Hello everyone! This is the revised version of this guide. (Original was on Reddit, posted over a year ago) There have been many revisions, and will be many more!
The whole point of it is to show people how easy it is to use GrapheneOS and how little has to be given up when one is moving to GrapheneOS from Stock Google OS. This is a retrospective of my experience using GrapheneOS as a new user to more experienced, and also as a guide for new users of GrapheneOS. I'll try to focus on what will work for users who want to set up their phones to run like normal Pixel phones, with Google apps and sacrificing as few features as possible compared to Stock, just like I did when I first installed GrapheneOS. I find most guides focus on eliminating Google Play Services and give instructions and tips on how to run without. I feel that gives people the wrong impression, and then they land on GrapheneOS and try to go too far too fast and get worn out, or they have a mindset about the "point" of GrapheneOS is to degoogle, and unless you do things a certain way "your running GrapheneOS the wring way."
Really, from what I've gathered at least, GrapheneOS is about providing a reasonably secure and private alternate operating system, no matter how you choose to use it! Of course the largest threat to your privacy and security I'd yourself, however just by running GrapheneOS you are taking a very substantial step in improving your privacy and security over running the stock Google Android OS!
I'll also throw in tips for users who wish to run without Google Play Services, however there is a wealth of information online already for you!
When I was a new user, I wanted to see how far I could go in terms of making as much as possible work as a normal Pixel phone. Some might say this defeats the purpose of GrapheneOS, but I bet that there are many others like me who would be curious to try this wonderful, alternate system if they knew just how much would work. Most of us just want a phone that "just works", without complications, and this post is an attempt to let you know, after all my trials, what I have found!
Almost all guides online are focused on setup with only maximum privacy in mind, not maximum usability. I'm focused on usability as an end goal. Even when signed into Google, using Google services, under GrapheneOS, you still have MANY more privacy, options, and control than with the stock Pixel OS! Move toward more privacy in your own time, if at all. With GrapheneOS the power is in your hands, and don't let others tell you how to do you!
GrapheneOS is based on the Android Open Source Project. It's the closest that you'll get to "pure" Android. Gone is even the minimal bloat the Google included with their phone OS (and they included very little)! It is a very stripped down OS, with incredible battery life!there's
Post-Install and Settings
So... After installation you are greeted with a black screen with a few black icons. You think "damn... what did I get myself into!" This is where YouTube video tutorials are useful. Go ahead into Apps, and install Google Play Store. Video tutorials talk about Aurora store and F-Droid, and while I played with them, I ultimately used Google Store for everything, like on a stock Pixel, as I have a lot of apps and subscriptions. It is useful to follow some YouTube videos on what settings are useful to change in Settings.
Also, the Play Store verifies signatures of the APKs it installs, when first installing them. It is considered a more secure way of installing apps than Aurora Store.
As an aside, In Settings I always go to Display and set it to Full Resolution. In my testing I have not noticed any difference in battery life between High Resolution and Full Resolution on the Pixel 7 Pro or the Pixel 8 Pro. On the 7 Pro, there is also no difference in battery life if you enable or disable Smooth Display, so on the 7 or 7 Pro go ahead and turn it on, but on the 8 Pro there is, but it's not a huge difference.
In "Network and Internet" got to SIMs and click on your SIM. For added security, you can reduce the attack surface of the cell network if you set it from 5g to LTE Only. This is a GrapheneOS only setting that eleminates old code (3G) and bleeding edge code (5G). This reduces the attack surface of the least trustworthy wireless network your device uses! Also disable 2G at the bottom of the screen. Your mobile speeds will be a bit slower, but it's worth it. The cellular network is inherently untrustworthy, it is important to remember that. Only by using Airplane Mode and then enabling WiFi can you disable cellular tracking, and only by using secure end-to-end encrypted communication over WiFi can you avoid possible monitoring of your communication! In the same screen, at the bottom, you can enable WiFi calling.
