
Do you have Android?
Do you have a de Googled Android?
Are you interested in tryingout an alternative app store?
You can also message us atsovereign@atlbitlab.com.
Again, sovereign@atlbitlab.com,and if you are in any.

(54:13):
Podcast app, including Fountain.
You can search for us by searchingfor the ATL Bitlab podcast.
Thanks everybody.
We'll see you next time.

Catch you later.
Hey, thanks for listening.
I hope you enjoyed this episode.
If you want to learn more aboutanything that we discussed, you can
look for links in the show notesthat should be in your podcast
player, or you can go to atlbitlab.
com slash podcast.
On a final note, if you foundthis information useful and you

(54:46):
want to help support us, you canalways send us a tip in Bitcoin.
Your support really helps us so that wecan keep bringing you content like this.
All right.
Catch you later.

All Episodes

Bypass App Store Censorship With These Tools - The Sovereign Computing Show (SOV010)

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

On Purpose with Jay Shetty

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Bypass App Store Censorship With These Tools - The Sovereign Computing Show (SOV010)