Dan-cer do double check some of her recommendations as I saw she recently recommended SimpleApps even though they were bought and are now forked to Fossify. I've seen this a few times with her videos and while I do highly recommend them do some digging on her recommendations yourself and look for alternatives that match your needs.
Edit: just being here and asking for advice is a great step on researching for yourself, just more of a general recommendation for any creator.
or, if you are still unsure, just read all the posts at this forum for a week or two.
That should give you an idea of how things work.
And if not, the search facility here is excellent.
Think about it less and just do it
The idea of installing gos is so much harder than actually installing it
The install is very quick and easy.
Just know that there are enough phone identifiers that if you log into any Apps, the identifiers will get associated with you. Some apps can possibly determine you use GOS which will also put you in a narrower group of people. You have much more control over the phone in GOS and are less likely to be sending constant data that you didnt even realize was being sent, but using GOS is an identifier.
Ghostinfinit this is a really good point
The smart way to use Graphene is to use a hard password to unlock the device first time and a different profile with a password with an easy profile for most day to day things. This was, if your phone locks after you put it down for 10 mins, you enter the easy password. You also do automatic reboot after 4 hours or 1 hour or 8 hours, so that way if your phone isn't used in a while it goes back to the hard password and it mitigates against someone being able to place guesses regarding the easy password, since the phone will reset eventually.
If I had to do it over again, I would keep the main profile just blank and not have anything in it. I would install everything to other profiles from neo in each profile.
Ghostinfinit Thanks, this information was very precise and I am going use GOS the way you mentioned.
Dan-cer enable networking on neo and retry
yuru
Magic Earth for maps
notahuman this is wrong since attempts to crack profiles can be done independently.
notahuman So much this. Just get onto the GOS phone and use away. Not saying be reckless, but download the apps you need, try to find FOSS alternatives to anything proprietary. Start with app repos such as Fdroid, otherwise Aurora Store has everything needed.
You can further check an app for yourself for more details on permissions and trackers: https://exodus-privacy.eu.org/en/
For an idea of the apps that I like and use, I've listed them out on this page:
https://graphenegoat.com/grapheneos-phones/apps/
You will make mistakes, and that is totally fine, it's better to dive in and start learning than to try and wait and do everything perfect. Enjoy!
GrapheneGoat Start with app repos such as Fdroid
The F-Droid app uses an older API level and does not use TLS certificate pinning. So it is preferable to use an alternative F-Droid client like Droid-ify.
GrapheneGoat otherwise Aurora Store has everything needed
Aurora Store should be avoided as it uses shared account tokens which can cause incorrect app versions to be installed. The sandboxed Google Play Store from the GrapheneOS App Store is the best bet when used with a throwaway Google account.
GrapheneGoat As someone who listened to this advice when I first started, i strongly recommend not doing that. At the very least, if you're going to dive in head first and learn as you go, you should do everything on secondary profiles from the get go while keeping the original owner profile clean.
You can delete a non-owner profile in seconds and start over. Meanwhile, if you need a fresh start on the owner profile, you have to do a full system wipe of the phone. It's best to avoid using the owner to avoid that from happening until you have more confidence - though some recommend always keeping a blank owner profile for other reasons.
Sticking to secondary profiles will allow you to maintain at least one functional profile at all times while you experiment and rearrange things in other profiles, so you'll never have to go without a working phone.
I wish this was explained to me when I first started instead of the usual advice of people trying to talk beginners out of multiple profiles fearing it would overwhelm them and cause them to revert back to stock. From experience, having to wipe the phone and go without working phone while your family yells at you for letting this "privacy hobby" get in the way of more important things....that's how you push someome back to stock.
yore so what is the recommended way to install things? Some apps will only be available from some sources.
It would be really cool if there was a guide that showed a preference order of how to install apps (from best to worst) so that I could just install from the best available source each time.
One of the best practices I picked up is to use the owner profile almost exclusively for installing and updating apps, pushing them to different user profile(s). You can also then disable apps on the owner after installation as they should still receive updates while disabled. This both helps protect your main profile(s) from potential attackers, while also allowing you to install from the higher security Play Store without having to keep play services running in your main user profile(s).
On the owner profile, here is what i currently think the order of preference is based off what I've read on here:
Graphene Apps
Accrescent
Play Store with throwaway account + VPN + Play Services
(tie). Play Store with normal account + VPN + Play Services (better security, worse privacy, access to paid apps)
(tie) Aurora Store with anonymous login (worse security, better privacy, no paid apps)
Obtainium with App Verifier
5a. Pulled from GitHub/GitLab/Developer Site
5b. Pulled from third-party F-Droid repo
In-App Auto-Updates
F-Droid Basic/Droidify
7a. Developer third-party f-droid repos
7b. IzzyOnDroid
7c. F-Droid Main Repo
Official F-Droid App (though not necessary and you should just skip it), same order of repos as above.
Random APK websites like APKPure (probably unnecessary - if it's not available in any of the other above methods, you should question whether it's safe enough to install in the first place)
Sbpr It would be really cool if there was a guide that showed a preference order of how to install apps (from best to worst) so that I could just install from the best available source each time.
I don't think there can be a universally-agreed-upon order, because I believe people weight different features differently.
Some people want to run open-source apps to such a level that putting your proposed #3 (Play Services, Play Store, VPN, throwaway account) at that spot on the list would make zero sense. Would it make sense for you and such a person to try to argue the other one into agreeing?
Said differently: the various sources differ in terms of privacy, security, and convenience. Various people would rank those three in different orders.
