See https://grapheneos.org/usage#sandboxed-play-services. It allows you to run Play services as fully sandboxed apps with no special access or privileges. Apps within the same profile use it so it enables broad app compatibility without sacrificing OS privacy or security.

1. My Pixel 3a runs great. The Pixel 3 and 4 will both be faster.
2. Yes Apple Music has worked well for me.
3. Yes, Google Maps lately has been working as an app too.
4. The install is easy much like flashing stock. Follow the official install guide and nothing else. https://grapheneos.org/install The matrix community will be the place to go for support.
5. No.
6. Yes all Facebook apps are designed to be independent of Google.
7. I have has no problem. GrapheneOS shouldn't effect these things. The photo quality is best on a Pixel 3 or 4 with OpenCamera, but Pixel 3a is decent.

Please read https://grapheneos.org/#history.

They forked our code and continue to copy our newer changes. They're fraudulently claiming to have created it and are selling phones with it for a lot of money. They're primarily dedicating their resources to harming us as much as possible, not building anything. They want to take our work, sell it, and wipe out the original open source project at all costs. I recommend looking at the other threads about it in /r/GrapheneOS. This one is about a very specific thing.

Their motivation is wiping out the open source project they've copied and turned into a product. They massively ramped up their attacked after we published https://grapheneos.org/install/web since their business model is dying. They're desperate. They aren't capable of building any of value themselves. They don't do actual privacy and security work. They copy us, fraudulently take credit for it and sell it as an expensive product with tracking. They also desperately want to cover up all the awful things they've done. They want to be able to lie about everything that happened unopposed.

You can already use this Alpha release of our new Camera app.

Google Camera also works fine in a profile with sandboxed Play services. https://grapheneos.org/usage#camera doesn't yet cover out own camera app and probably won't until we include it as a replacement for AOSP Camera in a few weeks.

The update client checks for updates every 4 hours. It only checks when the configured constraints for battery and network type are satisfied. It doesn't implement any idle or overnight check.

I recommend reading the last paragraph in https://grapheneos.org/releases#about-the-releases about the release process and checking the list of releases on this page for up-to-date information on whether the release is in the Beta or Stable channels. You might be expecting to get an update to a release before it's actually available in the channel you have configured.

Release notes are published and announced before they arrive in the Beta channel, so that it's available for people to read when the update is actually pushed out.

For Signal, make sure you use the APK from their website rather than from F-Droid or the Play Store (Aurora). It is made to run with Play Services - and I've never had an issue with notifications. At least, that's my understanding.

https://signal.org/android/apk/ (the one available under "Danger Zone")

I'm using Graphene on a Pixel 3 and I've had no real issues. Still experimenting with navigation apps to find one that works for me.

It's fully sandboxed like any other app and always has been. The only difference with https://grapheneos.org/usage#sandboxed-play-services is that the OS now provides a compatibility layer to coerce it into working that way. It only has access / permissions you provide it and only apps within the same profile can use it.

You have control over it like any other app. It doesn't work any differently. That's the whole point of the compatibility layer.

Signing into it is an option and it's entirely up to you what kind of account you use. Nothing stops you using a different one in different profiles. Apps can't communicate / share data across profiles and Play services sees each one as a separate device, just like any other app, because that's all it is on GrapheneOS: a regular sandboxed app.

Installing it doesn't grant it any additional access compared to the Play libraries included in each app using it.

We're implementing a compatibility layer to allow it to run in the standard sandbox, not the sandbox. That was always there and that's why it didn't work before because it expects to be deeply integrated into the OS with extensive privileges / access to the entire system. It's simply 3 regular sandboxed apps for us.

It's not a reimplementation of Play services and isn't something included in GrapheneOS. You can choose to install the official Play services apps, which receive no special access or privileges as they usually would in an OS integrating them. GrapheneOS won't use them and doesn't trust them. They run as regular sandboxed apps, like any other user installed app. The feature involves providing assorted shims to coerce them into working without any special privileges.

https://grapheneos.org/usage#sandboxed-play-services

It has never required you to have 2 of the supported phones. It only recently became possible to install from another phone at all.

Look at the officially supported platforms for installation listed for https://grapheneos.org/install/web and https://grapheneos.org/install/cli.

They're not at all successfully and they aren't actually trying to build anything useful. They're focused on grifting as much money as possible and using most of it to cause harm to us to help them with further grifting. There is no apparent long term plan. I needed to make these posts to draw attention to some of the things they're doing. They've massively escalated their attacks on us since we launched https://grapheneos.org/install/web and we really need this to end. They keep threatening our contributors and disrupting development in any way that they can.

No your device doesn’t meet the minimum standards of the project. There is no reason to support a device that will not offer meaningful privacy and security.

“Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.”

https://grapheneos.org/faq#future-devices

https://grapheneos.org/usage#default-connections

Other then that, it's up to you really, you can use any search engine you want. Graphene does not have any Google services so no location or other data is sent.

