• General

  • Please fill in my single missing piece to making Graphene my 100% use tool

Hello everyone and thank you to those who contribute to Graphene, in the software and in the forums. This is my first post.

I have been in the process of degoogling, and therefore moving, learning, and appreciating Graphene. I have reinstalled the OS 4 times in the last week and I break things and revert to stock. I feel that I have a fairly good handle on whats going on. I am very open to suggestions and opinions. Some of my lessons learnt are :

  • Apps are not like pokemon, you dont have to collect them all. I only bank once a week or so, use a web page not an app. Same with Ebay and Paypal and the rest.
  • I cannot use my square reader in Graphene, I will keep an old phone to run square in the office. It is no different to any other hand held credit card reader machine. This is because of Square.
  • I cannot pay via Google Pay on Graphene. I carry a real wallet with cash and licence etc anyway so no problem. This is because of Google.
  • I have email via Proton, but phone contacts via etesync. This bothered me at first, but I have no problem now. I have to pay for both of there services in money unlike Google.
  • Android Auto will not work with Proton VPN. I cant even have it installed and turned off. I suspect this is as designed by Google.
  • Getting Android Auto to accept unknown sources made it work with my Google Maps and Spotify. This was big.

Now my question : When looking for an app to install, I start by looking in F-Droid, and then in Aurora (anonymous). That is it. I have Google Play installed to use Android Auto, but I have not logged into Google Play. There is no GMail account on my phone anywhere, no account at all. Using the example of a Calendar App & Widget (very important to me), I wish to pay for and use a premium app. I am happy to support the developer and access the advanced features. If I do not have any Gmail Google account on my phone, is it basically impossible to own an app? If I like app X and want to buy it, can that happen, and if so, how?

I understand that I can make multiple sandboxes on my phone, but to use a widget, I assume that I have to be logged into the correct sandbox? I am looking for a somewhat secure and private experience, but I am not in any dire need of extreme security, and accept that running Google Maps with no Google Account and no VPN still has compromise.

I guess my question could be summarised as "do I have to log into a Google account, should I log into a Google account, and what are the real consequences of doing so or not doing so?"

Otherwise I find Graphene very useable and very realistic as an everyday phone for normal real world use.

    For CalDav, you could probably run an own server, this is what I do. I have https://radicale.org/v3.html on a RaspberryPi 5 (it's even in the repository, so no biggie to set it up), and on the phone side I use Etar together with DavX5 for syncing, which works well. I copied the calendar from Google to that radicale server; done.
    Edit: forgot - just looked up my phone with GrapheneOS on the Pi-Hole, not one blocked address at all, while I see both stock Pixel 8 and 6 from daughter and wife there... it's the best system in the house.

      I have learnt a lot of very useful and important things on this journey, not having all my contacts, emails, and passwords stored with Google (Gmail, Chrome, Google Authenticator), and how much rich alternative there is. On top of that it was a shock to realise how much personal information i was handing away with apps (store, maps, banks, gmail, etc). I would reccomened this journey for anyone curious as to how much they are exposed, you will learn a lot.

      I guess it is a second question, but regarding PKPass files, when I buy concert tickets, there is an option to add them to Google Wallet. I have not been able to reroute that command to a FOSS PKPass program. Sure I have loaded up a number of these programs, and I can manually add in the details in various ways such as importing the PKPass file and scanning the QR code via camera. It would be nice to route the Add to Google Wallet button to pass a valid PKPass file directly to ... say Catima. Catima doesnt even seem to read a PKPass file if I extract it to the phone, but others would not show the QR code or were in some way lacking. If this is easily doable, that would be brilliant to know how to do.

      And when I said multilple Sandboxes in my previous post, I meant multiple Profiles in Graphene.

      • N1b likes this.

      wjl I looked at Radicale, but decided against self hosting. I also played with Etar, but love Business Calendar 2 and struggle with anything else, its what I am familiar with. EteSync and Business Calendar 2 is my happy place, but the calendar is free non paid, and I would like to pay the extra token amount of money to support the developer for such an amazing product and get access to the fancy color customisation.

          davey decided against self hosting

          I understand.
          Re: wallet - I don't use one, and for payments I've tried the app from my bank (Deutsche Bank) in the past which worked. But since I'm also against putting all things in one basket, that one had to go again.
          Regarding security, I rate GrapheneOS higher than both my Arch and Debian installs on the desktop.

              • [deleted]

              • Post #6

              davey if you want to get full version of Business Calendar 2 then just log in to Google Play and pay for the app, that's the easiest way. They don't provide alternative ways of payment on their website, but it won't hurt to contact and ask them as well.

                  wjl I have an internal only Debian box that is not at all locked down, that I use for a printer server and PiHole server. There is no way I am forwarding anything external to that :)

                    [deleted] I already have a paid for version in my gmail account, I have been avoiding using that account on my Graphene phone. This is my core question. Should I be avoiding linking Google to Graphene, or should I be embracing it? As a widget, it would need access to my main (and only) profile. I cant seem to fully appreciate the consequeuences of this action, and am avoiding doing it until I understand it.

