GrapheneOS

Digital privacy and security matters a lot. If you already know that, then the following post is for you. If not, educate yourself – a good place to start is at my Privacy page  or simply watching this video.

The GrapheneOS name and logo are trademarks of the GrapheneOS project.

If you are already familiar with custom ROMs for phones, then you know that they are designed to gain further control over the phone. That is not the purpose of GrapheneOS. GrapheneOS is meant to be a security and privacy focused mobile operating system. It does that by using the Android Open Source Project and then hardening it with the most secure code it can, so it has never passed hands through any manufacturer or Google.

Why I love GrapheneOS is simple. Limited use. No tracking.  I want a phone that does not track me or harvest my data. I also want a phone that is simple to use and does the basic tasks I need away from my desktop computer. I do not want to use my phone. I want it to do the things I need simply and efficiently without a company spying on me.

Although using GrapheneOS is for anyone that is already familiar with an every day smartphone, the installation does require some prior knowledge. The prior knowledge is basic in nature though. If you can open a terminal window on your operating system of choice and have access to a USB-C connection, you are pretty good to go.

For my install I used Ubuntu 20.04 LTS on a laptop with a USB-C port. You may find additional install prerequisites over at GrapheneOS’s site here.

I highly recommend reading the official documentation prior to trying an install. Perhaps take a day or two to digest it all before you even attempt an install. That way you will feel much more mentally comfortable with the unfamiliar process.

For my device choice I went with the Pixel 4a. Make sure that it is unlocked. I suppose you could buy from Google store as well, but Amazon seemed lesser of the two evils. For all the current Pixel models, see the GraphenOS FAQ.

Pre-Installation

Turn on your new Pixel and skip all the Google set-up steps, connect to Wi-Fi and update the phone so it has all the latest firmware and security updates. Keep checking this until it has none left. I had to about three times. You may alternatively just download the latest image from Google and instructions found on GrapheneOS site.

Caveats

Notifications for most applications do not work properly since they depend on Google services, which is fine for me since the only notifications I care about are actual phone calls and text messages, which do work with Signal.

Why not LineageOS?

Although Lineage gives you root permission, it does have a major drawback in my opinion, which is that unlike GrapheneOS, LineageOS has to run with the bootloader unlocked. GrapheneOS can and recommends re-locking the bootloader to run.  Also, in the world of Linux, you do not want to run things as root for many reasons, security one of them.

Installation

Between GrapheneOS’s official Install page and a couple of useful YouTube videos I found, it was plenty of information to have me succeed in my first attempt at installing. Check out both The Hated One and Techlore.

If you are not already a Linux desktop user, now is a great time to become one because I imagine the install is the easiest given Android is based on the Linux kernel. Besides, if you have come this far and care about privacy on a phone, you should on your laptop or desktop as well. Take a look at these options at PrivacyTools.io.   But maybe Windows is just as easy. I have not used it in over a decade so have no opinion. Ubuntu can be found here.

To note: the bsdtar package is not available to install on 20.04, but libarchive-tools includes it so just substitute with that.

 

Post-Installation

Insert your SIM card into the phone and it should just work. Mileage may vary and the community out there can help so do some digging. I still use Verizon and I did not have to adjust anything after inserting my SIM. I am looking into switching to either Ting, Tello, or Tracfone in the future for both better anonymity and a smaller price tag for service I need.

From the already installed Vanadium app (has a black Google Chrome logo), head to the official F-Droid site and install that. From here I will outline the applications I choose to install and their purpose.

Name Purpose Install Method
Signal Messenger Secure Messaging APK
AntennaPod Podcast Listening F-Droid
ProtonMail E-Mail APK
DuckDuckGo Private Web Search F-Droid
Forecastie Weather F-Droid
Bitwarden Password Manager F-Droid
VLC Music F-Droid
NewPipe YouTube Alternative F-Droid
SyncThing File Transfer, Backups F-Droid
OsmAnd~ GPS, Maps F-Droid
andOTP Two-Factor Authentication F-Droid
Mullvad VPN F-Droid
Aurora Store Play Store alternative F-Droid

To note: the Aurora Store should be used only when absolutely needing an application that does not have an official APK or available in F-Droid. Examples I have installed from there are Slack for my day job and my park district’s fitness center app. Additionally, I have installed ProtonCalendar (Beta) from Aurora.

Additional software and other privacy focused mobile OS can be found over at PrivacyTools.io

 

Screenshot of my phone as of 01-16-2020

Future Improvements

  • To make this blog post more visually appealing and host at fossphone.org
  • Offer a way for individuals to suggest a way for me to install GrapheneOS for them, which I may be willing to do now.
  • Have a complete reproducible and automatic way via scripts to go from phone to phone without too much actual device interaction.
  • a pure Linux phone, in which apps can be shared on my desktop, laptop and phone seamlessly.

Additional Resources

During my research, I found these useful: Red & Black, Techlore’s Install Guide, and The Hated One’s Explanation and Install of GrapheneOS.

Questions, Comments

Please feel free to drop me a line via any of my Contact methods. E-mail preferred.

I am willing to install GrapheneOS on a new Pixel 4a devices for any one if they reach out to me. We can discuss compensation. I will donate a good amount to the GrapheneOS Project.

Donate

I suppose you could donate to me, just ask; but what I meant was for direct donations to GrapheneOS.