Back one screen still in Network and Internet, you can enable Privileged eSIM Management ~if you have Sandboxed Google Play Services installed only~(as of GrapheneOS 2024012600 Sandboxed Google Play is not required for Privledged eSIM Management). This allows you to see all the inactive eSIMs on your device (you can't see inactive eSIMs otherwise), and add and erase eSIMs.
See this video for a guide on how to harden your brand new GrapheneOS install for maximum security and privacy through the Settings. Best to follow this guide after you've installed all your apps, so save this for later after you've read through and followed more of this guide. Keep in mind, you don't need to do everything he says, just go through the guide and follow what is comfortable for you, but the further you go the better.
You will want to go to Settings -> Apps -> Sandboxed Google Play. Under Google Settings are a lot of useful settings to check out. You can toggle off "reroute location requests to OS" if you REALLY want Google to take over all location requests like in stock OS. If you do this, you must give Google Play Services the Location permission "All the time" and you need to also give it the Nearby Devices permission if you want to enable WiFi scanning and/or Bluetooth Scanning and have them work and contribute to location accuracy. Then you need to toggle on Google Location Accuracy. Location will be faster to acquire if you do this, but Google will track your every move, just like on a stock Android phone.
Be aware that if WiFi Scanning and/or Bluetooth Scanning are enabled, does nothing to help if Reroute Location Requests to the OS is ON, only if Google Play Services has location permission, or maybe only if Google Location Accuracy is on. Also, scanning allows the Bluetooth and WiFi radios to scan even when turned off! So with Scanning enabled attack surface increases because the radios cannot be completely disabled. If Reroute Location Requests to OS is toggled on, then GrapheneOS takes over location, it's done by GPS and the A-GPS under Location, and is pretty quick and very private! IF you let Google handle your location, then you will have location requests every few minutes updating Google where you are at all hours of the day. Also, your device will contribute to Google Location History, if that setting is on in your Google account and you are signed in.
One more thing: Find My Phone. If you Install Google Play Services, also install Find My Phone. Then, go to Apps -> Special App Access-> Device admin apps and enable Find My Phone. This is important to note: if you have "Reroute location requests to the OS" enabled under Sandboxed Google Play settings and GrapheneOS is handling location, if you ever go into Find My Phone online to find your phone, you will be able to make your phone ring, and you can lock your phone remotely and wipe it, but you cannot actually locate your phone on the map as Google cannot receive the location of your phone! If you have toggled off "Reroute location requests to the OS" and set the Location permission for Google Play Services to "all the time," then you will be able to track your phone on the map. How important finding your phone if you loose it is to you, vs how important the privacy of not having Google look over your shoulder 24/7 is, only you can decide. I always let GrapheneOS handle my location personally.
Installing Apps and Setup
Go to Vanadium and search for and install the F-Droid app. Then in F-Droid, search for "f-droid" and install F-Droid Basic. This app will give you all the free, open-source apps that you can't get via the Google Play Store, and F-Droid Basic addresses the security concerns of the original F-Droid app! This app is also where you can get the Aurora Store, which is where you get Google Play apps without the Google Play Store, if you choose to run without Google Play Services.
Remember though, if you are thinking of using Google Play Services logged out, the recommended way to get apps is from the Google Play Store, not from Aurora Store, GitHub, or any other third-party source! This is for maximum , best security and is a recommendation of the GrapheneOS project. This is because when you install an app from the Google Play Store it will check the hash of the signature of the app it is sending to your device against the hash in their database before sending it to your phone. Aurora Store just fetches the app from Google Play without signature checking, allowing malicious apps an opportunity to substitute for the app you are thinking you are getting! Same is true on GitHub. On GitHub though, the signature hashes of the files are usually published, and you can check them yourself! You should always check the signatures of any files, especially executable files like apps you download to ensure that the chain of trust has been maintained and is verified before installing/executing the files! You can do it using the app in the previous link, or manually using keytool.
