M

Meph

There is no universal advice. Some people require uncompromising profile separation. Others require ease of use.

PaulDavis

I would also hope that GrapheneOS does not let an app know that the user made a screenshot either.

The fold 2 better be good and available in my country! Grrr

Meph In case of using google play store (in my work profile), does it still make sense to also use Aurora

Not really. Aurora Store has some security issues (more on that here). I personally don't really see the privacy advantages of using Aurora Store compared to using an anonymously created Google account with the Play Store. F-Droid also has its own share of security issues.

You can find a lot of threads on the forum about this topic. Of special note is the GrapheneOS account's write-ups on the topic of app stores. Here's an example, and I'll quote it here because Twitter annoyingly doesn't allow reading replies without an account:

For getting apps from the Play Store, it's better to use the sandboxed Play Store with a purpose-specific account instead of Aurora Store. Aurora Store doesn't verify signatures proving apps came from the Play Store and trusts every Certificate Authority for HTTPS connections.

There are a lot of choices for getting apps from outside the Play Store. We recommend https://accrescent.app for the small number of apps available in it including Molly. Accrescent needs more contributors and funding to substantially expand. We're going to try to support that.

We don't recommend manually downloading app releases from GitHub, etc. mainly because you won't have automatic updates. You can solve that issue with the Obtainium app. However, unlike a proper app store, it won't secure the initial download beyond the HTTPS connection security.

F-Droid has far too many security and trust issues for us to recommend it. The vast majority of apps in the official F-Droid repository are built on their sketchy infrastructure and signed with their own keys. We're concerned about a future mass compromise of F-Droid users.

People who work on F-Droid have demonstrated a lack of trustworthiness including engaging in harassment towards security researchers and covering up vulnerabilities/weaknesses in the app. Lead developer has repeatedly claimed app sandboxes aren't useful or a good approach...

Major app/server and build infrastructure security improvements along with anti-security and untrustworthy people leaving the project would be a prerequisite to us considering even packaging F-Droid in our app repository. That's very unlikely, so we want Accrescent to replace it.

VAULT It will include Satellite connectivity. Noobs will go gaga over that, but us security aware types know this is a major threat to location privacy. Will be a sharp tool for surveillance tracking (live & logs).

Would be good if GoS addresses this.

Don’t load your phone up with all the crap you think you need.

Keep it simple, and become a minimalist.

Hi all, I have a 7 a as well as a Pixel Tablet. I have installed WhatsApp on the 7a and want to also have it on the tablet. WhatsApp has an easy way through the browser by scanning the QR code and linking your phone with the tablet using the WhatsApp Web.
Question: Does this create security problems? Does using WhatsApp Web with Vanadium expose my information or is it still encrypted? Does this link my identity or?
Perhaps there is a more secure way to have WhatsApp on both devices?
As a few posters have said, I am not overly technical and some answers go over my head.
Thanks for your consideration of this topic and answers that someone may have.

Hello everyone,

I wanted to share my experience with GrapheneOS so far. I use GrapheneOS since a few days now and I like it very much. It is minimalistic, has great defaults and offers very good security and privacy options from the beginning. It is worth a try for everyone who like to be independent from big tech.

I actually tried GrapheneOS 2 times before switching to it full time because I was a little bit unsure if it works as excepted, but as soon as you have a plan and everything is configured this feeling disappears.

As a long time Linux and open source software user, I'm happy to see that "openess" is also possible in today's mobile world (or Android to be specific, because there are also options like UBports or Plasma mobile)

I use Vanadium as my primary browser now because it has everything I want from a browser, but I also use Vivaldi because of some features that are missing with Vanadium like sync and customization options.

Thank you GrapheneOS devs for the great work :)

Meph

great you are enjoying graphene so far.

I came from a rooted stock android phone when I switched and currently I am only using the owner profile with google play installed. I like the security and the options Graphene gives you :-)

if you want e2e photo cloud sync take a look at ente.io I saw it recommended a couple times. I dont use their cloud service myself I am only using their auth-app currently to try it out and compare it to my standard 2fa recommendation Aegis auth :-) the big upside of ente is their apps and server stack is completely open source, so if you want to can host everything yourself.

My switch to graphene was relatively easy as I never got into the apple or google eco-system for cloud stuff, I was already trying to use Open Source apps or websites for doing stuff. The switch from my old phone to the pixel took me around 8hours in total split over a couple days.

