• General

  • About to switch to GrapheneOS. Want some tips.

Hello guys, I am going to buy a Pixel 7a because I want to switch to GrapheneOS. Do you guys have any tips for me regarding security or privacy, or things you would have done differently when switching to GrapheneOS and don't forget to suggest some open source apps that I could switch to in place of conventional ones. I also have a question :- Is each and every single application sandboxed in GrapheneOS or are they only separated by profiles. And if every application is sandboxed, why would we need profiles? Thanks for reading and answering.

    yuru Every app is sandboxed in GrapheneOS, as in all Android variants. But "sandboxed" does not mean "completely isolated". Android apps are expected to cooperate in many ways -- for example, keyboard apps are expected to receive text from apps and provide text to apps. The Android sandbox constrains apps in some ways but also allows some interactions.

    Apps in different user profiles do not interact... mostly... though they can interact, if permitted, through some shared databases such as the Contacts database.

    Android is complicated. Any simple description of how it works is probably incorrect.

      yuru I recently switched to GOS and spent about a week finding suitable alternative apps. I'm happy to give examples here. But maybe first write down which apps you need and want to replace.

      As for tips on security and privacy, I recommend the YT channel Naomi Brockwell TV. In many short videos she gives tips on all areas, in desktop and smartphones, and beyond. At least Naomi helped me to get a deeper knowledge.

      Otherwise I would first install and get to know GOS as it is. And then personalize it step by step.

          If you want to use multiple profiles I recommend not using the owner profile for anything other than installing apps. This is to make it possible to have the same app in different profiles without getting errors. But before installing apps on your owner profile make sure to disable "Allow Sensors permission to apps by default" in settings under "Privacy". You should also disable this inside of the profile you want to put apps into before installing them through the manage profiles settings. Also when installing apps in your owner profile don't give network permissions to apps. For example you may give networking to Aurora Store, but not Telegram since you wont be using it inside of your owner profile.

            If you are just the average Joe and just don't want tons of your data communicated to the Big Tech, I would recommend keeping just one profile ; switching profiles is a big usability trade-off. You can try not to install Google Play ; it might be necessary just for a few apps that you need.

            Ghostinfinit But before installing apps on your owner profile make sure to disable "Allow Sensors permission to apps by default" in settings under "Privacy". You should also disable this inside of the profile you want to put apps into before installing them through the manage profiles settings. Also when installing apps in your owner profile don't give network permissions to apps.

            To me, this sounds as though you're implying that these are near-mandatory steps for the user to take. The user has the option to do this, but there is no official recommendation on whether or not they should do this. If the OP understands what these toggles do and decides they are advantageous for them, that's great! GrapheneOS makes these features easy to use.

              It was useful for me to find alternative stores right from the start to avoid the Google store. I now mainly use Aurora in anonymous mode, which is basically a mirror image of the G store, but anonymous.
              I also use F-Droid for FOSS apps.
              I had Neo store installed, but I found almost nothing there.

                Dan-cer I had Neo store installed, but I found almost nothing there.

                Did you refresh the list after installing? There shouldn't be "almost nothing there". It should be no different from using Fdroid. I've just tested and I see everything fine. The Fdroid, Izzy and Guardian Project repos are enabled by default, and other repos such as Newpipe and Bitwarden can be enabled in settings.

                    Dumdum I can't remember, but maybe I didn't. Glad to hear that it is as useful as F-droid.

                        Dan-cer do double check some of her recommendations as I saw she recently recommended SimpleApps even though they were bought and are now forked to Fossify. I've seen this a few times with her videos and while I do highly recommend them do some digging on her recommendations yourself and look for alternatives that match your needs.

                        Edit: just being here and asking for advice is a great step on researching for yourself, just more of a general recommendation for any creator.

                          or, if you are still unsure, just read all the posts at this forum for a week or two.
                          That should give you an idea of how things work.
                          And if not, the search facility here is excellent.

                          Think about it less and just do it

                          The idea of installing gos is so much harder than actually installing it

                          The install is very quick and easy.

                          Just know that there are enough phone identifiers that if you log into any Apps, the identifiers will get associated with you. Some apps can possibly determine you use GOS which will also put you in a narrower group of people. You have much more control over the phone in GOS and are less likely to be sending constant data that you didnt even realize was being sent, but using GOS is an identifier.

                            Ghostinfinit this is a really good point

                            The smart way to use Graphene is to use a hard password to unlock the device first time and a different profile with a password with an easy profile for most day to day things. This was, if your phone locks after you put it down for 10 mins, you enter the easy password. You also do automatic reboot after 4 hours or 1 hour or 8 hours, so that way if your phone isn't used in a while it goes back to the hard password and it mitigates against someone being able to place guesses regarding the easy password, since the phone will reset eventually.

                            If I had to do it over again, I would keep the main profile just blank and not have anything in it. I would install everything to other profiles from neo in each profile.

                                14 days later

                                Dan-cer I want to replace pretty much everything. It includes apps like calculator, camera, gmaps, gmail(I have heard k9 is a good alternative), etc.

                                    Lukas I might do that if my brainrot exceeds my will to protect my data. Lol

                                      yuru

                                      K9-Mail is solid I have been using that App for emails way before switching to GrapheneOS and I am still using it.

                                        yuru A fine alternative to gmaps is Here WeGo. It comes with FREE updatable offline maps and is therefor even better.