My GrapheneOS set-up

Privacy
1

I’ve been using GrapheneOS on a Pixel since 3a and thanks to continual addition of new features I’ve tried different builds. This one stuck with me the longest:

  1. clean install of GrapheneOS

  2. secure the internet with DNS over TLS

  3. install Google Play services, log in with disposable acc (ideally remember credentials)

  4. download all closed source apps (gboard, gcam, speech recognition and synthesis, etc.) and set them up online

  5. deny Network permission for those apps (unless trusted, e.g. magic earth)

  6. uninstall Google Play services

  7. get the rest of the apps from App Store > Accrescent and apks (Obtainium)

  8. create New user profile

  9. install Google Play services, log in (possibly with the same acc)

  10. install closed source apps from step 4. again

  11. disable unused apps in New user profile

  12. keep Google Play services on New user profile for updating (even disabled) apps for both profiles

  13. ???

  14. Profit

2

I would advice against using a google pixel 3A as its no longer supported by Graphene OS and does no longer get security updates, see Frequently Asked Questions | GrapheneOS for more information.

I would advice buying a pixel 6 or above.

3 Likes
3

Understandable, it’ll have been 2ys of my 6a soon and just got 8a for my partner tho she’s just a stock user. Great phones

5

Didn’t know this would work. I thought that all apps in the secondary profiles had to be updated from the main user and not vice versa.

6

some general toggles i recommend that are unset by default (at least i think):

  • toggle on:
    • (if you use a PIN) Settings > Security > Scramble PIN input layout
    • Settings > Security > Native code debugging > Block for third-party apps by default (can re-allow on a per-app basis)
  • toggle off:
    • (if you have a carrier) Settings > Network & internet > Internet > Carrier settings > Allow 2G
    • Settings > Privacy > Allow Sensors permission to apps by default (can re-allow on a per-app basis
    • these can be turned on/off again conveniently w/ tiles
      • Settings > Privacy > Camera access
      • Settings > Privacy > Microphone access
      • Settings > Location > Use location
  • select a time limit for:
    • Settings > Security > Auto reboot
    • Settings > Network & internet > Internet > Network preferences > Turn off Wi-Fi automatically
    • Settings > Connected devices > Connection preferences > Bluetooth > Turn off Bluetooth automatically
1 Like