UPDATE 2022-01-03: a video version of this post can be found here
Digital privacy and security matters a lot. If you already know that, then the following post is for you. If not, educate yourself – a good place to start is at my Privacy page or simply watching this video.
If you are already familiar with custom ROMs for phones, then you know that they are designed to gain further control over the phone. That is not the purpose of GrapheneOS. GrapheneOS is meant to be a security and privacy focused mobile operating system. It does that by using the Android Open Source Project and then hardening it with the most secure code it can, so it has never passed hands through any manufacturer or Google.
Why I love GrapheneOS is simple. Limited use. No tracking. I want a phone that does not track me or harvest my data. I also want a phone that is simple to use and does the basic tasks I need away from my desktop computer. I do not want to use my phone. I want it to do the things I need simply and efficiently without a company spying on me.
Although using GrapheneOS is for anyone that is already familiar with an every day smartphone, the installation does require some prior knowledge. The prior knowledge is basic in nature though. If you can open a terminal window on your operating system of choice and have access to a USB-C connection, you are pretty good to go.
For my install I used Ubuntu 20.04 LTS on a laptop with a USB-C port. You may find additional install prerequisites over at GrapheneOS’s site here.
I highly recommend reading the official documentation prior to trying an install. Perhaps take a day or two to digest it all before you even attempt an install. That way you will feel much more mentally comfortable with the unfamiliar process.
For my device choice I went with the Pixel 4a. (UPDATE 2022-01-29: Consider choosing a Pixel 5 or 6 for longer support) Make sure that it is unlocked. I suppose you could buy from Google store as well, but Amazon seemed lesser of the two evils. For all the current Pixel models, see the GraphenOS FAQ.
Turn on your new Pixel and skip all the Google set-up steps, connect to Wi-Fi and update the phone so it has all the latest firmware and security updates. Keep checking this until it has none left. I had to about three times. You may alternatively just download the latest image from Google and instructions found on GrapheneOS site.
Notifications for most applications do not work properly since they depend on Google services, which is fine for me since the only notifications I care about are actual phone calls and text messages, which do work with Signal.
Why not LineageOS?
LineageOS was never meant to be a secure and private mobile OS from it’s original design. If looking for more hardware options, take a peek at DivestOS, which is a soft-fork of LineageOS. More informatoin can be seen at this subreddit post.
Although Lineage gives you root permission, it does have a major drawback, which is that unlike GrapheneOS, LineageOS has to run with the bootloader unlocked. GrapheneOS can and recommends re-locking the bootloader to run. Also, in the world of Linux, you do not want to run things as root for many reasons, security one of them.
Between GrapheneOS’s official Install page and a couple of useful YouTube videos I found, it was plenty of information to have me succeed in my first attempt at installing. Check out both The Hated One and Techlore.
If you are not already a Linux desktop user, now is a great time to become one because I imagine the install is the easiest given Android is based on the Linux kernel. Besides, if you have come this far and care about privacy on a phone, you should on your laptop or desktop as well. Take a look at these options at PrivacyTools.io. But maybe Windows is just as easy. I have not used it in over a decade so have no opinion. Ubuntu can be found here.
To note: the bsdtar package is not available to install on 20.04, but libarchive-tools includes it so just substitute with that.
Insert your SIM card into the phone and it should just work. Mileage may vary and the community out there can help so do some digging. I still use Verizon and I did not have to adjust anything after inserting my SIM. I am looking into switching to either Ting, Tello, or Tracfone in the future for both better anonymity and a smaller price tag for service I need.
From the already installed Vanadium app (has a black Google Chrome logo), head to the official F-Droid site and install that. From here I will outline the applications I choose to install and their purpose.
|Signal Messenger||Secure Messaging||APK|
|DuckDuckGo||Private Web Search||F-Droid|
|SyncThing||File Transfer, Backups||F-Droid|
|Standard Notes||Note Taking, Todos, Spreadsheets||F-Droid|
|Magic Earth||GPS, Maps||Aurora Store|
|OsmAnd~||Maps, (GPS is okay)||F-Droid|
|Aurora Store||Play Store alternative||F-Droid|
To note: the Aurora Store should be used only when absolutely needing an application that does not have an official APK or available in F-Droid. Examples I have installed from there are Slack for my day job, Magic Earth, and my park district’s fitness center app. Additionally, I have installed ProtonCalendar (Beta) from Aurora.
Additional software and other privacy focused mobile OS can be found over at PrivacyGuides.org
Video Version of this Post
- Offer a way for individuals to suggest a way for me to install GrapheneOS for them, which I may be willing to do now.
- Have a complete reproducible and automatic way via scripts to go from phone to phone without too much actual device interaction.
- a pure Linux phone, in which apps can be shared on my desktop, laptop and phone seamlessly.
During my research, I found these useful: Red & Black, Techlore’s Install Guide, and The Hated One’s Explanation and Install of GrapheneOS.
Please feel free to drop me a line via any of my Contact methods. E-mail preferred.
I am willing to install GrapheneOS on a new Pixel devices for any one if they reach out to me. We can discuss compensation. I will donate a good amount to the GrapheneOS Project.
I suppose you could donate to me, just ask; but what I meant was for direct donations to GrapheneOS.