Aurora Store, geo-restricted apps, and anonymous logins

Summary

  1. Anonymous logins no longer work in Aurora Store v3. Only logging in with a Google account will work
  2. In v4, Anonymous login’s do work, but they no longer do location-spoofing, so geo-restricted or country- or locale-specific apps will no longer appear in search results,

Detail

Like many others, I have had a problem today to log in to Aurora store as Anonymous. I tried upgrading - via F-Droid - from v3.2.9 (the version in Apps) to the latest version 4.0.2. That worked OK, but I could not find a couple of UK-specific apps (playMoreGolf app, NHS Covid Tracking app) in the search results, although they did appear is search suggestions. So I headed off to the Aurora App Store official support Telegram channel

So, after a lengthy - and rather heated on my part - discussion in that channel, it appears that the situation is as follows:

  1. in v.3 Aurora Store used location spoofing for anonymous accounts - I believe based on the phone’s locale - so that locale-specific / geo-restricted Apps (like UK NHS Covid app) would appear for users in that locale.

  2. v.4 no longer uses location spoofing for anonymous accounts so, unless you hit it lucky and get an anonymous account with the correct locale, those apps will no longer appear in the results.

  3. Now that v.4 is available, anonymous accounts will no longer work in v.3 so you can no longer get these apps directly through Aurora Store.

Two workarounds were suggested. (One of them is not going to be welcomed by /e/ users :))

Workaround 1. In your browser, search for ‘playstore’ and ‘app name’ e.g. ‘playstore nhs uk covid’. Long press the correct link in the search results, choose ‘Open link in external app’, then choose Aurora Store. The app you are after will get installed, but you may not get updates unless you know to go looking for them in the browser again. (I need to check that out - I’ll report back)

Workaround 2. (Don’t shout at me, I’m just passing on the message) Use your own Google account :slight_smile:

A third suggestion was that /e/ could run their own ‘tokenizer’ (i.e. the thing that provides anonymous accounts for the app to use) which does support location spoofing. I’ll raise an issue in gitlab, but, given that /e/ are keen to promote their own ‘Apps’ store (despite the bugs and the fact that noone knows anything about the site that the apks actually come from), I don’t hold out a lot of hope.

It came up in discussion, that the location spoofing was removed because the developer considered it ‘bloat’. I pointed out that one person’s ‘bloat’ is another’s ‘functionality I use every day’.

One positive thing, and something that you could all do: their Telegram channel has a feature where, if you make a suggestion, a bot will allow you to vote. So someone added the suggestion ‘Add an option to chose anonymous account location’. If you click on this link, you should be able to vote for Approve or Reject.

If you are interested in how the discussion went, it started with this post.

I’m really annoyed by the whole thing: to me this is software that used to work, now it doesn’t work and we cannot revert to a working version. It adds a layer of ‘friction’ for /e/ users, just at a time when /e/ seems to be picking up a lot more ‘non-techie’ users who want a smooth-functioning alternative to Google. And the Aurora Store admins wouldn’t agree that anything was ‘broken’…

Anyway, that’s enough for one evening - I’m going to have a beer

PS Does someone else want to suggest to /e/ that they put version 4 of Aurora Store into Apps quite soon, otherwise /e/ users will need to use their Google account to log in? :wink:

5 Likes

The underlying problem of course being G**** which we’re trying to avoid…

I’m one of those newby users and have indeed logged into to a G**** account to get it working again. And I assume it’s going to be hard to log back out again after doing that… But then I figured that if all G**** gets out of this is information about which Apps I use through the Aurora store (which is my last resort anyway), it’s not that big a deal for me…

Glad it works for you. but I know of several /e/ users who don’t or won’t have a Google account.

There is a third workaround, but it involves installing a vpn sadly doesn’t work (for me at least)
https://telegra.ph/Aurora-Store-GeoSpoof-08-13

“Non-techie” users may still choose to stay with /e/'s own Apps installer instead of installing Aurora Store.
Although it’s clear that using Aurora has benefits and I applaud your effort to keep them all in v4.

