need help from someone knowledgeable with setting up new device the right way

sophia_st

Hi!
I have pixel 8 pro and I have some serious(for me) questions of how to setup it the right way, so I won't regret it in the future or will need to do factory resets or open some security hole or increase vector attack without knowing it.
I'll try to describe my usage as I can, please ask whatever you think appropriate to assist me the best, cause I'm probably gonna miss something due to lack of knowledge.

I have usage of the following apps, mostly:
telegram
whatsapp
instagram
viber
tiktok
signal
camera
keyboard
steps counter (not sure what will fit best, any ideas?)

I don't want super and crazy anonymity, I just want it to be as secure and as privacy friendly with keeping my real social accounts activity. So I have real accounts and usage of the above social media apps, but I don't want them to sneak out for things they're not supposed to.

1) So the first question is how do I actually set this all up. Should I use scopes or profiles? Because afaik even if the app(like whatsapp for instance) will be installed in the same profile, it can do a lot of different damage to other apps or sneak out etc. So what are my real options here, do I set a profile for meta like apps aside from the rest? or what should I do. And what about tiktok and viber or telegram. I'm highly confused with all of this.
2) I read this: https://grapheneos.org/usage#pixel-camera but I have no idea what is TPU and GXP and how it could affect me. I know for a fact that stock grapheneos camera is very, very limited and I would like to use something better like with some additional modes like food etc, but so that it won't affect my privacy and security. How can I install GCAM the right way? or what cam can you recommend?
3) I read here on the forum somewhere that I should also use some privacy friendly keyboard and then disable its internet access, but I have no idea how to do that. Is there some guide or something?
4) Are there any reliable steps counter you can suggest that won't affect privacy and be secure to install?
5) I have no idea and never used anything like Aurora or Fdroid or Accrescent, but afaik all of them serve the same purpose?
6) If I will use multiple profiles then I'll need to install multiple sandboxed google play, but does that mean it will cause issues due to same login? or how should it function?
7) What's the Thermometer app in the App Store? It doesn't have any description. I also have no idea where I should install it and what kind of data it transmits and where(I hope it's not google).
8) Forgot to ask... can I somehow securely implement the double tapping to lock the phone? It's like not having a finger without it tbh.

The OS looks amazing!

teezeh

sophia_st Because afaik even if the app(like whatsapp for instance) will be installed in the same profile, it can do a lot of different damage to other apps or sneak out etc.

Nope. I think it would be totally fine to install all of your apps in the Owner profile together with sandboxed Play Services and Play Store.

sophia_st How can I install GCAM the right way?

Just install it from the Play Store. The only thing that does not work is integrating another gallery app than GPhotos. But there are workarounds for that.

sophia_st use some privacy friendly keyboard

If you don't like the standard AOSP keyboard, you might want to check out FUTO keyboard, for example.

sophia_st never used anything like Aurora or Fdroid or Accrescent, but afaik all of them serve the same purpose?

All are alternative app stores. Accrescent is fine, but only has very few apps (so far). Both Aurora and F-Droid have serious security issues and are not recommended by the GOS team.

sophia_st What's the Thermometer app in the App Store?

It is the same app that is installed on your P8P. The phone has a thermometer sensor. No privacy issues.

Go for GOS! You can always revert to stock if you don't like it. Before making the switch, though, make sure that you have backups of your social app chats.

sophia_st

teezeh Nope. I think it would be totally fine to install all of your apps in the Owner profile together with sandboxed Play Services and Play Store.

faxe 1) Apps can communicate with each other if both apps explicitly consent to communicate with the other app. For example Whatsapp, Instagram and Facebook will likely be able to communicate via IPC since these apps all are made by meta and they likely added this functionality to their apps.

No, I wasn't referring to IPC, but more to what if there's a security breach in whatsapp for example and it's in my Owner profile? It also can sneak out for other things too, no? Isn't it risky and GOS' whole idea goes for nothing this way? And there could be backdoors and what not in these apps. Google play store included.

faxe There are multiple setups possible (I personally use the Owner profile as my main and private space and work profile for apps I wanna seperate but still keep it more usable than switching profiles), with each having their own pros and cons. You might wanna check out https://seprand.github.io/articles/best-user-profile-setup/ for more info on that.