                        • [deleted]

                        • Post #9
                        • Edited

                        davey to give you a quick summary, you get the best privacy not using Play Services but using it on Graphene OS is a big step up from stock device and as you said you are not extremely bother about it so you should take the plunge a use sandboxed Google Play for a great deal of convenience. Just to add, I have had a love and hate relationship with sandboxed Google and currently don't use it but eventually I think I will give in.

                            davey I have reinstalled the OS 4 times in the last week and I break things and revert to stock

                            If you're just about starting over, you don't need to reinstall GOS. A simple factory reset will do this for you much quicker and more conveniently.

                            davey When looking for an app to install, I start by looking in F-Droid, and then in Aurora (anonymous).

                            There are many ways to install apps. From what I can see, you might just want to use Google Play Store as the more secure method of installing apps. You have installed Sandboxed Play Services already and can create a throwaway Google account to keep most of your privacy. A guide how to create such account has been written here.

                            You also could replace F-Droid with Droid-ify for easier user experience and auto-updates. Or look into Obtainium.

                            davey If I like app X and want to buy it, can that happen, and if so, how?

                            You might be able to charge up your throwaway Google account with gift cards from the supermarket but I don't know if that works without also giving identifiers.

                            davey sandboxes on my phone, but to use a widget, I assume that I have to be logged into the correct sandbox?

                            If you refer to user profiles, then yes they are treated as totally independent users. One user can't see the data of another and will always require an extra user slot in your ProtonVPN subscription.

                            davey I am looking for a somewhat secure and private experience, but I am not in any dire need of extreme security

                            This is where threat modeling comes in. The better you know yourself, the quicker you can answer the questions what you want to do with your GOS setup. Using GOS alone gives you huge advantages by default, but for fine tuning I recommend reading here, here and here.

                            davey should I log into a Google account, and what are the real consequences of doing so or not doing so?

                            Google will be able to see some things (e.g. what apps you have installed and the information they share with Google). That's already true because you have Play Services installed. Now Google can attribute this knowledge to a single profile. The question is: Can Google connect the profile to your real life identity? If you are careful, that shouldn't happen.

                            Anyway, the amount of data Google receives from you is greatly reduced by using GOS. On almost every other Android setup, Google has privileges to see pretty much everything, your usage patterns, sensors, location, settings etc. On GOS google won't see more than any other app you install if you don't want it to.

                            I'm not speaking for the GOS project, only as enthusiastic user. Always cross check and don't trust me.

                                          [deleted] using Google Play Services on Graphene OS is a big step up from stock device.

                                          I believe that this is what I am searching for. IF I connect a google account to Graphene OS with a single profile, am I wasting my time and undoing all the good work? You are stating that even with full Google account connection, the Sandbox is still a big step up from a stock OS and very much worth while.

                                          I needed this put this simply and obviously without all the detailed discussion and arguing that got too complex and detailed too quickly. Thank you for this.

                                            N1b Using GOS alone gives you huge advantages by default, , the amount of data Google receives from you is greatly reduced by using GOS, on GOS google won't see more than any other app you install if you don't want it to.

                                            Its great to have you back up what SgtSurehand is saying, in a language I can easily work with, thank you as well.

                                              Blastoidea apps are not like pokemon, you dont have to catch them all.
                                              But I do really desire a strong calendar widget for my use case. Everything else I have already thrown away.

                                                I am guessing that with a burner gmail account, wallet will now work for downloading and sharing PKPass files as well, which is my secondary question addressed. I guess its time to find out!

                                                Have you considered proton calender? I see you already use proton mail. Also for navigation in the car, try magic earth instead of google maps, it works pretty good. For payment via nfc there are banks who support it without using gpay by using the nfc chip directly, depending on your country you have to figure out which bank this is for you.

                                                  Meph Proton Calendar doesnt do a monthly widget, just an agenda. I really want a configurable monthly widget.
                                                  Magic Earth looked really good, but i learnt i could use maps without logging in and figured that amused me to do so.
                                                  Not looking for payment via NFC, i have an old fashioned card in my old fashioned wallet and i am happy with that. I am looking for PKPass tickets in wallet instead.

                                                    OK i made a burner account, as per

                                                    N1b written here.

                                                    It took a lot to install, required a reboot, then took a lot more to install. Currently Graphene is optimizing apps (1/23) and has been for about a minute so far. Something big has changed, not sure that it is a good thing. Wallet is not loading yet, still gets the spinning wheel to nowhere while saying "Choose an account to use with Go...". as it did before, so I suspect it wont work. Patience is required, but I suspect I would have been better off without the account.

                                                      15 minutes of upgrading and rebooting and more upgrading, and then restarting apps. No google wallet, just for keeping PKPass files. I think that I am going to get rid of the account and see how I go accountless. I can always add another if needed at a later stage.

                                                        • [deleted]

                                                        • Post #20

                                                        davey perhaps log in with the account which you used to purchase the Business Calendar 2 with. Google Wallet same as Google Pay will not work, don't waste time.