One thing changed: before I never used banking apps on my phone as I knew a rooted not updated phone is too insecure, now on graphene I have no trouble using banking apps on my phone knowing GrapheneOS is as secure as possible.

Meph there's a learning curve for Graphene as well)

I can understand that there's a learning curve if you're not used to Android, and also start out by separating your apps into different profiles. I generally recommend starting out with simply using the owner profile with Sandboxed Google Play, which I find is very similar to stock PixelOS* and familiar for most Android users – you simply install your preferred apps from the Play Store, as you would normally do. True, many convenience apps with cloud sync of your stuff don't get bundled with GrapheneOS as you would expect from an iPhone or PixelOS.

Then, if you want to separate stuff into different profiles, you can start exploring those. I don't think there's anything wrong with starting out with using profiles, just to be clear on that. There are good use cases for profiles, such as separating inter-process communication, and having separate encryption keys. But I frequently read about people saying they were overwhelmed with switching to GrapheneOS, and these users usually started out with using like five different profiles at once because they, it seems, heard from someone that this was necessary in order to achieve privacy and security on GrapheneOS. But if one is going to leave GrapheneOS because of that, then one won't benefit from any of the security and privacy features of GrapheneOS anyway. :-)

Glad to hear that you are finding GrapheneOS useful.

If there apps that don't work out for you, I can usually test them on stock PixelOS to determine if it's an issue specifically occurring on GrapheneOS or not. You can make a new thread for each app.

*Of course there are some Google apps which require system privileges to work, which won't function in the standard app sandbox.

Meph

Which smartwatch are you using?

And for photo management/Backup I use ente ^^

I've been using iPhone for almost 15 years now, and mostly got really comfortable with the fact everything just always works, its stable, fast if you can afford to keep a recent model and all my data was always available to me.

My phone had been stolen once and I couldn't have been happier at that moment it was a iPhone with up to date backup in iCloud. I just logged into icloud.com, marked the phone stolen, purchased a new iphone, setup my apple ID and restored the backup with all settings restored as if it was the same phone.

From a security point of view I've been more trustful to Apple. Their phones by default imho are superior when it comes to security. That is, security for the average Joe.

I have a IT background, but even still it took my friend a while to convince me and give GrapheneOS a go. I kind off ignored it, he told me how not all the stuff i'm used to having will work, and everything becomes a bit more complicated then just installing an app and go. I felt like I didn't have the time for it..

It wasn't until i recently switched back to Linux form using windows for a while when I realized, I want to be back in control of my mobile device as well. Let's give this GrapheneOS thing a try.

At the same time there was a promotion, a good deal on a Pixel Pro 8 so I went ahead and bought it.

My first thoughts and experience were eye opening. Some of them are just Android things that are not possible on iPhone, and some GrapheneOS specific. I never realized how little control I had over the apps installed on my iPhone, and basically you really put all your trust in Apple and the apple app store apps to manage your life and all your personal data. Thats a lot of trust to put into a company. Although in my experience Apple has always been less focused on advertising and using data as its business model, it's shifting into the same direction now. Combining this with the new European law allowing 3rd party app stores on iPhone its becoming more important than ever we can control and see exactly whats happening with each app on our mobiles. I used to think Apple had us covered because we get these popups to allow or block access by default on iPhone but its really not enough and gives you a false sense of privacy / security.

When I started with the setup of my phone I decided to use two profiles. My private profile with only the apps I really need and are not depended on Google play services, and a second profile with sandboxed google services installed for those apps I consider necessary. In each profile each app I have tried to remove as much permissions as possible.

It really took a while to get out of the apple eco system, to learn how GrapheneOS's works and to try to set up my device as secure as possible while maintaining most functionality. You really have to learn what works for you, what doesn't, what apps do you really need, what apps you should not install anymore and just use a browser, and how to make having 2 profiles manageable. It's quite technical and definitely a lot of work to be able to say goodbye to Apple and get back in control of your own device, privacy, data and security.

The more secure it becomes, the less usable / user friendly it becomes. And coming from 15 years of iPhone usage, usability with my phone as my toolbox in my daily life both private and workwise has become a thing that I personally often value even more then security. I want all the security there is, but also, I do have a set of basic things I do and need on a phone on a daily basis that just need to work without too much workarounds.