And when that doesn’t have the app they need? They might request it and wait around for a few weeks with no feedback and no idea whether the suggestion will be accepted. Or they might think that, if they want those things to work, they should stick with Google (or iPhone in the case of the potential user in a different thread who got fed up with not being able to install /e/ on his Samsung

It’s more friction. You may think that’s good because more people might choose to use /e/'s Apps. I tnink it’s bad because fewer people will use /e/. I guess will have to ‘agree to differ’

Quite a few people moaning about this in the Telegram channel overnight. The ‘official’ response from a channel admin

It would be laughable if it weren’t so sad

See this message in Telegram
https://t.me/c/1159413728/88174

/e/ really needs to do better with Apps

v4 is now available in Apps :slight_smile:

I have tried this workaround.

I installed the Windscribe VPN app (from Aurora Store :slight_smile:)) , logged in, and connected using a UK access point.
In Settings > Apps and notification > Aurora Store, cleared storage to force a new login

UK Apps still not visible.

When I tried to follow the procedure in the linked page, I could not do step 1

  1. Goto to Settings>Developer Options>Mock Location App - Select “Aurora Store”.

Aurora store did not appear in the list of apps. The devs/admins in the Telegram channel did say that the spoofing option would be removed in v4 - presumably to make it “better”. Looks like that has happened already.

Anyway, this “workaround” doesn’t work (for me at least)

I experienced something when upgrading to 4.0 I haven’t seen mentioned in this thread yet.

Aurora blacklist manager was wiped. I had put all /e/ system apps on there (mostly to make sure I didn’t accidentally “upgrade” microG). with the upgrade had to do it all over. I should have taken a screenshot or made a list before updating, would have made it easier.

Rahul posted on the Telegram group :

[ File : AuroraStore_Insecure_Anonymous.apk ]
Hi all,

On public demand I added an optional Insecure anonymous session, disabled by default.

Which basically allows you to generate GSF ID on your own device rather than the dispenser server.

This would allow you to get apps & listing from your own country, similar to v3 and also opens up bridge for Geo-Spoofing

The new preference is located at Settings > Networking > Insecure anonymous session

To apply geo-spoofing just use a VPN and set location for where ever you want to geo-spoof.

Make sure you relogin & restart Aurora Store to apply these changes. Test it & let me know if it works fine for you.

Also, stop sending me bulk messages & emails :unamused:, you want something just create a Gitlab issue.

Enjoy!

@AuroraSupport

5 Likes

Great news! Almost worth being asked to leave the Telegram channel :slight_smile:

Looks like we may need to install a VPN app, or maybe that only applies if you want to spoof a different location from your phone’s locale. I’ll report back when the update makes it to F-Droid

Not sure it will be published to F-Droid …
If you can’t get the app from Telegram, I’ll share it to you.

Thanks, but I did download it from the Telegram Channel. It’s also downloadable from gofile.io

Someone asked in the channel whether the change would go in the official version, and developer said it would, but I wont hold my breath.

I’ve not tried the new version yet - I have to do some fiddling as it’s installed as a System app on my phone. I’ll probably get round to it tomorrow

How about using Orbot’s VPN feature, come out in the country that has access to the app and attach anonymously that way?

I think I tried something similar - it didn’t work

The developer has restored the broken functionality - let’s hope the fix stays in the main release

[Forwarded from Aurora OSS]
[ File : AuroraStore_4.0.3.apk ]
Changelog : v4.0.3 (34)
• Add back search filters
• Add back manual downloads
• Fixed installer related issues
• Fixed language spoof issue
• Fixed dispenser timeout issue
• Added support for insecure anonymous sessions
• Fixed ABI mismatch issues on Huawei devices
• Added options to disable ForYouPage & customize default tab
• Bug fixes & improvements
• Updated Translations

#PS: Huawei users are advised to do a clean install
@AuroraSupport

1 Like

Thanks for sharing this, this worked for me :smiley: Also I don’t fully understand why Rahul says it is insecure / non-anonymous if we’re using a vpn to location spoof?

1 Like

It’s not about the VPN, it’s about the token dispenser running on your phone.
I assume that doing this makes you visible from Google …

2 Likes