By reading https://grapheneos.org/install you won't have a problem. Pay special attention to using the latest platform-tools (fastboot and adb) from Google, and to update to the latest stock version before flashing Graphene. If you get stuck somewhere just ask around here and someone will help.

The whole point of that step is to avoid trusting the update server, but it's a server specifically for GrapheneOS updates, is kept up-to-date and only has SSH with key-based authentication and the web server. If you simply obtain the fingerprint from the install documentation and don't confirm it elsewhere, there's not much point, since https://grapheneos.org/ is a comparable server. The same applies to obtaining GPG. If you don't have it included in your OS or standard package manager repositories, it isn't really going to help, especially since you're trusting the installer for GPG and that could be compromised by an attacker instead.

Our new Camera app is dramatically better than AOSP Camera including better performance and dramatically better image quality. The app is 3.2M and that includes all the CameraX portability workarounds for handling far more than Pixel devices. It has a very simple, minimal UI and isn't in any way bloated. It has no connection to the prior AOSP Camera app. The new app was written by GrapheneOS in Kotlin with CameraX. AOSP Camera wasn't made by GrapheneOS and we only had one trivial change to it.

Strongly recommend trying the app and taking some photos with it. Read https://grapheneos.org/usage#grapheneos-camera-app for a detailed guide. It's very minimal and doesn't have any niche frills. Features like a shot timer, exposure slider, wide angle camera support, lightweight HDR+, taking pictures during video recording, etc. are not niche frills. Most people who take pictures/videos regularly want this functionality.

You should join the #grapheneos:grapheneos.org and #offtopic:grapheneos.org Matrix rooms:

https://grapheneos.org/contact#community

There are 2937 people in the main room and 1464 in the offtopic room.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

It looks like there are some DRM remover plugins for Calibre. As for the legality, it's probably a legal gray area if you already purchased the book. Tampering with DRM is likely not legal so I guess I won't make any definite recommendations :/

https://grapheneos.org/install#obtaining-fastboot

You're going to need to set your path

On Windows:

$env:Path = "$pwd\platform-tools;$env:Path"

Please join our matrix community https://www.reddit.com/r/GrapheneOS/comments/fqdfea/join_the_grapheneos_irc_channel/

No, it doesn't make sense for anything but development use as explained in https://grapheneos.org/faq#device-support. It also likely doesn't work right now due to it being incompatible with exec-based spawning among other features. Substantial work would be required to make that compatible, and what would be the point? The FAQ explains why it doesn't make sense.

It adds substantial attack surface and doesn't provide the same security as Vanadium. Firefox doesn't have a sandbox on mobile so it's only contained by the regular app sandbox and an attacker compromising it will immediately have access to everything Firefox has access to. If you grant it access to the legacy Storage permission, they would have access to the profile's home directory. There is documentation on web browsers at https://grapheneos.org/usage#web-browsing. It needs to be split up into the usage guide portion and a technical / roadmap portion elsewhere and expanded further.

You're free to use Firefox on GrapheneOS. It works fine. Our recommendation is to use Vanadium or Bromite and we'll be working towards parity with Bromite for content filtering and anti-fingerprinting. Vanadium is a substantial part of GrapheneOS, and you'll be using it as the WebView provider regardless of which browser you use. So, you'll likely have the attack surface of Vanadium regardless unless you avoid anything using WebViews, and if you use another browser you'll have both.

The Pixel 3a is the preferred device because it will receive security updates longer than the other supported devices will. Check out the FAQ. This has been answered many times.

Again you have no proof. You obviously can decide who you want to trust. I personally feel that Daniel and others working on GrapheneOS are trustworthy and they make good choices including the supported hardware. The roadmap includes a plan to eventually target hardware improvements. With respect to these other supposedly "open hardware" phones, make sure you do your homework and look past the surface. Good luck.

At this moment, if you want GrapheneOS, the best way is right here: https://grapheneos.org/faq#recommended-devices: > The recommended devices with the best hardware, firmware and software security along with the longest future support time are the Pixel 3a, Pixel 3a XL, Pixel 3 and Pixel 3 XL. The Pixel 3a and 3a XL are budget devices meeting the same security standards as the more expensive flagship devices.

There are not enough contributors to support a port to the 4 or 5 at this time. If you want to see that happen, the community needs to prove to Daniel Micay that they can support the devices that he currently has and make the project sustainable before picking up new ones. This means doing things like restoration of past features, addressing the issues on the issue tracker to ensure that the current codebase is kept up to date with the rest of the changes made to Android, and that he can count on the community to keep things going sustainably.

The list of supported devices is available on GrapheneOS's releases page. It supports Pixels generations 1-3, and might very well not support the Pixel 4 anytime soon, as well as drop support for 1st and 2nd gen devices sooner rather than later.

The reason for the limited choice of devices is both relatively specific hardware requirements, and people not getting it done for devices that might fit those requirements.