There is always the option also to make a new, unique Google account with false information, and sign into that in order to use the Play Store, make purchases, and the like. You will likely need to make it while off of any VPN, from what I have gathered for you to have a chance of having it not insist on you providing a phone # when setting up the new account. If you set it up from an IP address that is heavily associated with a previous Google account with your real data (real name and info), then Google may, (I really have no idea, this may just be speculation but I'm putting it here anyways) associate the new and your old accounts together! For this reason, might be best to go and make the account where you can use public WiFi, such as a library, coffee shop or internet cafe. Make it through the Play Store app for increased chances of not needing to provide a phone # as well.
Then when you are done, make sure you connect a VPN (Proton VPN is the only free one I would use personally) and enable Always On VPN and Block Connections Without VPN! This is in Settings -> Network and Internet -> VPN. You must do this to prevent being deanonymized!
Sign into your Google account if you want to. If you do, I think your apps from your last install may start installing, but don't quote me on that! You certainly won't get the app data back though, unfortunately. Only Seedvault restores app data from a previous GrapheneOS install. More on backup below. Signing into a Google account is completely optional! Also, on a stock install, signing into a Google account sends your device unique identifier to Google. On GrapheneOS, this is blocked! Still, there is less privacy from Google by signing into a Google account. You can get all the benefits of running Google Play Services and get all you apps from Aurora Store, without signing into a Google account. Please consider the above security implications however if you think about going this route...
If you want to setup like a Pixel phone: In the play store, search for and install Gboard, Messages, Phone, Clock, Contacts, Files, Photos, Gmail, Google, Google Play Services for AR, Assistant, Lens (if you want it), Camera, Recorder. Don't worry about installing another browser, as Vanadium is exactly the same as Chrome but hardened). Also, I used to use Firefox with it's addons to block ads, until I learned of a major vulnerability! ALL gecko based browsers on Android (Fennec for F-Droid, Firefox, Mull, etc.) are lacking sandboxing of the webview. What this means is, that any compromise of the webview is in turn a full compromise of the browser which is a full compromise of the app data with the ability to persist on your system because it is trusted! This is a major vulnerability, and I refuse to use Firefox or any other such browser on Android until it is fixed! The amount of patches applied to Vanadium to harden it on top on Chrome is insane, Use it, it's wonderful!
Now, go to Apps -> Default Apps and set the Google Apps you just downloaded as the default apps. We will be keeping Vanadium as the default browser and the default launcher as it is just fine! You can though install Nova Launcher or Lawnchair (from F-Droid) if you want more options for your launcher. Lawnchair is the closest to the Pixel Launcher, so even though I always choose to keep the default GrapheneOS launcher, if you want the full Pixel experience, and the closest you can get to Stock, try Lawnchair!
Set Google as your Digital assistant! Go into Settings -> Privacy -> Permissions Manager -> Network and revoke network access from Gboard (first though, go into Gboard, go into it's settings, and enable Faster Voice Typing for offline voice typing). This will prevent Gboard from sending your keystrokes to Google! Also revoke network from Camera. It doesn't need it. All Google apps that don't absolutely need Network should have it revoked. You should also set up Storage Scopes under Audio and Video and Photos and Videos for all apps that have those permissions, as they are broad reaching permissions and Storage Scopes narrowly defines them instead by pointing to specific folders that those apps can access. Revoke under Permissions Manager all other permissions that the apps don't specifically need.
Go to System -> Languages & Input -> On-screen keyboard and change to Gboard. Now your done changing over to Google versions of apps, and the system will feel much more familiar!
Feel free to set everything else up as you like.
Now that Google is set as your Assistant and you have Assistant running, not as a press on the power button, but as a swipe from the bottom corner of your screen to the center of the screen. But it DOES RUN! Google Play Services should be Unrestricted and Google must be Optimized under Battery Settings for this to work! The only thing with Assistant is, after each reboot, you will need to go back and swipe up the list of apps, hit Assistant, and switch your assistant in "Assistant Settings" back to None, then back to Google to re-enable Assistant. Don't forget to do this!
