15
Condor
1y

Recently I flashed Android 9 (Pie) on my Nexus, but to this day I still haven't logged into Google from it. One reason is because I don't know my password and I didn't git clone my password store yet (where it's contained). Another reason is because I want to reclaim my privacy and not be a data battery for a Matrix of convenience that feeds itself with my personal information. Eh, it sorta works out I guess. Yalp is an amazing alternative to the Play Store, and even offers its own shadow accounts to use along with Google Play.

One problem though, while I've noticed that I could log in with my own account to get all my premium apps (couple hundred euros worth, so not easy to just discard) it apparently violates Google Play's ToS to do so from a third-party app. So I'm a bit hesitant to do that. Do you know of any viable alternative way to preserve my privacy yet install, keep and have validated those premium apps? I could download them from e.g. BlueStacks and export the apk's, but that'd be tedious and wouldn't be able to get those apps validated on my phone unless I log into Google there as well (which kinda defeats the purpose). Any suggestions?

Comments
  • 2
  • 2
  • 2
    ✏️
  • 4
    Using those apps in any way without having logged in to validate... would be against their TOS

    Using a "cracked" apk, would be ag...

    You're ending up in the loop of roadblocks there anyway ... :')
  • 1
    @xewl Well I have properly paid for them, just that in order for the app to check whether I did, it usually reads my Google Play order history. The apps aren't cracked in any way, I'd just download it from Google Play in BlueStacks as usual, and then e.g. let it check on that BS session (where I am logged in), then copy its apk and odex to my phone. The issue is that I'd have to uninstall, reinstall and reactivate each prime app for every update through that BS host and transfer it again, or not update at all. And that doesn't cover the apps that verify upon every launch.

    So yeah, nothing illegal here in terms of paid apps. I have paid for them, but I don't want to have to pay for them twice on a shadow account, risk getting it removed due to Google Play ToS violation (they don't allow third-party apps like Yalp to access your Google Play account), making a new one, paying thrice... You get the idea, right.

    Google only allows people to download apps from their store from their account, in the Google Play app. This means that any account used for Yalp is subject to deletion.. and hundreds of euros of apps doesn't seem worth the risk.

    I could contact each prime app's developer via email and ask them to provide a build that doesn't check against Google Play, but that'd be tedious both for me and those devs, and I'm sure that not every app dev will be in for this.
  • 3
    @Condor none of them will :/ and Wall of Text duuude haha
  • 2
    @Condor I'd love to help but no clue. I left the play store years ago so yeah 😅
  • 1
    Or you use PlayMaker
  • 0
    @S-Homles-MD That's the idea behind the BlueStacks solution, but I'm not sure that it'll work. Google Play verification can prove to be a major pain in the lower back.
  • 0
    @TheOct0 Never heard of that to be honest, and I couldn't seem to find anything other than something from Unity either. What exactly is it?
  • 1
    @Condor https://github.com/NoMore201/...

    It's basically an utility to make your own F-Droid repo out of apps you download with your Google Play account.
  • 1
    @TheOct0 That's actually a really interesting idea. So it'd download Google Play apps from there using my Google Play account, and then serve them as a private F-droid repository? if I could get it to forward verification attempts as well, that could work I guess. Nonetheless, that'd be able to remove Yalp from the equation and allow me to just stick with F-droid. I'll definitely give this a try!
  • 1
    @Condor I'd love to do it myself, just need some time :)
  • 1
    @TheOct0 Time is of the essence here as well. My backlog is huge!
  • 2
    The cost of the app is not just €4,99, it's €4,99 plus a finger up your butt.

    So while it's not unethical in my opinion to crack/sideload apps you've paid for, it's going to break rules no matter how you do it.

    Also, technically you don't buy apps. You buy a non-exclusive license to save, use and display the product on your devices — a license which Google is allowed to terminate when you violate their TOS.
  • 1
    @TheOct0 you mean the same exact licensing scheme as anybody else? we have long moved from owning software - mainly the reason why e.g. nobody has a cd drive anymore and just uses steam - any service in fact that you buy something from, can terminate you at any time, making you lose any bits bought/acquired, not saying that's great, but there's no way around it, as you can't just rip/backup/.. everything - try to e.g. crack/torrent cloud storage or build the same infra for the same price, good luck. Progress always comes with its negatives, that you accept for the sake of using said progress - be it games, servers, apps, you name it.

    @Condor read on their repo what you've said about that they use some of their own accounts, first of all, how did their account not get pulled out the source? does this whole app download auth happen over a permanent token? but then I assume you can do some fun stuff with that token too, doubt it is locked just for app download?
  • 1
    @JoshBent I deleted my comment, since I was (and currently am) very tired and can't rephrase it correctly right now. Let's just postpone that to (my) tomorrow ^^'
  • 1
    @TheOct0 a quick step 1 huh 😉
  • 1
    @JoshBent I'm the stupidest of assholes when tired and I know it. Just ignore what I said before x)
  • 1
    @JoshBent That's actually a very valid remark, it should be somewhere in the source or automatically fetched from a server that doesn't require authentication. For an open source project however I'm kinda like meh, don't wanna exploit that kinda stuff :')
  • 0
    @Condor don't put credentials in your code if you don't want the FBI knocking or your bank calling, especially with open source, because if you won't do it, he or she will 😉
  • 1
    @JoshBent Okay, let me just rephrase what I said. I hate Google, and I also hate their licensing scheme. As well as Steam's. I still believe in DRM-free content, although we indeed strayed a long way from them.
  • 1
    @TheOct0 fair game :)
Add Comment