>Do location services work (eg could I order an uber yet or something to that effect, or use a gps app)

Yes, they work, and they also Almanac for getting a GPS fix faster. https://grapheneos.org/usage#default-connections . I am not sure about network / Wifi / BLE based location though.

>is their a way to access push notifications yet?

That depends on the particular app. Some apps do very well without FCM for notifications (Signal, Conversations, k9 mail, etc), others not so well. Usually for an app to receive notifications it has to be excluded from battery optimization and allowed to run in background. It's mostly up to the app developers to implement alternative notification mechanisms, some do, some don't bother.

>What about app updates?

For now an app store is not included, you need to either install an app store like Fdroid or Yalp, or to download and install the apps yourself and keep them updated. System apps are obviously updated with the OS update.

Are you sure you are talking about GrapheneOS ? Because apart from Pixels (Pixel 1 and up and their XL variants), and maybe Pixel 3a / 3a XL nothing else is supported.

https://grapheneos.org/#device-support

The hardware requirements are quite strict, and i doubt a Samsung model will be supported any time soon.

Since your platform-tools seem to be at the latest version, it's likely that your /tmp doesn't have enough space available. Check out https://grapheneos.org/install#flashing-factory-images

If the phone goes all the way to the boot screen, it probably re-formatted the userdata partition automatically, and you should be fine.

That's easy to do, from ADB. Not just any other server can be used, the server usually has to respond to a /generate_204 url and respond with a 204 No Content header. However the reason Google's servers are left as default is that the phone would be indistinguishable between ~2.5 billion devices.

https://grapheneos.org/usage#default-connections has more details on this.

> ...GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network...
- https://grapheneos.org/usage#default-connections

Follow the install instructions at https://grapheneos.org/install. I added support for flashing the avb public key to the standard flash-all.sh script so it matches the process of installing the stock OS.

No, there are no staggered releases. See https://grapheneos.org/releases#about-the-releases. Every public release is first released to the Beta channel and then the Stable channel. The releases page has a listing of the releases currently in each channel. There's no difference between that and what's available to each device.

In these release notes, I keep seeing improvements to sandboxed Google Play Services and I get confused. Do these improvements mean the Google Play Store will work properly, privately and safely on GrapheneOS? Do I not need F-Droid and the Aurora Store and more? Or do they just allow any installed apps to work better? I tried reading the Usage Guide:

https://grapheneos.org/usage#sandboxed-google-play

but I'm still confused.

Perhaps what u/6FsWYn1SyQxWLd was referring to when they said > have to use another process to remove it.

is maybe having to use an app that is similar to Scrambled-EXIF in order to remove the EXIF data from photos/images/pictures before sharing them.

Where did you install Signal from? Signal from the Play Store / Aurora Store will not provide timely notifications without Play Services.

If you're not using the sandboxed play services on your phone then you need to use the version of Signal found directly on their website on the Signal apk page. This version runs it's own notification service in the background and will notify you of updates.

> The wallpaper and style section in the settings is very limited compared to the not secure android 12. No colour options, can not change the icon shapes, no customization at all. Why is that??? This 12 is a bare minimum in everywhere. Many features has been removed.

There is no icon shape configuration in Android 12 in the stock Pixel OS or in AOSP. The color palette configuration is an exclusive feature of the stock Pixel OS and is slated to be included in AOSP 12.1. None of these features have been removed in GrapheneOS.

Both icon shape configuration and accent color configuration were enabled in the legacy Android 11 GrapheneOS despite being disabled in a standard build of AOSP 11 but neither is present at all in AOSP 12.

> Can not install a GCam port??? The default camera app is just poor in every level. I can easily block the network connection to any app so I do not understand why I can not install a GCam and just block it...safe, no worries.

Now you're simply making something up demonstrating that you haven't even used the OS. GrapheneOS doesn't use AOSP Camera like what you're comparing it to but rather a far better GrapheneOS Camera app. Google camera is also fully supported on GrapheneOS and you'd know that if you read the Camera section in our usage guide.

https://grapheneos.org/usage#camera

It's not clear why you're claiming that you're prevented from installing something...

> I understand privacy is the main purpose but come on guys? Why we need to live in the ice age?!

You're going to be banned from the subreddit if you continue the concern trolling. You're also completely missing the point of the OS if you think all it offers over what you're coming from is quicker updates...

https://grapheneos.org/features

Perhaps you need to read a bit about what GrapheneOS is and what it provides from our website.

> The wallpaper and style section in the settings is very limited compared to the not secure android 12. No colour options, can not change the icon shapes, no customization at all. Why is that??? This 12 is a bare minimum in everywhere. Many features has been removed.

Those features aren't included in AOSP 12. Nothing has been removed. Those are exclusive to the stock OS on Pixels. GrapheneOS is based on AOSP, not Google's proprietary OS on Pixels.