Yes I read that, but it has shared clipboard and doesn't really protect from apps like whatsapp that can be hacked or have security holes in them?

teezeh Just install it from the Play Store. The only thing that does not work is integrating another gallery app than GPhotos. But there are workarounds for that.

faxe 2) Simply installing it from Play Store

Got it!

faxe (can be installed together with play services from the "Apps" app) is the recommended way.

What does that mean? I don't have "Apps" app, but you probably refer to the Apps Store app? I have only the GrapheneOS camera there. No google's one.

teezeh If you don't like the standard AOSP keyboard, you might want to check out FUTO keyboard, for example.

faxe 3) You can either use the default keyboard (which is a bit limited in it's functionality) or choose a privacy respecting keyboard like Florisboard, Heliboard or FUTO. If you want to use a proprietary keyboard for some of it's functionality you can revoke internet access by not giving it the network permission.

And I install them with play store correct? and then switch the networ to disabled in the app's setting yes?

faxe 4) I personally use a Mi Band 9 wristband together with gadgetbridge for this purpose, but surely someone else will recommend a privacy respecting step counter app.

Ok thanks, there's this thread I found: https://discuss.grapheneos.org/d/9723-privacy-friendly-fitness-trackers

teezeh All are alternative app stores. Accrescent is fine, but only has very few apps (so far). Both Aurora and F-Droid have serious security issues and are not recommended by the GOS team.

faxe 5) Using Aurora and Fdroid is not recommended by the GOS devs for various reasons. The recommended way to install apps is through the Apps app, accrescent and Play Store. Accrescent is a new promising app store and still in beta I think, so there are only a few apps available (for example Molly and App verifier) but this should change in the future once Accrescent hits a stable release.

Got it!

faxe 6) Logging into multiple profiles with the same google account behaves like logging into multiple phones with the same google account, so it's no problem.

Nice, thanks!

teezeh It is the same app that is installed on your P8P. The phone has a thermometer sensor. No privacy issues.

faxe 7) Don't know much about this one since I'm on a P6 which doesn't have this, but that should be the default thermometer app for the P8Ps thermal sensor.

Thanks!

faxe 8) It is possible to do this with a custom launcher and accessibility access. Granting accessibility access to an app can be a security risk so you ideally should only grant it to a trusted app and only if you really can't live without this functionality.

Yeah... I guess I'll skip it then despite it's highly natural thing for me now and its very useful in many situations. I wonder why is it not implemented or planned? afaik the launcher app is from the GrapheneOS' team?

teezeh Go for GOS! You can always revert to stock if you don't like it. Before making the switch, though, make sure that you have backups of your social app chats.

faxe No matter how you set it up, it will still be better than running these apps on stock PixelOS due to the extensive security hardening that is done by the Graphene devs and due to great features like storage- and contact scopes.

That's no option for me. I got this phone specifically to switch for GOS!

Sagebath Regarding #3 : if I disable network connecting for my keyboard app, can it still share everything i type with other apps?

I think not, but I'm not sure: https://grapheneos.org/features#network-permission-toggle

Sagebath Are there any privacy focused keyboard apps allowing swype?

You mean gestures yes? Look what I found: https://discuss.grapheneos.org/d/3469-keyboard-with-swipeflow

faxe

Hey Sophia, welcome to the Forum!

1) Apps can communicate with each other if both apps explicitly consent to communicate with the other app. For example Whatsapp, Instagram and Facebook will likely be able to communicate via IPC since these apps all are made by meta and they likely added this functionality to their apps. If you don't want apps to be able to do this, you can install them in different profiles. There are multiple setups possible (I personally use the Owner profile as my main and private space and work profile for apps I wanna seperate but still keep it more usable than switching profiles), with each having their own pros and cons. You might wanna check out https://seprand.github.io/articles/best-user-profile-setup/ for more info on that.

2) Simply installing it from Play Store (can be installed together with play services from the "Apps" app) is the recommended way.

3) You can either use the default keyboard (which is a bit limited in it's functionality) or choose a privacy respecting keyboard like Florisboard, Heliboard or FUTO. If you want to use a proprietary keyboard for some of it's functionality you can revoke internet access by not giving it the network permission.