After 3 weeks I decided to stop trying to do everything in two user profiles. A couple of apps like WhatsApp for Business (use it for work) Instagram (Sorry but I like the app), Outlook (Work..) and another work tool I have installed in the second user profile. All other stuff i decided to move to my main profile. It becomes really a hastle when you have your personal apps (tools) devided in two profiles and try to share data between them. I started emailing or messaging myself documents / phones / text and continuously was switching between the two profiles which became very annoying.

In the end, in a nutshell I opted for the following configuration which works best for me;

I only install the App if I use it a lot and if it has a significant advantage of not using a browser or laptop when I need the apps service, or if there's no alternative.
I have installed sand boxed google services to use things like my banking apps, Android Auto, and some smart home stuff like my doorbell camera that doesn't work without the factories app.
I have tested as much as possible to limit each apps permissions as much as possible which took a lot of time and often stuff didn't work.
The second profile i use mainly for work related apps which I don't want to mix with my private data.
I have learned I really had way too much apps and crap installed on my iphone that I really didn't need or should use better more secure alternatives.

The setup above works for me and the frustration of switching between profiles continuously is resolved. I love the fact I am in better control of my phone, but I'm also not loving the fact I cannot use two main things, my smartwatch and using my phone as a payment device. I did find a workaround for that though, I've setup my watch with nfc using another android device and not being able to use gpay i can just put my bank card in between my phone and phone case so I don't have to bring my wallet all the time.

The final thing I'm still trying to work out is how to manage my data / backups. At the moment I'm syncing data manually at home using Syncthing to another device so my pictures, notes and videos are backed up, but its a limited experience ofcourse if you are used to just always having your data available and safely stored to you anywhere you go without giving it any thought.

Some things I still need to figure out;

I used to use airtags for my keys and wallet. Looking for a safe alternative that works.
Trying to find a NFC payment solution that doesn't require gpay in Spain.
Getting my smartwatch to work without using a extra phone.
The turn screen when its automated its a bit slow and feels buggy compared to iphone, not sure if there's a fix and if its a GrapheneOS or Android problem
Does it still make sense to use GrapheneOS if all these things above are things I just want to keep using?.... :)
How to organize my photos better. iPhone has a way to manage this automatically and I was always able to find a specific phone I made under 30 seconds by just searching the date or topic displayed in the picture, I am lost now and all my data is more difficult to manage / needs to be re-organized somehow.
Getting the hang of using Android. Its very cool I'm able to do way more configuration stuff but there's also a lot of simple tricks and gestures on iphone or simple things that just work better. It still takes some getting used too ;)

All in all I'm till very happy with the switch to GrapheneOS, but its not for everybody. I have a technical back ground and still I was struggling to make the switch (it took a lot of time to de-apple and there's a learning curve for Graphene as well) average iphone user might not be comfortable switching from Apple to GrapheneOS, unless they only use very basic tasks on their phones. Allthough I do think everybody should have the experience to have installed and used a OS like Graphene to be more aware of their phones and apps and data. Even if I would ever switch back to iphone I would do things very differently now. A lot less apps and pro-actively monitor and configure as much security as a can. Probably also try to stay out of the icloud.

This might be related.
https://9to5google.com/2024/04/21/second-pixel-april-update/

I'm running the latest version of GrapheneOS on a Pixel 6a using T-Mobile cell service in southern California. The problem I'm having is that when someone calls me, the phone never indicates that I'm receiving a phone call. Often times, I'll receive a voice mail from the individual who was calling me. This does not always happen, although most of the time it does occur.

I believe this is a GrapheneOS problem and not an issue with the T-Mobile cell service, because I am on a family plan with several other people, some of which use iPhone and they do not encounter this issue. Also, this was never a problem prior to a few months ago.

Also, if I receive a text message, it takes about a minute or more to receive the text, while the other people on my family plan receive a text message almost instantly. Again, this was never a problem prior to a few months ago, which leads me to believe that this is a problem with GrapheneOS.

Is anyone else experiencing this issue and if so, do you know how I can resolve it or if it's a problem with GrapheneOS? Thank you!

Meph Welcome! Didn't see this post before, but now that I have I'll leave you a link to my guide for new users, which is also a retrospective of my own first weeks, then months as a GrapheneOS user!

Maybe it will help you get comfortable and get all you can from this wonderful OS. Any questions please ask!