> Can not install a GCam port??? The default camera app is just poor in every level. I can easily block the network connection to any app so I do not understand why I can not install a GCam and just block it...safe, no worries.

Now you're simply making something up demonstrating that you haven't even used the OS. GrapheneOS doesn't use AOSP Camera like what you're comparing it to but rather a far better GrapheneOS Camera app. Google camera is also fully supported on GrapheneOS and you'd know that if you read the Camera section in our usage guide.

https://grapheneos.org/usage#camera

It's not clear why you're claiming that you're prevented from installing something...

> I understand privacy is the main purpose but come on guys? Why we need to live in the ice age?!

You appear to be concern trolling and you're now banned from the subreddit.

https://grapheneos.org/faq#device-support explains all of this.

Pixel 2 has been end-of-life since October 2020. The final patch level it can reach is 2021-11-01. It can't reach 2021-11-05 and above. GrapheneOS provided an extra year of extended support releases for the Pixel 2 all the way until the release of Android 12 which it can't properly support. By that time, it was completely insecure due to lack of full security updates.

See https://grapheneos.org/usage#camera. Google Camera works fine with our sandboxed Play services compatibility layer. We're developing a next generation GrapheneOS Camera app that's eventually going to be competitive with Google Camera for taking pictures. It will initially only have lightweight HDR+ and not aggressive HDR+ / Night Sight for low light shots. That will eventually be coming via CameraX extensions on Pixels.

That fundamentally wouldn't work as an OS feature. It could just be trivially bypassed. The secure element already heavily limits the number of attempts. Please read https://grapheneos.org/faq#encryption.

> the website says that Play Services are needed for push notifications.

It doesn't say that.

https://grapheneos.org/faq#notifications

> My question is this; will the security of GrapheneOS be compromised if I just install the Play services APK from the GrapheneOS web site? I would like to minimize the Google'ing on my phone, but also require push notifications on a select few apps, and I read the OS has none of the "evil stuff" so anything google won't ping back to home base.

Fully covered on the site. Play services on GrapheneOS is a fully sandboxed app with no special access or privileges. It has to follow the same rules as any other apps. You seem to be misunderstanding what the feature provides. It's a compatibility layer to be able to use Play services as fully sandboxed apps. It's not an alternate form of Play services. GrapheneOS doesn't include Play services and has no special version of it available. You should re-read the section on the site.

Ask more questions in the Matrix room if you have more after reading those sections.

You just need to update to a newer release:

https://grapheneos.org/releases#2021102503

It was fixed by a new release 2 days after the initial release of Android 12 GrapheneOS to the Stable channel.

I'm guessing Arch Linux (see here) on a decent workstation with plenty of cores and RAM. Signing keys are most definitely stored offline; build environment probably isn't.

> However Linux desktop is crappy when it comes to security, and Firefox is way behind Chromium on desktop, not to mention on mobile.

You know privacy & security are obviously related in some ways and I think the most secure things are not necessary offering the best privacy. As a analogy, a jail is a secure place but almost no one truly wants to be there. This is certainly a longer conversation. I think, at the end of the day, it's all about finding the right balance between security and privacy that someone really want.

I agree that proprietary OS with built-in data-mining (Windows and ChromeOS on the desktop) are offering good security out of the box but they are crappy on the privacy angle. Good privacy for the users stands against the business model of Google and Microsoft and their commercial interests.

> And when they start to care they usually take really bad advice from places like privacy / android subreddits ...

The community guide I have referred to that Daniel didn't like (https://www.privacytools.io/) is aimed to help people choosing better privacy-friendly solution. It focused much more on privacy than on the most hardened 'out of the box' system available on the market. If you or Daniel find anything there that are outrageously wrong, well why not help those people and explain to them why is that.

They have made progress but they have a long way to go.

1. https://element.io/get-started

2. create an account using either web version on desktop or an app on mobile.

3. https://grapheneos.org/contact#community

4. follow the instructions to join community rooms.

> Freedom Mobile Works fine (Im in the Okanagan, BC, Canada.)

You can install F-Droid with the included browser. You can choose if you want to install Aurora Store from the developers or if you want to get it from F-Droid. You may also want to create a secondary user to try out https://grapheneos.org/usage#sandboxed-play-services. I'd recommend not bothering with nested work profiles yet (advanced feature).

> What I've learned so far is that the device needs to pass SafetyNet for GPay to work. Apparently Graphene does not pass this. But ProtonAOSP does apparently, so why can't Graphene? Graphene's website says that it supports Play Services in a sandbox, is this enough to make the device pass SafetyNet?

SafetyNet attestation is used to enforce that the device is running the stock OS. It's possible to trick the legacy software attestation but not hardware attestation. Google Pay currently only enforces software attestation. NFC payments won't work without the device passing it. ProtonAOSP goes out of the way to return fake answers about the OS version, etc. to SafetyNet to trick it into passing software attestation. This is inherently prone to breaking and cannot not work long-term due to hardware attestation. GrapheneOS isn't going to add these hacks as a temporary workaround that will just end up not working anymore.

