A privacy focused smartphone

Online Privacy
Sep 11 /
CF /
0

GrapheneOS Guide

GrapheneOS is an open-source privacy and security focused mobile operating system with great functionality and usability. As the mobile operating system focus is security as well as privacy it is designed to work on the most secure mobile hardware (Titan M2 Security chips & Tensor chips) that are found on the Google Pixel range of phones. GrapheneOS is the best alternative operating systems you can install to disconnect from pervasive tracking and data collection. You do not need to create an account to use GrapheneOS.

GrapheneOS improves the privacy and security of the operating system by mitigating classes of vulnerabilities. This makes it more difficult for hackers to exploit code in the operating system. Additionally, GrapheneOS enhances the security of the operating system and the apps running on it by providing more granular control of system-level permissions. The app sandbox and other security boundaries are also fortified. Whatever app you download, they can’t access your data without your consent. All the network traffic is encrypted and secure by default.

GrapheneOS is a non-profit and intends to remain that way. This allows the developers to focus on improving privacy and security without building a business model that doesn’t conflict with the open-source project’s success. GrapheneOS is a custom operating system (OS) based on Android, designed to appeal to users who demand more privacy and security from their devices.

New Pixel alternative

Instead of buying a new Pixel phone from Google consider purchasing a second-hand Pixel. That way you are not giving your money to Google, and you save on the purchase price of the phone. I would recommend checking out – TheiOUTLET .com as they have a great range of second-hand Pixel phones.

GrapheneOS apps

GrapheneOS offers a series of built-in specific and fortified apps for basic tasks. There’s the Vanadium WebViewer and browser. The app is a hardened variant of Chromium, providing enhanced privacy and security features.

GrapheneOS also offers a camera app called Secure Camera. It’s built by the GrapheneOS team and supports most traditional shooting modes. Aside from this, it includes a raft of privacy and security features that may be helpful for most users. These include a dedicated QR scanning mode without Network and Media/Storage permissions and the optional stripping of EXIF metadata from photos and videos.

Secure PDF Viewer app, a sandboxed PDF reader to block an additional attack vector.

Auditor app that provides hardware-based verification to ensure the device’s software and firmware are safe and authentic.

Can you use Google apps and services on GrapheneOS?

GrapheneOS doesn’t come with the typical Google apps and services you’re used to using all the time, including the Google Play Store. As such, you’ll likely be looking into reliable third-party open-source alternatives (F-Droid). The team clarifies that they aren’t against users using Google services. However, they say Google services shouldn’t be integrated into the OS in an invasive way. Google apps can be installed on GrapheneOS through a dedicated compatibility layer that strips them of the special access or privileges.

Using the Arora store will allow you to install apps from the Google Play store without needing to sign into the store to download the app. GrapheneOS allows you to take complete control of the permissions of all installed apps.

What is it like to use on a day-to-day basis?

I have been using GrapheneOS for several months (on a Pixel 6) and I am very impressed with the features and functionality of the operating system. It is nice to be able to take complete control of all apps on the phone and take back your privacy. I like the profile feature that allows me to create separate profiles to install apps to and apply app isolation. The operating system is free of Google bloatware thus the phone is more enjoyable to use and has an increased battery life. You can still use apps from the Google store if you wish (through the Aroura store) but you have complete control what they can access on the phone. As I only use open-source apps, if possible, so I usually use the F-Droid store.

Most apps I have tested work ok including my banking app as well as Signal and Tutanota. I like having the notification whenever an application tries to access something and the granular control of the permissions.

Installing GrapheneOS on a Google Pixel

Preliminary Checklist

  • A compatible Android device, Currently, GrapheneOS only supports Google Pixel phones starting with the Pixel 4. I recommend a Pixel 6 and above.

  • Sufficient storage space and memory: 2GB RAM and 32GB storage space. Please note that although these requirements refer to your mobile device, you will still need some free GB on your PC to download the temporary files needed for the installation.

  • A USB-C cable, it should be connected directly to the rear port on the desktop or port of the laptop, not the hub. GrapheneOS also says that if your computer doesn’t have a USB-C port, you should use a high-quality USB-C to USB-A cable.

  • Officially supported OS on your desktop/laptop, The GrapheneOS installer is compatible with Windows 10 and 11, macOS Catalina, Big Sur, and Monterey, and all major Linux distributions. It also supports ChromeOS, GrapheneOS and the stock Pixel OS.

  • A compatible browser. The installer works on Google Chrome, Microsoft Edge, Brave, Chromium (outside Ubuntu), Bromite and Vanadium (in GrapheneOS).

Update your browser to the latest version before you start, and do not use Incognito or other private browsing modes.

Create Environment

After all the tools are ready and updated, there are some essential steps in this section. These are intended to enable the installation of non-native software on your Android phone. The first thing to do here is to enable OEM unlocking on your Android phone. to do this:

  • Enable Developer Options Menu, you can do this by going to Settings, About phone, and tapping the ‘Build number’ menu entry a few times and until Developer Mode is unlocked.

  • Enable OEM Unlocking, you can then go to Settings System Developer Options and turn on the ‘OEM Unlocking’ toggle.

Next, make sure you have the correct drivers for your PC to recognize the phone in bootloader mode.

  • Feather Linux systemInstall android-sdk-platform-tools-common package (Debian and Ubuntu) or android-udev package (Arch Linux) using apt.

  • Feather windows system, open Windows Update, run a check for updates, and then “See optional updates”. From here, you can install the driver for the ‘Android Bootloader Interface’.

Once your PC is ready to be connected, go back to your phone, now it’s time to put it into bootloader mode. To do this, hold down the Volume Down button while the phone boots/restarts. At this point, connect the smartphone to your PC, open your favourite browser, and visit this web page (https://grapheneos.org/install/web).

The following four steps on the GrapheneOS site are self-explanatory, and you can complete each of them by clicking the corresponding button. I am including them here to give a complete overview of the installation process.

  • Unlock bootloader, after clicking on the button of the browser, go to your phone and confirm the command. You can use Volume keys to switch selections and the Power button to confirm that.
  • Download GrapheneOS Factory pictures. It will receive files from GrapheneOS repository and temporarily store them on your machine.
  • Flash GrapheneOS. The installation will erase all existing data and install a new GrapheneOS ROM.
  • Lock bootloader, if you’re used to installing alternative Android ROMs, this might sound strange to you, but locking the bootloader is necessary to enable Full Verified Boot. It also prevents using fastboot to modify or erase the partition for added security. Just like with the unlocking process, you will need to confirm the prompt to lock the bootloader from your phone again.

GrapheneOS: Next Steps

That’s it. After locking the bootloader again, just restart and your phone will automatically boot into the shiny new installation of GrapheneOS.

Some post-installation tips:

  • You should disable OEM Unlocking (unless you are a developer). This will further enhance the security of your device.

  • You can Verify your GrapheneOS installation use the team Auditor App.

GrapheneOS has no Google apps installed. If you feel like you need them to use other apps that rely on Google Play Services, installation is simple. Open the “Apps” app (pre-installed in GrapheneOS) and tap Install next to “Google Play Services”, “Google Services Framework” and “Google Play Store”.

Installation as a service

If you are not confident in undertaking the installation yourself then contact me for information on my installation service.

Conclusion

GrapheneOS is a great choice for people who want more security and privacy. It’s also a good choice for people who want a more optimized phone that prevents the exploitation of their personal data for the gain of tech or other companies.

Get in touch

If you have been using GrapheneOS then please feel free to get in touch and share your experiences.

Tags:

No Tag

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *