Where to buy GrapheneOS smartphones

massivescam

Hello.

I want to obtain a smartphone with grapheneOS installed, however, I do not have any old phone compatible with grapheneOS, thus I thought in buying one with grapheneOS installed, or a compatible smartphone for installing on my own. I would like to know what is the difference between buying a smartphone with grapheneOS already installed and buying a smartphone compatible with grapheneOS and installing on my own.

Thanks.

[deleted]

massivescam

I want to obtain a smartphone with grapheneOS installed

Here : https://shop.nitrokey.com/shop

I would like to know what is the difference between buying a smartphone with grapheneOS already installed and buying a smartphone compatible with grapheneOS and installing on my own.

You trust the provider, and mainly the price.
The interest is relatively limited, because the installation of GrapheneOS is extremely simple and well documented:
https://grapheneos.org/install/web
You can ask the community for help if you need assistance with installation.

junkanon

massivescam my first gos device was a 4a5g that I bought with the OS installed. That guy doesn't sell gos anymore so when it came time for a new phone I just bought the P7P and used the web installer. They make it ridiculously easy and it doesn't take long at all.

N1b

boarim hence why I said "do whatever fits your threat model". There never is just one solution for everybody.

For the sake of completeness: There is a tiny advantage of not buying from Google online even if you fully intend to use it with your Google account, because you won't give Google access to hardware identifiers with Sandboxes Google Play services. But I see that this is probably not a concern for many people that connect GOS to their private Google Account.

massivescam what would you like to protect using GOS and do you intend to use Play Services? Will you install an eSIM, physical SIM or use it only on Wi-Fi? Because most of my (rather overkill) suggestions are not necessary if you depend on eSIM usage, and buying at a a good discount online or use Google's trade-in program might be a better deal for you.

One difference I forgot to mention: If you buy GOS pre-installed devices, all the information Google gets from the initial setup (which includes connecting the stock OS to the internet once) won't be from your local position. I still think getting a new Pixel phone and setting it up yourself will probably be more beneficial for you, both in price and in learning about GOS.

treequell

Hi there, and thanks for your interest in GrapheneOS.

I would suggest that you buy one of the recommended Google Pixel devices (https://grapheneos.org/faq#recommended-devices) and install GrapheneOS on it using the web installer (https://grapheneos.org/install/web).

You will have a better choice of devices if you do that, and it's also usually much cheaper than buying one with GrapheneOS pre-installed.

Buying the phone from Google is recommended, but buying from most stores new will be fine. If you're in the USA, make sure you avoid buying from a mobile carrier, as they are often factory locked. If you buy second hand, you will also want to make sure it is not factory locked.

Make sure you have another device which you can use to run the web installer on to flash GrapheneOS onto your Pixel: https://grapheneos.org/install/web#prerequisites

The web installer is easy to use, but if you encounter any issues, join the GrapheneOS chatroom on Matrix, and we'll help to guide you through the installation process there: https://matrix.to/#/#grapheneos:grapheneos.org

I hope that helps to answers your questions. If you have any further queries, please do not hesitate to ask.

N.B. copied from my same reply on Reddit: https://www.reddit.com/r/GrapheneOS/comments/14o5yrj/where_to_buy_grapheneos_smartphones/jqb8isl

N1b

I also think buying a Pixel phone and running the web installer is the most secure option for beginners, as you don't need to trust any broker. But if you feel like buying it with GOS pre-installed, you can always verify the key hash on boot so you know it's has not been tampered: https://grapheneos.org/install/web#verified-boot-key-hash

treequell Buying the phone from Google is recommended, but buying from most stores new will be fine.

Hard disagree for privacy. You'd have to give Google some payment and address data which might allow them to connect you to the device. If you want to be really sure it is not traced, buy it at a store (preferably far away from your home town, e.g. on a holiday journey), wear a mask (thanks to Covid not really suspicious) and pay in cash. Or have somebody else buy it for you in cash.

Don't buy a used device because you don't know what usage history is attached to the hardware identifiers and this might raise unwanted attention.

Since you probably buy a Pixel 6a or later models, you can expect 4-5 years of GOS updates. If you want to use the device for that long, it's better to take a few extra steps to mitigate as many security and privacy risks as possible. Of course these are just my two cents, do whatever fits your threat model, it's great already that you'll be on GOS.

boarim

N1b Hard disagree for privacy. You'd have to give Google some payment and address data which might allow them to connect you to the device.

Once again, it depends on your threat model. If you intend to use your Google account with the phone for instance, Google will associate the device to your identity anyway. Better buying it from their store in that case.

Think about what you are trying to achieve (and escape from), and then decide how and where to buy the phone.

[deleted]

N1b The mod was recommending purchasing a Pixel device directly from Google since the user will have the option to buy a device with the OEM unlocked whereas purchasing from a store or elsewhere online (i.e. Amazon, eBay, etc) can be hit or miss because sellers may list the device as "unlocked" but they're referring to Carrier unlocked and not OEM unlocked.