Aspects of the app not depending on SafetyNet attestation passing will work fine on GrapheneOS with the sandboxed Play services compatibility layer.

> I'm a technical person but wow. This is a learning curve and a lot of info seems to be outdated or wrong. Would really appreciate any help or advice on this. Just looking for a reasonable mix between usability and privacy.

What info is outdated or wrong? Our website has completely up-to-date information.

https://grapheneos.org/usage#sandboxed-play-services

I just did it. Not sure if I did it correctly.

https://grapheneos.org/usage#sandboxed-play-services

Go to the link, and read the instructions.

Download the the apks in order, base.apk for gsf, install with standard package installer. Do the same with gms.

Search 'SAI github' and download the apk from releases. Install.

Download the 5 apks for vending.

Open SAI, click install and file pick the 5 apks at once.

Then follow the instructions by attempting to sign in to Play store and cancel when you get to email section.

It's a fully sandboxed app without special privileges if you install it on GrapheneOS. It works the same way as any other app. It grants no additional access to Play services that apps using Play services aren't already giving it by including the Play libraries.

https://grapheneos.org/faq#hardware-identifiers

Hey, my device is failing to check for updates since yesterday (An error occured checking for the latest upate). Is there an issue with the servers?

grapheneos.org seems down atm.

https://grapheneos.org/usage#sandboxed-play-services is a compatibility layer to run the official Play services apps as fully sandboxed apps. It isn't a special variant of the apps. Play isn't included in GrapheneOS in any form and so won't receive updates to it via OS updates.

You likely installed it from https://apps.grapheneos.org/ and as explained on our site we don't have an a client for our official repository yet. There will be a client to install and update apps from there. It's not connected to OS updates.

Only the official releases of the Play apps can be used with the compatibility layer, since apps using Play include the Play client libraries which check the signatures and our compatibility layer makes sure to check them too to preserve that security model.

There's no harm in installing updates to the apps from the Play Store, and you should also be aware that the OS package manager pins the keys and versions of every installed app. It won't let you install an upgrade to an app that's a downgrade or signed with a different key unless it's an authorized key rotation.

Please read https://grapheneos.org/usage#sandboxed-play-services. You can choose to install the Play services apps as sandboxed apps not receiving any special access or privileges. This does not grant any additional access to Play that it doesn't have via the client-side libraries in apps using it. All the core functionality works fine. The next release of GrapheneOS will have this working in secondary user profiles along with additional shims making a lot more functionality work. Dynamite modules will also be working soon meaning that non-core Play services modules not bundled with the app itself will be working too.

GrapheneOS does not include any form of Play services or the Play Store, but rather you can choose to install it and we teach it how to work without any special privileges. It doesn't require compromising the OS or application security model via anything like signature spoofing or any special privileges beyond the regular sandbox.

Please read https://grapheneos.org/usage#sandboxed-play-services. You can choose to install the Play services apps as sandboxed apps not receiving any special access or privileges. This does not grant any additional access to Play that it doesn't have via the client-side libraries in apps using it. All the core functionality works fine. The next release of GrapheneOS will have this working in secondary user profiles along with additional shims making a lot more functionality work. Dynamite modules will also be working soon meaning that non-core Play services modules not bundled with the app itself will be working too.

GrapheneOS does not include any form of Play services or the Play Store, but rather you can choose to install it and we teach it how to work without any special privileges. It doesn't require compromising the OS or application security model via anything like signature spoofing or any special privileges beyond the regular sandbox.

Please read https://grapheneos.org/usage#sandboxed-play-services and don't make false claims about how this works. It provides zero additional capabilities to the Play services client libraries running in the apps using Play services.

You are not supposed to open flash-all or use cmd.
Please follow one of the official installation methods at https://grapheneos.org/install/web or https://grapheneos.org/install/cli. The web installer is recommended and easier to use.

Also, as AutoModerator said, you should join the Matrix chat.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

See https://grapheneos.org/releases#2021.05.16.04.

> enable gesture navigation by default (can change it via Settings → System → Gestures → System navigation) instead of legacy 2-button navigation: swipe left/right on the navigation bar to switch apps, swipe up for home screen, swipe up and hold for app overview (recent apps), swipe from the left/right edge of the screen (not the navigation bar) to go back

Recommend trying gesture navigation for a couple days and only reverting back to the prior default (2-button) if you still don't like it.

The default was changed to match the stock OS, to use an objectively better approach and because our prior default has become a legacy option we need to test and maintain downstream. The stock OS and AOSP only have 3-button and gesture navigation now. AOSP still has the code for 2-button navigation but it may go away in the future, leaving only the 3-button and gesture navigation options. We're been delaying this change for quite some time. The stock OS has defaulted to gesture navigation since Android 10.

