Switching to GrapheneOS

Digital privacy and security matters a lot. If you already know that, then the following post is for you. If not, educate yourself – a good place to start is at Privacy Guide's Why Privacy Matters page.

If you are already familiar with custom ROMs for phones, then you know that they are designed to gain further control over the phone. That is not the purpose of GrapheneOS. GrapheneOS is meant to be a security and privacy focused mobile operating system. It does that by using the Android Open Source Project and then hardening it with the most secure code it can, so it has never passed hands through any manufacturer or Google.

Why I love GrapheneOS is simple. Limited use. No tracking. I want a phone that does not track me or harvest my data. I also want a phone that is simple to use and does the basic tasks I need away from my desktop computer. I do not want to use my phone. I want it to do the things I need simply and efficiently without a company spying on me.

Although using GrapheneOS is for anyone that is already familiar with an every day smartphone, the installation does require some prior knowledge. The prior knowledge is basic in nature though. If you can open a terminal window on your operating system of choice and have access to a USB-C connection, you are pretty good to go.

I highly recommend reading the official documentation prior to trying an install. Perhaps take a day or two to digest it all before you even attempt an install. That way you will feel much more mentally comfortable with the unfamiliar process.

For your device options see GrapheneOS's Supported Devices. Make sure that it is unlocked.

Pre-Installation

Turn on your new Pixel and skip all the Google set-up steps, connect to Wi-Fi and update the phone so it has all the latest firmware and security updates. Keep checking this until it has none left. I had to about three times. You may alternatively just download the latest image from Google and instructions found on GrapheneOS site.

Why not LineageOS?

LineageOS was never meant to be a secure and private mobile OS from it’s original design.

Although Lineage gives you root permission, it does have a major drawback, which is that unlike GrapheneOS, LineageOS has to run with the bootloader unlocked. GrapheneOS can and recommends re-locking the bootloader to run. Also, in the world of Linux, you do not want to run things as root for many reasons, security one of them.

Installation

If you are not already a Linux desktop user, now is a great time to become one because I imagine the install is the easiest given Android is based on the Linux kernel. Besides, if you have come this far and care about privacy on a phone, you should on your laptop or desktop as well.

Post-Installation

Insert your SIM card into the phone and it should just work. Mileage may vary and the community out there can help so do some digging. I still use Verizon and I did not have to adjust anything after inserting my SIM. I am looking into switching to either Ting, Tello, or Tracfone in the future for both better anonymity and a smaller price tag for service I need.

From the already installed Vanadium app (has a black Google Chrome logo), head to the official F-Droid site and install that. From here I will outline the applications I choose to install and their purpose.

To note: the Aurora Store should be used only when absolutely needing an application that does not have an official APK or available in F-Droid. Examples I have installed from there are Slack for my day job, Magic Earth, and my park district’s fitness center app. Additionally, I have installed ProtonCalendar (Beta) from Aurora.

Additional software and other privacy focused mobile OS can be found over at PrivacyGuides.org

Feel free to Contact Me if you have any questions.