4) I personally use a Mi Band 9 wristband together with gadgetbridge for this purpose, but surely someone else will recommend a privacy respecting step counter app.

5) Using Aurora and Fdroid is not recommended by the GOS devs for various reasons. The recommended way to install apps is through the Apps app, accrescent and Play Store. Accrescent is a new promising app store and still in beta I think, so there are only a few apps available (for example Molly and App verifier) but this should change in the future once Accrescent hits a stable release.

6) Logging into multiple profiles with the same google account behaves like logging into multiple phones with the same google account, so it's no problem.

7) Don't know much about this one since I'm on a P6 which doesn't have this, but that should be the default thermometer app for the P8Ps thermal sensor.

8) It is possible to do this with a custom launcher and accessibility access. Granting accessibility access to an app can be a security risk so you ideally should only grant it to a trusted app and only if you really can't live without this functionality.

No matter how you set it up, it will still be better than running these apps on stock PixelOS due to the extensive security hardening that is done by the Graphene devs and due to great features like storage- and contact scopes.

Sagebath

faxe

Regarding #3 : if I disable network connecting for my keyboard app, can it still share everything i type with other apps?
Are there any privacy focused keyboard apps allowing swype?

faxe

sophia_st It also can sneak out for other things too, no?

AFAIK that's highly unlikley since you would need an exploit to break out of the app sandbox or some kind of exploit to grant access to other files, which graphenes security hardening should prevent, though I don't even know if there is a known exploit for any of this, even for stock pixelOS or AOSP. If you wanna be really sure that an app exploit doesn't do any other damage you would need to install it in another profile since profiles are isolated from each other.

sophia_st but it has shared clipboard

it does, but it works for me, since clipboard access is shown through a notification and whatsapp never randomly accessed clipboard contents for me.

sophia_st I don't have "Apps" app, but you probably refer to the Apps Store app? I have only the GrapheneOS camera there. No google's one.

Yes that's what I meant, I think it previously was only called "Apps" and I didn't notice the change. You can install Google Play Store from there and then Google Camera from Google Play Store.

sophia_st And I install them with play store correct? and then switch the networ to disabled in the app's setting yes?

Yes, you could also not grant network permission when it asks you if you want to install the app or use an app that doesn't require network permission.

sophia_st

faxe AFAIK that's highly unlikley since you would need an exploit to break out of the app sandbox or some kind of exploit to grant access to other files, which graphenes security hardening should prevent, though I don't even know if there is a known exploit for any of this, even for stock pixelOS or AOSP. If you wanna be really sure that an app exploit doesn't do any other damage you would need to install it in another profile since profiles are isolated from each other.

But that's a real issue. I mean first it's very inconvenient and secondly there's a very low limit on profiles and it even has bugs as I read here on the forum when reaching certain amount of them.

faxe Yes that's what I meant, I think it previously was only called "Apps" and I didn't notice the change. You can install Google Play Store from there and then Google Camera from Google Play Store.

What if I'll want to install google play store only on a separate profile, how would I be able to install google camera on a profile without google play?

faxe Yes, you could also not grant network permission when it asks you if you want to install the app or use an app that doesn't require network permission.

I'm not so sure tbh... very confusing. See this: https://discuss.grapheneos.org/d/21725-is-using-sandboxed-google-play-worth-it-when-it-comes-to-privacycompatibility/10

faxe

sophia_st But that's a real issue. I mean first it's very inconvenient and secondly there's a very low limit on profiles and it even has bugs as I read here on the forum when reaching certain amount of them.

Up to 32 profiles are possible IIRC, but the bugs and inconveniences that might be caused are the price you'll have to pay I guess.

sophia_st What if I'll want to install google play store only on a separate profile, how would I be able to install google camera on a profile without google play?

Maybe try aurora store, but I don't know if Google Camera needs at least GSF to function.

sophia_st I'm not so sure tbh... very confusing. See this: https://discuss.grapheneos.org/d/21725-is-using-sandboxed-google-play-worth-it-when-it-comes-to-privacycompatibility/10

Yeah, if you are afraid of some proprietary keyboard sending out stuff through IPC, your only option might be using a FOSS keyboard without internet and checking it's code if it uses IPC with Play services or something.