Compatibility, What Works, What Doesn't
If you want notifications to work properly with your third party apps, you MUST have Sandboxed Google Play installed. Proton Mail has another app that can enable notifications for it for those of you, who like me were running Google Play Services only for Proton Mail! It's called You've Got Mail, and if available in F-Droid
Google Wallet will work, but not for payment cards, only for things like transit passes and other things. There is no Face Login, only Fingerprint, as this is a privacy-focused OS, and as the makers of GrapheneOS stated, after the Pixel 4 line, Google removed the hardware that allowed secure facial unlock. As well, Nearby Share works, if you allow Google Play Store (maybe it doesn't need this really) and Google Play Services the Nearby Devices permission, it's been reported to me. This is something I thought was still unavailable, so this is fantastic news!
Android Auto is a new thing that works now as of the end of December 2023! You can go to the "Apps" app to install Android Auto, then to Settings -> Apps -> Sandboxed Google Play -> Android Auto and flip the switches that give Google Play Services the required access to make Android Auto now work, by popular demand!
Pixel watches and other snartwatches also work and are compatible with GrapheneOS.
My banking apps work (both of them) though I need to enable "Exploit Protection Compatibility Mode" in the app's settings. This setting disables a lot of the built-in GrapheneOS exploit protections and allows the app to run more like it did under stock Android. This is also required for my credit card applications, and I also have to grant them all permissions they ask for (including sensors when they ask!) but then they all work perfectly. See here for a list of banking apps and their compatibility with GrapheneOS.
All in all, the two big things that never used to work and one would have to give up moving to GrapheneOS were Android Auto and Google Pay. Now its just Google Pay, and if you have a watch that does NFC payments, or a banking app that does NFC payments, your still good to go! Overall, everything else will work or can be made to work on GrapheneOS, with very few exceptions due to security.
Backup and Restore
If you give Google Play Services the Contacts permission temporarily, then go to Google Settings -> Setup and Restore -> Restore Contacts, you can restore all your Google backed up contacts to your new install! Then you can keep them synced if you want, that's under "Settings for Google Apps" one screen back, or you can revoke the Contacts permission from Google Play Services after the contacts are restored. One more tip here; if you want contacts to be restored by Seedvault (GrapheneOS's backup) you need to go into the Contacts app (GrapheneOS Contacts app, not Google's), into it's settings, and export contacts as a .vcf file. Then import that same .vcf file in Contact's settings. You won't get duplicate contacts, and then you will have all your contacts saved as Local Contacts as well as Google Contacts. Local Contacts will be backed up by Seedvault.
Once you install GrapheneOS fully, with the apps you want, you'll naturally want to make backups. Backup to Google does not exist, but there is a built-in backup solution that is pretty nifty. It allows backup to USB, NextCloud (could not get it to work) or DavX5 (Available for free on F-Droid, or you can buy it on the Play Store to support the project, and need a CalDAV/CardDAV Server to backup to, I don't have one yet, so could not test but is recommended and should work well.) USB Backup of storage is experimental, but works excellently! It does take it's sweet time, even with the Pixel 8 Pro I don't think the USB port is very fast, it can take a long time to do a storage backup of 140GB. (photos, videos, downloaded files in Downloads, whatever other folders you wish to include, such as Documents and Recordings.) Apps backed up all APK files and data for all apps that were "recently used" and allowed data backup.
There is also a new backup mode recently, called "D-D Backup." this backup mode can be found in the main Backup screen -> three dots in upper right -> Expert Settings. It will tell you the conditions, and it says that you need to manually select "Backup Now" from the same menu, however even on Automatic Backups I have had it make D-D Backups. This type of backup backs up data for all apps that have been used recently!
It gives the same results as any root-based backup solution in effect. This means that if an app does not do well with having it's data restored then it may need to be uninstalled and reinstalled to function. Trial and error will tell you quickly which apps these are, for myself it was the Proton suite of apps and Element. You can exclude these apps in the Backup Status screen, or include them and just uninstall and reinstall after a successful restore.For regular, non D-D Backups, to see which apps allow data backup, go to Backup Status and look at the list of apps. When you perform a backup, when it is in progress, pull down the notification shade and you will see a silent notification that shows the backup progress. Then when done, it will give you another silent notification saying how many apps were backed up and click for more. Clicking leads to Backup Status, and when it says that it only backed up 30/64 apps, what it means is it only backed up the DATA for that many apps. It still backs up all of your apps, and will, on a restore, restore all your apps, the app data for the apps it can back up data for, your system settings, widgets, app placement, theme, messages, call logs, and if you saved a storage backup, you videos, pictures, and downloads. Just about everything! I've not really found anything that needs to be done after a successful restore!
