That's great news! I hope there are more apps coming to Accrescent soon.
Guide to GrapheneOS configuration for high-risk users
Consider making a donation to Accrescent if you can, the project needs more support.
- Edited
Indeed, that's excellent news. We'll rewrite the section on how to install software when that's the case.
The Obtanium unattended updates change is here.
Prioritizing Mullvad/IVPN change is here.
@matchboxbananasynergy Is there any official or unofficial advice for what services to access if Auditor ever detects tampering? The guide currently links to Access Now’s Digital Security Helpline.
anarsec The guide currently links to Access Now’s Digital Security Helpline.
Interesting, I had not known about that group.
Their "Disclosure of Your Personal Data" statement seems a little ominous, e.g.:
[...]
We may also disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- To a buyer or other successor in the event of merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, where one of the transferred assets is the personal data we hold.
[...]
- Edited
anarsec @matchboxbananasynergy Is there any official or unofficial advice for what services to access if Auditor ever detects tampering? The guide currently links to Access Now’s Digital Security Helpline.
Actually, I have a question with a broader scope. What is the recommended user behavior upon Auditor detecting tampering? @GrapheneOS
As a baseline, users should immediately consider the device untrusted and start fresh with a new one, but I'm wondering if there are additional recommendations? From the user's perspective, forensic analysis could be in their interest - if such an analysis can determine how the compromise occurred, and this can be mitigated, then the adversary can no longer simply compromise the new device with the same attack vector. For instance, do GrapheneOS devs want to receive firmware images for forensic analysis?
- Edited
I understand the benefit from delegating apps from the play store from the owner to the default profile, so that you don't need to install google stuff in the default profile.
I don't understand what is the benefit from delegating apps from Obtainium. What is the benefit compared to installing Obtainium and apps from there in the default profile?
rando1337
One good reason is that you have one place to manage all app updates.
TrustExecutor
yes, ok makes sense.
It made me just realize that you see all apps installed on all profiles on the owner profile if you go settings>Apps.
I wasn't aware of that!
Means, installing in owner and disabling has the same visibility in the owner profile as installing it only in a 2nd profile.
I've been using the owner profile as my only profile but after reading this guide, I'm considering doing something similar. The only thing I'm wondering is whether or not I should wipe my phone completely to "start over" with a clean owner profile or if I should just create the additional profiles and start using my device from a different profile. Curious what people recommend/do.
Perhaps user profiles could be expanded a little, for example difference on installing apps in individual profiles vs owner profile.
- Edited
"high risk users" has so many definitions - perceived threat levels - we don't know where to start.
And that's the problem.
Why are "high risk users" even considering conducting all their activities with only one phone.
If your threat level is genuinely that high you need a second phone.
The second [public] phone is the device you use to leave a boring public footprint.
You don't need a super secure phone to check news stories, sports results or your "public face" social media accounts.
AND, if your threat level really is that high, you should know that.