• General
  • GrapheneOS for boomer parents

I have been using GrapheneOS for a couple of months now and have been really impressed with not just the extra features but the stability and the fact that it "just works".

One of the boomer parents is in need of a new phone and I plan to put them on GrapheneOS for the extra security and less bloatware. They are OK with technology in general. Semi-often need a "training session" but then they're all good. My general approach was going to be: GrapheneOS + Google Apps as needed (F-droid and other alternative stores will be too hard I think).

Question 1) I was wondering if others had done the same and what issues cropped up? Also any general feedback on settings and apps you found useful?

I also wanted to take the opportunity to get them using a password manager (Bitwarden). User has some issues with fine motor control and fine touch sense with their fingers, so typing in a long strong password will be difficult. So I was thinking of using fingerprint unlocking. Traditionally I have been a "hard no" on biometrics but the usability + upgrade from their current awful password security practices to Bitwarden + fingerprint to unlock vault will be a HUGE improvement (but I still just have some hang ups about biometrics in the back of my mind).

Question 2) Where exactly is the fingerprint template stored and how and where is the "finger print check" computation performed? Or can someone please point me to a solid resource on the technical details because almost everything I find on the Internet, at best, hand waves about a "secure element" and "locally stored" and that's it.

The phone used will be a Pixel 7 or possibly a Pixel 8.

Thank you and thanks to the GrapheneOS Team for your amazing work.

    QuasarJoke first of all welcome to the community, it's great how you appreciate the project and want to help your parents in tech.

    I have taught 2 adult people to use GrapheneOS (40+ and 50+ years old) and might be able to give you some answers.

    1.) The most important thing is: Make it as easy and as automated as possible for them. You don't want them to have a lot of negative/restrictive experiences when getting used to a new environment, even if it means to compromise on security and privacy in some regards. You'll also be their go-to tech guy for questions so please make your life easier (you can always make it more private down the road if wished).

    This is what I recommend:

    • Install Sandboxed Google Play Services (as described on the official homepage) and if your parents have a google account already, let them log in so they don't have a complicated experience down the road (if they don't, make a throwaway account for them). Install all apps through the Play Store since it's auto-updating them. If there are any apps they need to use and that are not available in the Play Store, try Neo Store in addition to Play Store as this is the only other store to allow auto background updates to my knowledge.
    • Set every store up to auto-update on Wi-Fi (might need to remove battery restrictions). Also set GOS to auto-update on unmetered networks and auto-reboot after.
    • Disable auto-reboot for the system (security settings) or set it up to 48h if you are sure your parents will use the phone more often. People don't like it when their tech behaves "weird" without their input.
    • Disable the Pin on the sim card, don't do pin scrambling and set up a 6+ digit GOS pin they are used to enter. Make sure that's the only pin they have to enter when using GOS (don't use app passwords or anything if not needed or only if your parents are used to it). They might have to use it on banking apps as well when confirming a transfer, so explain it to them.
    • Set up fingerprint unlock with them. I have read and seen on Side of Burritos that it's supposed to be computed and stored on the device securely and never sent to Google, but I can't tell you any details. My point would be again: Convenience over privacy in the beginning. GOS is very private even when using Play Services compared to any out of the box Android OS. Explain to your parents that they will need to enter the 6 digit pin from time to time and that it's update related and a good thing.
    • In their home WiFi, check if the default per-connection randomization doesn't cause connection trouble. If it does, set it to per network randomization.
    • Regarding Bitwarden: Yes that's a good idea (if they use vanadium or any browser that supports it, e.g. not Brave Browser currently). Explain it to them and make sure they have a quick access tile at hand in case the auto fill doesn't pop up.
    • In general: Stick to what works and what they are used to do. Don't try everything at once. E.g. if they use YouTube, install the official app and don't try to get them to Newpipe or Libretube right away, it breaks regularly and will cause confusion.
    • Make yourself available to them so they know how to reach you if anything doesn't work for them. If you followed the tips above, it won't be that often.

    That's all for now, I hope it helps you and them to have a good experience.

      • [deleted]

      N1b try Neo Store in addition to Play Store as this is the only other store to allow auto background updates to my knowledge.

      Many app stores can auto-update apps installed by them on Android 12+, like F-Droid Basic, Accrescent, 'Apps' by GrapheneOS, etc.

      QuasarJoke Question 2) Where exactly is the fingerprint template stored and how and where is the "finger print check" computation performed? Or can someone please point me to a solid resource on the technical details because almost everything I find on the Internet, at best, hand waves about a "secure element" and "locally stored" and that's it.

      Here's a good explanation by Google Itself about Security of your fingerprint data.

      You can learn more about Trusted Execution Enviorment (TEE) in this Wikipedia article.

        As a 'boomer' the question is pretty demeaning.

        The question should be referring to setting someone who is not technologically 'savvy' on GrapheneOS.

        Just like Kottonballs - I teach my kids tech... have set up my own privacy router, my own nextcloud server, my own DNS, etc...

        Ageism is discrimination. I am guessing the question wasn't meant to be mean spirited - but maybe that is the problem...

          N1b
          Thank you for your response. This is exactly the sort of information I was looking for. Plenty in here that I would have never thought of and I will definitely keep the emphasis on "Make it as easy and as automated as possible for them". Easy to forget but very important (and anything is better than an outdated and unpatched 4-5 year old phone)

          [deleted]
          Thanks for this. I'll be giving it a thorough read.

          lcalamar
          Apologies. It's not meant to be mean spirited or ageism at all. I purposely picked the word because I thought it's a good concise generalisation of the target user as it gives information on:

          • Age range.
          • Physical health and faculties.
          • Rough idea on their total sum of experience with technology throughout their life time (which is very different from their children, Millennials (ie myself) and that's different again from Gen Zer's.
          • Rough indication on their ability to learn new technology and possible issues around that.
          • Hints on the minutiae as well which I think are important, often ignored and can be hard to communicate concisely (A silly example being the origin's of the term "hang up" the phone).
          • If you are perusing the forums and read the title as a "Millennial kid" you'll instantly have a good understanding of the problem.

