08/27/2022 - GrapheneOS

What is actually this "GrapheneOS"? Why should one use this OS or a comparable one? Here I will go into it a bit and why I use GrapheneOS.

What is GrapheneOS?


Disclaimer: I am not being paid or receiving any other compensation or material goods for writing this article.


GrapheneOS is an operating system that focuses on privacy and security. It only supports the Google Pixel (other manufacturers used to as well). One of the main reasons is that the bootloader of the Google Pixel can be unlocked, which makes the installation much easier. The OS itself is based on an adapted stock Android.

It does without all Google services from the start, but can be installed later and then runs in a sandbox (I've actually gotten used to not using Google Maps or Playstore - but will certainly test that in the future).

The following devices are currently supported:

  • Pixel 6a
  • Pixel 6 Pro
  • Pixel 6
  • Pixel 5a
  • Pixel 5
  • Pixel 4a (5G)
  • Pixel 4a
  • Pixel 4 XL
  • Pixel 4

The Pixel 6a was only added the other day, and Android 13 with the GrapheneOS adjustments was also rolled out. Updates are generally rolled out several times a month.

A complete overview of the features can be found here.


How to install GrapheneOS in the first place?

First, you should fully charge the phone to avoid unpleasant surprises. You should also update the phone to the latest version.

Otherwise I can really only refer to the very well documented WebUSB-Installer page. Here you can find an overview of the supported operating systems and browsers that support the web installation. I have used Windows 10 incl. Chrome.

images_content_webusb_install

Yes it really is that simple:

  • Unlock Developer Mode
  • Activate "OEM unlocking" in Developer Mode
  • Press buttons on the website

After successful installation, you will notice that a warning message always appears when you boot the device. This is basically to warn you that the device could be tampered with (in our case, it's intentional).

So the OS is installed, Wi-Fi connection is established...but wait a minute...where is the App Store? The answer is quite simple: There is none. I recommend F-Droid (https://f-droid.org/) here. You download the .apk and will get a notice that this file is potentially harmful - accept risk. After that we still have to allow Vanadium (the default browser) to run this .apk in the settings. After the installation please urgently! Disallow this option again. The setting can also be found under: Settings -> Apps -> Vanadium -> scroll all the way down -> Install unknown Apps -> enable Allow from this Source.

fdroid_download_website fdroid_download_confirm settings_to_install_unknown_apps vanadium_settings

Once F-Droid is installed, we open it and install the Aurora Store. Why so cumbersome I hear you ask. On the one hand, you always get a tested version from the F-Droid Store, which should be safe, and on the other hand, there are many great open source apps here that don't want to sell your soul directly.

Otherwise, you can find all sorts of apps in the Aurora Store that are also available in the Play Store. Please keep in mind: The Google Apps like Google Camera do not work without installing the Google Services. Also, many apps will not work with notifications, because they also need Google services, see also: https://grapheneos.org/faq#notifications.


Notifications work for these apps:

  • Aurora Store
  • F-Droid
  • OS Apps like the alarm clock
  • Signal
  • Twitter
  • WhatsApp

I also have to say that I am hesitant to install Google services at all. My phone is so nice and quiet and you don't always look at it. Sure you could disable the sound and vibration. The "Do not disturb mode" is also not a solution for me, because you also miss important calls or messages. In addition, the battery now lasts almost 3 days with the same usage behavior as with my Samsung S10. The only negative thing I noticed was that sound playback via USB-C requires unlocking and reconnecting the headphones.

As soon as I wrote this I found the solution - I should have looked a little closer...
The setting can be found under: Settings -> Security -> USB-Accessories -> Allow new USB Peripherals. This function is not selected by default.

vanadium_settings vanadium_settings

Assuming that you have to tinker a bit at the beginning or get familiar with the device, I did not currently find any negative points with GrapheneOS.


Finally, I would like to say that such great projects like the one of GrapheneOS and many others can only survive through your support. Therefore do not hesitate and support their work https://grapheneos.org/donate.

If you want to stay up to date, check out their Twitter account https://twitter.com/GrapheneOS.