If it fails a backup (much more likely for a D-D Backup), then run it again and again, and again! I VERY STRONGLY ENCOURAGE YOU TO MAKE ANOTHER USER AND TEST THE BACKUP TO MAKE SURE IT WORKS AS INTENDED! Thiswy be less necessary for regular, non D-D Backups, however probably a good idea. If it has many apps not installing, just backup again!
For restores, in some circumstances you may need to do it twice if a bunch of apps fail to install during restore (this was on older versions, leaving this here just in case it helps someone). First time when you restore during setup, if an app fails to install, it will ask you to install it manually, but because Google Play Store and Services always fails, there is no store to install from! Even though the GrapheneOS Apps app is installed, it won't recognize it. So you'll need to install your app store, and type "backup" into Settings, and click the dots in the upper right corner and hit Restore Now to do it again. Then manually install any failed apps from Play or Aurora Store, before it restores app data.
My Backup (free version) can also take a local backup of all your apps, settings, messages, and videos and pictures. Then use Total Commander to move the "rerware" folder from your Internal Storage root to a USB drive. One thing, the free version only supports restore to the same device, and after factory reset, the same device is actually recognised as a different device! Still, I have made the free version restore once either system settings, or pictures and videos. The paid version can backup to Google Drive (never got it to work) Dropbox and their own server, and can do restores to different devices. Before use, make sure you go to App Info for My Backup, and toggle on all the Allow switches, beyond what the initial setup does!
Swift Backup is an app I bought very quickly! It worked well, it restores all my apps, SMS and call logs and wallpaper. I backed up to Internal Storage, then copied the "Swiftbackup" folder to external USB, then back to internal storage after restore was complete! If you buy the app, you can backup to Google Drive (works perfectly), Dropbox,or any number of other places online. You can also set a schedule where everything will be backed up on a schedule. This is most useful for messages and call logs. It's saved me many times, as these are shitty to loose! To restore apps you need to install an app called Shizuku, and connect it to wireless debugging. It's simple and works well, just follow the guide that comes with Shizuku! There are also many other apps that work with Shizuku that allow a lot of nifty root-like tricks! (As an aside here, using Wireless Debugging and allowing an app access to it is not very secure at all, and is in general NOT RECOMMENDED! I'm putting that in bold for a reason. It allows an enormous amount of privilege escalation to the app and also to whatever app connects to Shizuku. Be absolutely certain that you want to allow the app this kind of privileged access, as it can be dangerous to the overall security of your system, and therefor is in general not recommended.)
I have yet to find another app that does not work.
##Original Retrospective after using GrapheneOS after a few days:
I've noticed the lack of having Adaptive Battery on this OS. I've been following my AccuBattery stats over the last few days, and I've noticed that my screen-off drain, with everything set up the exact same as Stock OS, is higher. My Deep Sleep drain is ~1.4% per hour instead of ~0.8% per hour on stock. I also am only in Deep Sleep about 86% of the time vs 93% of the time for stock. Screen-off awake drain is the same, overall screen-off drain is ~1.7%/hour vs ~1.2%/hour stock.
This was with Device Health Services not disabled, but with Usage Access revoked, as well as Digital Wellbeing having Usage Access revoked. Both made significant gains to my battery life, both screen-on and off. However, even with Usage Access being revoked there are still machine learning/AI algorithms that contribute to better battery with Adaptive Battery on, and this is obvious now.
My screen-on battery life however seems to be better by about 0.5-1%/hour Also, so far Adaptive Charging hasn't worked, unfortunately...
After this, I tried the following:
I tried installing Device Health Services from APKmirror. After installing I did grant it usage access, as before when I did not it started but stopped shortly after the phone started. After installing and granting Usage Access to Device Health Services, it decreased my battery consumption! I'm now back to the same drain per hour as I was when using Adaptive Battery on the stock OS!
Retrospective after using for 6+ months:
I've long ago uninstalled Device Health Services as I found on the long run, it didn't do anything special. It's function under regular Android is to control Adaptive Brightness, but AOSP has it's own Adaptive Brightness control... So in GrapheneOS I doubt it does much of anything. I bet my battery life increases were placebo, and that GrapheneOS is no worse than the Stock OS on battery life. Without Google Play Services installed, I bet it is better, as under Battery Consumption it is always a high idle consumer, and monitoring wakeups, it always is high on the list!
I've also long ago gone back to using the default GrapheneOS apps, as they're guaranteed to preserve your privacy, and they are useful and functional! You can find another messaging app if you like, a lot of people don't like the AOSP one, but I didn't mind it, QKSMS is a decent one often recommended, available in F-Droid. However, I've had some problems with MMS showing up in QKSMS, but they show up perfectly well in the default Messaging app. Google Messages also works very well, and RCS can be enabled in it. It needs acress to Phone, SMS and Network for this, and Google Play Services also needs access to those 3 permissions while it is enabling. They afterwards you can just remove all but Network permission from Google Play Services. I just use the default ones though, they all functional and useful! The default Phone app is excellent. You get every basic function, it supports Visual Voicemail, plus you get Call Recording, a GrapheneOS exclusive!
The Auditor app is an amazing app that too few use. What it does is verifies that your OS hasn't been modified by malware periodically, in the background without you having to do anything after a 2 minute setup. You make an account at: http://attestation.app/ Then you get a QR code on your screen, and you point the camera in the Auditor app at it. That's it! Then your device will submit attestations every few hours verifying your integrity.
I used to use Firefox, but as stated above, it has a major flaw with it' process isolation, so I refuse to use it until that is fixed. Vanadium is a better and better browser the more I use it! Go into Vanadium's settings and into it's privacy settings to tweak the browser more to your liking. There are options there that you may not have been aware of!
I still use Google Play Services, since a few apps I use require it. I've tried to move away from it a far times in the past, and I've also tried to partition it off into another user profile. Both running without Sandboxed Google Play Services, which it has to be noted I'd quite different in implementation than the regular Google Play you know from stock Android. It runs just like any other app, with no special permissions or admin level access. You can give it or deny it any permissions you see fit. This fact, and that Sandboxed Google Play is so nice and easy to have installed has made me keep going back to using it! Its a fantastic feature of GrapheneOS, and one I plan on using into the future.
Probably the absolutely best tip I can give after all these months, is use Vanadium to log into websites instead of using apps! By that I mean, don't download the Amazon or eBay apps that are full of trackers. Over half of Android apps have trackers, and you can bet ones that deal with shopping or anything that serves ads, or can benefit from the company behind it building a profile on you with your data has them. Using the app App Manager, I have looked into apps and seen that the majority of them have 3-20 trackers. Save your data, and if you can log into a website instead of use an app, do it!
If you are looking for a great VPN, ProtonVPN is the one I have been using for many years! They have an excellent free plan that cannot be beat, and their paid plan is even better! I personally use Proton Unlimited, which gives me encrypted mail, password manager, 500GB encrypted cloud storage, encrypted calendar, and high-speed VPN. The Drive and Mail apps can be set to require fingerprint to access the apps, keeping a second layer of protection between your data and prying eyes!
A fantastic privacy app I use is also in F-Droid Basic, and called Private Lock. It uses your accelerometer to detect when your phone is moved forcefully, like when someone tries to take it away from you, or your in an accident, and then locks the screen and disables the fingerprint login. You can set it to run on the lock screen too. This will take some battery, but will disable fingerprint login in case something happens like an accident.
Google Gemini!
I've originally left the Google Assistant behind, since the assistant can see and record everything on your screen. There is an alternative, Dicio, the free open-source assistant that runs locally only on your phone! It's simple, but functional too.
