Hi all,

Excited that I just got Graphene OS for the first time today. I want to switch from iOS to Graphene, so I got a Pixel 6a to begin my journey.

I am struggling with a few things thought and would appreciate advice from seasoned users.

The main problem I have at the minute is that I use Yubikey and WebAuthn for most of my accounts. However, as I found out today, this requires Google Play services. I found a work wound by creating a sandboxed profile with Google Play services, which is not really what I wanted to do.. but with this in mind, how can I use WebAuthn reliable in my GrapheneOS without adding google stuff to my phone?

Also, newbie questions.. what are the implications for downloading apps from Aurora using Anonymous setting? Does it mean I will be full of Google trackers?

I like the native browser, which is a hardened chromium. However, would I be safe to use a hardened version of Brave? Or should I stay away from it?

Thanks everyone, I really need to sort out this WebAuthn issue or else GrapheneOS may not be for me as this type of 2FA is important to me.

    contour0806 The main problem I have at the minute is that I use Yubikey and WebAuthn for most of my accounts. However, as I found out today, this requires Google Play services. I found a work wound by creating a sandboxed profile with Google Play services, which is not really what I wanted to do.. but with this in mind, how can I use WebAuthn reliable in my GrapheneOS without adding google stuff to my phone?

    You could simply install Sandboxed Google Play to your main profile, you don't need a secondary user profile to use Sandboxed Google Play.

    You can read some thoughts on this topic here:

    https://discuss.grapheneos.org/d/2501-privacy-sacrifice-when-using-google-play-services/5

    contour0806 Also, newbie questions.. what are the implications for downloading apps from Aurora using Anonymous setting? Does it mean I will be full of Google trackers?

    Apps having "trackers" is probably not what you think. All apps on Android are sandboxed. A tracker is not able to access data of other apps. A lot of the "trackers" that the Aurora Store displays to you via their Exodus reports are opt-in and mostly uses for crash reporting among other things. Getting the app from Aurora Store will pretty much net you the same app as you would get from the Play Store (although you may occasionally get a different version as Play Store does staged rollouts).

    contour0806 I like the native browser, which is a hardened chromium. However, would I be safe to use a hardened version of Brave? Or should I stay away from it?

    Brave is a fine choice, but I prefer Vanadium myself, especially for sensitive tasks, as it is much more hardened by virtue of having JIT disabled by default, for example.

            matchboxbananasynergy thank you! Will do some further reading and educate myself further using the links you sent. I think I need to learn more about the sandboxing stuff.

            Also, I love Signal, is the best way to get it from Signal’s website / APK or from Fdroid? I also got to know Molly but I wonder if it would be better and more secure to use signal? I know Molly as extra security feature that I like though. Didn’t find it in Fdroid though.

                contour0806 Signal is not on F-Droid. They only use Play Store and also serve an APK from their site.

                I personally use Molly, which has a self-updater, just like the APK from Signal's site. Molly has their own F-Droid repository which you have to add to get it through there, they don't use the main F-Droid repository. Molly will also be on Accrescent very soon, which is an app store that's still in its very early stages but which solves a lot of the security issues with other approaches like F-Droid.

                P.S. I just wanted to further stress that Accrescent is currently in early Alpha and only a few whitelisted developers are publishing their apps there as of right now, and it doesn't yet have all of the features it plans to have. It is not yet an app store you can use for everything, but I have high hopes for its future.