          Personally if I saw a thread: "Gen Alpha kid setting up GrapheneOS for Millennial parent" I wouldn't be offended and would happily jump in to share my experiences and bug bears, as an end-user, in said category.

          Thanks everyone for your feedback. I am hoping that, after seeing how easy and low stress it is to use, I'll be able to snare the other parent when they upgrade their phone :)

          N1b This is a fantastic guide! I wish I could bookmark it

          • ev6x replied to this.
          • N1b likes this.

            QuasarJoke
            Everything @N1b said is right on point. Most important of all is the point he made about not pushing privacy and security too much. Be very ready to sacrifice. The fact that they are on a phone without privileged google components is already a big "privacy upgrade".

            A few things I'll add:

            With newpipe and libretube, i couldn't get anywhere with people telling them about its privacy. However i'd tell them "look here is this youtube app replacement, it blocks all those ads (this point never impressed people enough), and allows you to download videos and watch later, AND you can just LISTEN with screen off or locked, AND allows you to just download the audio for when on the road or no internet." And then in a very short and succinct way i would give a few examples (music, lecture presentations, podcasts they liked). As soon as they realized the implication of this and how they could "listen" to youtube videos with screen off and with less or no internet they all lined up wanting to know how to get this app. All the iphone folks were specially interested. These older folks often drive to work and want to listen to meaningful things they like from youtube, but the youtube app experience limits them. Enter newpipe. My father who cares none for privacy is now hooked on newpipe.

            Another point is that graphene by default is missing some important components. Calender, photo viewer, photo editor, voice recorder, a good keyboard, a good contacts and dialer app, an audio/video player, and a maps app. You should make sure all these are in good working condition for them that makes them not even notice. If they don't even notice these that means you've done your job right.

            Next i would say consider installing google's voice recorder, voice assist, camera, and photos apps for them, set them up and internet isolate them. This way not only do they have the functionality but they will be impressed with quality and bells and whistles they haven't seen before. As for keyboard, for a maybe more privacy assured option consider Microsoft Swift keyboard, and for a "maybe" more risky option (because of IPC) use Gboard.

            Keyboard is important as good autocorrect and key registration is gonna affect them. Maybe even setup voice typing.

            Setup a working map app and integrate it with the voice assist.

            Using google maps may also be unavoidable as these folks need business info often and asking them not to use gmaps is probably a tall order. They are used to pulling phone numbers and calling immediately.

            I want to suggest to install gmaps on a separate profile without play services and with a free vpn to isolate their location footprint from the rest of their google footprint, and tell them to avoid using it but do use it when they need to. But this method might be problematic for pulling phone numbers and calling as you cant copy back to main profile. So i don't know, see what you can do here. Maybe using browser instead of app might be acceptable for them.

            Also get them something like ViMusic or InnerTune. Free music on their phone. Explain to them that these are some of the nice extra benefits they get by going the privacy option in compensation for some things they lose and that its a tradeoff, and for a good cause.

              • [deleted]

              • Edited

              User2288 I want to suggest to install gmaps on a separate profile without play services and with a free vpn to isolate their location footprint from the rest of their google footprint

              Most Free VPNs don't care about privacy, except ProtonVPN I guess

              User2288 My father who cares none for privacy is now hooked on newpipe.

              I used to use Newpipe too but It was too bugy, and crashed all the time. Did your father face any issues?

              User2288 an audio/video player

              I think Vanadium (browser) and the Gallery app by AOSP can open many video types, but ofc an standalone Video player especially VLC would be better

                [deleted]

                [deleted] Most Free VPNs don't care about privacy, except ProtonVPN I guess

                Yup. Its the only one i think.

                [deleted] Did your father face any issues?

                Dont know. He never mentioned anything. I personally have never experienced a malfunction with newpipe, but it has its limitations. Cant watch live streams. Cant watch shorts. You can with libretube. The 2 apps trade blows in terms of features and one has what the other one doesn't.

                [deleted] think Vanadium (browser) and the Gallery app by AOSP can open many video types,

                Yes but that's not gonna be very "user friendly" for the subject. OP needs plug and play, no hassle solutions. The AOSP gallery app alone is a sure ticket for those folks to reject the whole phone. Best they never see that crap to begin with.

                Just chiming in that I have gotten multiple 60+ year olds on it with few issues. It basically behaves like a normal Android device (with a few exceptions on things like TV apps not working). I get GPServices and GPStore set up for them vs the Obtainium type setup so that they can get apps the way they're used to and have them auto update, and get notifications. I have auto-reboot on, but definitely set for a longer period than my own phone. I also have them create a good unlock pw instead of using a swipe pattern or short PIN. They were OK with that, ymmv. One of them was on board with adopting Bitwarden, another preferred paper PWs ... again, gonna depend on the individual. They were OK with avoiding google apps and using alternatives like newpipe, old gmail only in web browser. It's good if you can get them to switch to Proton for their email, which I did, but as was mentioned above, have to discern whether they're up for all the changes at once or need things changed slowly to not get frustrated.

                It really helps if they're motivated to pursue increased privacy/security, otherwise every hiccup will be a trial. But I think it can work either way. Just hope they're not addicted to Netflix or Hulu on their phones!