The officially supported devices receive full monthly security patches including firmware updates via GrapheneOS.

https://grapheneos.org/faq#supported-devices

Pixel 2 is insecure and not officially supported by GrapheneOS. This is covered by our documentation and it's clearly marked that way everywhere on our site.

https://grapheneos.org/faq#legacy-devices

Pixel 2 will be indefinitely vulnerable to issues like these, as explained on the site.

The media chooses only to focus on a select few vulnerabilities which are marketed by security companies to promote themselves. It has little to do with which vulnerabilities are the most serious. It's not a good way to get your information.

Please read https://grapheneos.org/faq#encryption and the other content on the site including https://grapheneos.org/features.

> disabled OEM unlocking

Disabling this is part of the install guide.

> disabled USB debugging, disabled WiFi debugging

Not enabled by default. You shouldn't have developer options enabled on a production device at all. It's best to have it disabled other than rare cases like capturing a bug report.

> Is there anything else in developer options, settings, or any apps to download to enhance security on the phone?

The default settings are already highly secure.

You can't enhance security of the hardware and OS by installing apps.

It's written in HTML and it would be inconvenient to need to manually convert it to Reddit's variant of Markdown for each post. You could consider subscribing to the https://grapheneos.org/releases atom feed with an atom/RSS app.

Note that for GrapheneOS, our updates are signed with keys not available to any servers.

• https://grapheneos.org/usage#updates
• https://grapheneos.org/releases#about-the-releases

A compromise of the GrapheneOS update server wouldn't result in users being compromised since they couldn't sign a malicious release or ship an old release as an update due to downgrade protection.

The update server doesn't get any information other than the release being upgraded from to provide a delta update and the phone model (bramble, redfin, sunfish, etc.) to get the correct release. You can update via a VPN too. This is in contrast to the new CopperheadOS forked from our legacy code where they've made it so that users can be targeted.

It will only make a network connection if you explicitly set up the optional remote attestation service: https://attestation.app/. It never sends device identifiers to the service. Each pairing with the service has an identifier based on the hash of the public key certificate. It isn't a device identifier. It's the hash of a key generated by the app in the HSM. If you turn off remote attestation and set it up again, there will be a new pairing so the hash will be completely different. It's an entirely optional feature. It isn't enabled by default. You have to explicitly go make an account and set it up.

It has nothing to do with updates. The connections made by the Updater app are explained in https://grapheneos.org/faq#default-connections. It's carefully designed to avoid identifying users. It only provides the device model and the current OS version in order to fetch an incremental (delta) to efficiently update from the currently installed version to the new version.

I'd like to help the project by editing the CopperheadOS and GrapheneOS Wikipedia articles to give a more accurate picture of what each of them are like, and what happened in 2018. Currently, the article has a tone of

"CopperheadOS is a good, secure OS"

"GrapheneOS is a fork of CopperheadOS, which was made by Copperhead"

"In 2018, Copperhead's founders disagreed, so the developer left"

when in reality it's "CopperheadOS is a scam"

"The project started as GrapheneOS and was sponsored by Copperhead, in exchange for calling it CopperheadOS, therefore the current CopperheadOS is a fork of GrapheneOS"

"The CEO was an abusive psychopath and business partner that leeched off of the developers' work".

I know the main events are on grapheneos.org/#history but can you give me more in-depth information? I don't want to accidentally lie in the article.

>They also do not support custom keys. They lack a hardware backed keystore.

The Pixelbook does indeed do verified boot differently than a smartphone but it still can be implemented. The Pixelbook has the CR50 chip which enforces firmware write protection for the device. They do have a hardware-backed keystore, Chromebooks come in most cases with TPMs. You can theoretically take control of the TPM though u/MrChromebox's custom firmware does not yet include the functionality. When that functionality is implemented, which is a software rather than a hardware problem, you should be able to set up secureboot with your own custom keys.

>They do not care for proper support for alternate OSes and all security features.

They support emulating Linux and Android. Third-party firmware/payloads exist to allow booting into alternative OSes (or to replace their firmware outright.)

>They will never be supported.

Ofc not. Supporting x86 Chromebooks and ARM phones are a completely different ball game.

>Get a big ol' Pixel 4 XL or an iPad and call it a day.

I'm skeptical of the iPad's inclusion. It's difficult to audit a locked-down device.

>No robust option for a well secured and sandboxed OS for that form factor yet.

Qubes OS exists. Even just regular ChromeOS is pretty well secured through isolation and it's verified boot procedure. The Pixelbook meets the minimum requirements for QubesOS. My point being, that yes, there are well secured and sandboxed OSes for desktop form factors. I would argue that Qubes OS has greater isolation that GrapheneOS.

Aurora store will let you download apps from the playtore without having a Google account or the play store apps itself.

F-Droid will let download Free and Open Source apps from the community. I'm really impressed about how good apps are on it ! You can get Telegram, Riot, and many other there.

WhatsApp can directly downloaded from the official website. Same goes for Signal.