Now that Gemini is out, I had to give it a try! It required downloading the "Google" app, as that app is the one that actually runs your Google Assistant, get it in the Play Store. You also require the Assistant app, and the Gemini app, which may not be available in your country. In my country, Gemini was not available however I got it APKMirror. Also, while I haven't yet made any of Gemini Nano's advanced on-device features for the Pixel 8 Pro work yet, if you would like to try, you need the AICore app. Also, go into app settings for AICore, click "additional settings in app" and enable AICore Persistent.
Now, the Google app needs to be re-set as the Default Assistant App in Settings -> Apps -> Default Apps after every restart/reboot or swiping will not wake it! Gemini replaces Google Assistant as your assistant, you cannot have both assistant apps at the same time, but you can easily go into Settings in the Gemini or Google apps and switch between them quickly. The action on GrapheneOS to invoke assistant apps is to swipe from a corner of the screen inwards to the middle. I haven't been able to make "Hey Google" work, but Gemini does work on the lockscreen. Now this is your very important for your privacy; You can give or not give permissions to the Google app, and those are the permissions that will determine what Gemini can and will use, so that will determine it's capabilities. So, if you want to be able to say "call Mom" the Google app will require your Contacts and Phone privileges. Sending texts requires SMS. Using App Ops I have been able to granularity set these, allowing Send SMS but denying (ignoring actually, sends blank data to the app) Read SMS, allowing Make Phone Call, but denying Monitor Phone and Receive Phone Call. Best use for App Ops I've found. Ever! I had a very long conversation with Gemini Advanced about it's use of permissions, what data Google can get from them, and let me tell you, for a Google product, Gemini Advanced is not a fan of Google's data-grabbing practices! It gave me most excellent advice on which permissions leak the most data, and how to minimize data leakage. It really likes the App Ops approach. Call Logs can apparently be used for a lot of badness, along with Contacts... SMS is also particularly invasive.
There are 3 levels of LLM, so 3 Gemini Models. Nano is very small, for running on the Pixel 8 Pro and other flagship/future phones locally. Gemini Pro is the middle one, and Gemini Ultra powers Gemini Advanced (what comes from paying the $20 or $25 Google plan with 2TB Storage). If you just want the AI chatbot, using Gemini Pro, then that's what you get with the Gemini app. If you want Gemini Advanced, you can sign up for the 2 month free trial that should pop up as an offer if you are signed into a Google account. It should go without saying that using Gemini requires Sandboxed Play Services! Gemini Nano is for the Pixel 8 Pro. It will check your device model, and requires the AICore app to be running persistently, I'll update this if I see results from Nano, or not.
Then there is the Gemini Apps Activity settling. This is where the privacy vs functionality rubber meets the road. By default, all your conversations with Gemini are saves for 18 months! They may during that time be reviewed by human annotators, after being de-anonymized, but if they are, those ones are not deleted when you choose to delete you conversations as they are kept apart from your regular conversations. Google even says, DO NOT SAY ANYTHING IDENTIFYING OR INCRIMINATING TO GEMINI! Now, you can change the Gemini Apps Activity to as low as 3 months before being auto-deleted, or you can turn it off. If off, Google will only keep your conversations around for 3 days, for quality of service or something like that, and they won't be pulled for review. The thing is, if you want Gemini to do a lot of fancy things, it has to use "Extensions." This is like setting reminders, interacting with Google Maps, and YouTube.
I have been using Gemini Advanced for about 2 weeks now. It is something that I think will actually get me, someone who hates all apps by default, and has a strict policy of never installing apps if it can be avoided, to keep the Google app on my system! With heavily reduced privileges of course.
UPDATE
Today, I got a reminder that all of a sudden, Google turned on Gemini in Google Messages! Now, I don't know yet if it is tge version that runs completely on your device and works offlihe, Gemini Nano, or if it is cloud based and therefore Gemini Pro or Gemini Advanced for subscribers (such as I am). I will update this once I learn more. You can use it for ideas for conversation starters, help drafting messages or quick replies. Thing like that!
That's it!