I have been using a Blackberry phone since 2001 because they were suppose to be secure, then BB screwed up and became android.
ive just bought a Pixel 3a....I wanted to buy a cheap phone just so i can test the Graphene OS and so far i love it.
I have just three questions if any one can help:

  1. As its an old handset, secruity updates are no long avalible, can i secure the handset by installing anti virus software and a VPN ?
  2. I went into developer mode and found the bootloader is open, should this be closed once Graphene OS has been installed? I have closed it and there is no change in the way the handset is working
  3. If ever i have to wipe the device will it go back to the Google OS or will it start a fresh Graphene OS
    Thanks in advance!
    1. A VPN is good for the benefits that it offers but one won't make up for what a user loses in security by choosing to use an EOL device.

    "We recommend against trying to achieve browser privacy and security through piling on browser extensions and modifications. Most privacy features for browsers are privacy theater without a clear threat model and these features often reduce privacy by aiding fingerprinting and adding more state shared between sites. Every change you make results in you standing out from the crowd and generally provides more ways to track you. Enumerating badness via content filtering is not a viable approach to achieving decent privacy, just as AntiVirus isn't a viable way to achieving decent security. These are losing battles, and are at best a stopgap reducing exposure while waiting for real privacy and security features."

    https://grapheneos.org/usage#web-browsing


    1. https://grapheneos.org/install/web#locking-the-bootloader

    1. The device can only go back to the stock OS by following the instructions found here: https://grapheneos.org/install/web#replacing-grapheneos-with-the-stock-os

    CCz installing anti virus software and a VPN ?

    An antivirus and VPN are not designed as magic cures for security vulnerabilities. Proper security patches are needed so unsupported handsets are inherently insecure, period. This is why GOS firmly recommend to use only supported devices and to update when your device is EOL.

    CCz should this be closed once Graphene OS has been installed?

    Yes. GOS installation instructions are quite clear that this should be done after installation is finished.

    CCz If ever i have to wipe the device will it go back to the Google OS or will it start a fresh Graphene OS

    Starting to think you haven't really read the installation page, as its quite clear what you need to do to install Stock OS again. "Wiping a device" means factory resetting, I assume, which will reset to a fresh GOS install and not Stock OS.

    CCz As its an old handset, secruity updates are no long avalible, can i secure the handset by installing anti virus software and a VPN ?

    No. If you enjoy GrapheneOS, I'd suggest that you upgrade to a newer model if and when you can. I suggest you read this section of the website about older devices that aren't being maintained anymore: https://grapheneos.org/faq#legacy-devices