For some reason, you can't find the signal APK from their website. You have to visit the direct link instead : https://signal.org/android/apk/

Download and verify the Signal APK directly from their website. This is designed to not use Google Play Services. It'll also autoupdate itself without the need of an appstore or manual download.

https://signal.org/android/apk/

Just to advice that I had lots of problems to get an anon token in Aurora. After many attempts the solution was going to Settings->Network->Enable custom Tokenizer and change the "Tokenizer URL" by the Germany one that you can get on the web: https://auroraoss.com/ (look at Token Dispensers).

Hope this can help somebody ;)

I enjoy the transparency of Open Collective: https://opencollective.com/ r/jellyfin, a Plex replacement, uses it among many others. Example of their expenses: https://opencollective.com/jellyfin/expenses

You will probably have a better time with lineage + microg

https://lineage.microg.org/

Not as secure, but if you are installing closed source apps, you might as well just use lineage.

This weekend (hopefully) I'll be flashing CalyxOS on my Pixel 4 XL. The founder of the Calyx Institute is quite active in the Matrix room (#CalyxOS:matrix.org) and said they have Google Fi working. I'll try to report back!

> In the interim I've blocked releases.grapheneos.org at the network level. I have automated a schedule for removing this block during a maintenance window for updates to ensure the MAC doesn't change at a bad time.

Not sure why you're doing that instead of https://grapheneos.org/usage#updates-disabling.

In general if it works on Android (without play services) and doesn’t have any major(and very rare) security issues. https://grapheneos.org/usage#bugs-uncovered-by-security-features

“GrapheneOS substantially expands the standard mitigations for memory corruption vulnerabilities. Some of these features are designed to directly catch the memory corruption bugs either via an explicit check or memory protection and abort the program in order to prevent them from being exploited. Other features mitigate issues a bit less directly such as zeroing data immediately upon free, isolated memory regions, heap randomization, etc. and can also lead to latent memory corruption bugs crashing instead of the program continuing onwards with corrupted memory. This means that many latent memory corruption bugs in apps are caught along with some in the OS itself. These bugs are not caused by GrapheneOS, but rather already existed and are uncovered by the features. The features are aimed at preventing or hindering exploits, not finding bugs, but they do that as part of doing their actual job.”

If it works on a phone without Google it will almost certainly work with GrapheneOS 99%

No. https://grapheneos.org/faq#future-devices

“Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.”

Your device doesn’t meet the minimum standards. Check the recommended devices for more information. https://grapheneos.org/faq#recommended-devices

https://grapheneos.org/donate

We're not going to add dozens of cryptocurrencies, sorry. Making this more complicated would reduce the time and resources we have available for development. Bitcoin is the only cryptocurrency option that we intend to offer. Collecting small amounts of money in an assortment of cryptocurrencies is not something that would help the project. It would also direct people away from using the donation options that aren't a hassle for us. We don't want to become cryptocurrency speculators.

This device is not supported and won’t be.

https://grapheneos.org/faq#future-devices

“Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.”

No. Please please review the FAQ on future device support. https://grapheneos.org/faq#future-devices

“Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.”

Samsung S9 is not up to the standards of the project, but on the stock OS it is supported by the Auditor app from GrapheneOS. https://attestation.app

F-Droid shipped legacy v1 signatures for over 4 years after v2 signatures were supposed to be used to replace them. API 30+ disallows v1 signatures. Legacy app builds still work fine. Even apps targeting API 29 with v1 signatures still work fine. Only apps claiming to target API 30 while using v1 signatures are a problem. That's simply broken. Android 10 only supported API 29. Android 11 brings API 30 support, so it detects that the apps are broken. Get the apps from the developers themselves, the Play Store or any other source that's not broken. You would have had the same problem on any other AOSP-based OS. You should be complaining to F-Droid and getting them to rebuild the apps without broken signatures.

> I dislike the automatic updates because there is no option to even read release notes or wait to make an update.

You have the option to disable updates. Read the usage guide section on updates:

https://grapheneos.org/usage#updates-disabling

You would have encountered the same issues when you did update. The F-Droid issue is out of our control and whatever network issue you have doesn't appear to impact many others. It wasn't reported by any Beta channel testers despite a long testing period rather than just a couple days.

> Now I have an unusable device.

No, not really. You need to obtain non-broken builds of those apps. You can probably figure out what's wrong with the network and get it working.

I know this an old post, but for future reference, support for Visible was fixed with the APN update in the 2020.07.06.20 release. The app and wifi calling probably don't work though. I'd suggest buying the phone unlocked directly from Google rather than a potentially bootloader locked phone from Verizon/Visible.

Still the case? No likely support for the 4? I just ordered one. Cancel it and get the 3?

There seems to be support for everything here
https://grapheneos.org/releases#flame-stable

But you guys are talking like 3 is the only option.

From your own reference down below with regards to combating fingerprinting, Vanadium doesn't have it yet while Bromite does:

>Using Vanadium is highly recommended. Bromite is a solid alternative and is the only other browser we recommend. Bromite provides integrated ad-blocking and more advanced anti-fingerprinting. For now, Vanadium is more focused on security hardening and Bromite is more focused on anti-fingerprinting. The projects are collaborating together and will likely converge to providing more of the same features. Vanadium will be providing content filtering and anti-fingerprinting, but it needs to be done in a way that meets the standards of the project, which takes time.

(https://grapheneos.org/usage#web-browsing)

It's actually not from the VPN system as WebRTC* is pertaining to browsers and not VPN system. Hence in the change-log it states:

>Vanadium: most private WebRTC IP handling policy by default

(https://grapheneos.org/releases#2020.05.23.12)

* https://en.wikipedia.org/wiki/WebRTC#Concerns

The website does explicitly list the 4a as a model that is expected to be supported. Is that not the case the after all?

>Support for the Pixel 4 and Pixel 4 XL is currently less mature, but
those along with the Pixel 4a (once it's supported) will become the
recommended devices

(source)

I'm okay with it if it's not, again I'm just trying to decide on the best choice.

"Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported."

https://grapheneos.org/faq#future-devices

The Fairphone doesn't meet the minimum requirements for security. It is not worth supporting as it would not be possible to officially support it. The custom "verified boot" requires an exploit in the bootloader..

It was removed as it is no longer receiving patches for vendor images. This can be around 50% of all patches. Custom ROMs can't patch these and won't have full security patches. It is against the point of the project to support such devices.

https://grapheneos.org/faq#legacy-devices

Updates are covered in the usage guide: https://grapheneos.org/usage#updates. Make sure to follow the official installation instructions including locking the bootloader: https://grapheneos.org/install.

1 this is covered in the FAQ. https://grapheneos.org/faq#non-hardware-identifiers

2 Yes and no. Avoid using any developer settings (hidden by default) and avoid setting flags in Vanadium. Don't change the USB security settings.

Don't grant access to ultra sensitive permissions (rarely asked for) accessibility (this is giving up your device to this app), device managers(bad, but not as bad), usage access (privacy reasons), modify system settings.

3 This is perfectly acceptable.

4 Browsers are attack surface in general. Ideally only use Vanadium. Firefox and Tor Browser are the most vulnerable. If security is the top concern only Vanadium is acceptable. Bromite is worth considering if you are willing to give up some security.

Disabling JS will help a lot. Especially if you accidentally click on an untrusted link or click on something in your email or text (always search for a page whenever it's linked to you even if it appears to be a friend). Trusting sites with JavaScript is easy if you click on the lock it should have site settings and show JavaScript as a deny and you can switch it to allow. Whitelisting is far stronger than blacklisting. Whitelisting is based on merit that's be earned.

You can isolate untrusted apps in another user profile. Smart profile management is important. Due to profile based encryption if you reboot before and after using the untrusted permission with questionable apps you can protect the main profile from attacks.

https://grapheneos.org/install

Please only use the official install guide.

https://www.reddit.com/r/GrapheneOS/comments/fqdfea/join_the_grapheneos_irc_channel/

Please join our Matrix community for better support.

Vanadium attempts to mirror Chrome on a Pixel fingerprint wise. It does a reasonable job achieving that. https://grapheneos.org/usage#web-browsing

Android devices are simply too unique to fragment the methods. Safari has great success with anti fingerprinting due to the common few devices it supports. Relying on anti fingerprinting may have the opposite effect from Vanadium.

Bromite gets an honorable mention.

https://grapheneos.org/install

Please only use the official install guide.

https://www.reddit.com/r/GrapheneOS/comments/fqdfea/join_the_grapheneos_irc_channel/

Join our Matrix community for better support. Cheers

This device will not be supported. It doesn't meet the device requirements. https://grapheneos.org/faq#future-devices

There's no point in building on a system that can't ensure basic security measures.

Please stick to the official install guide from the official website. https://grapheneos.org/install If you need support please join the official pinned Matrix community (top pinned post).

As for YouTube you could consider NewPipe.

This guide is all you need

https://grapheneos.org/install

Please join our Matrix community which is the main location. https://www.reddit.com/r/GrapheneOS/comments/fqdfea/join_the_grapheneos_irc_channel/

Please do not use unofficial install guides. The site is the only reliable source for installing.

https://grapheneos.org/install

Please check the top pinned post for the Matrix community for further assistance

GrapheneOS is Android(it passes CTS) with much better security and privacy. You can disable gapps and see what runs without them as that's really the only change that hurts compatibility.

I highly recommend reading the FAQ and Usage Guide. https://grapheneos.org/faq https://grapheneos.org/usage

Of course get a bootloader unlocked Pixel

Please ask for troubleshooting help on the IRC channel #grapheneos on irc.freenode.net

To access over Matrix #grapheneos:matrix.org

Please submit an issue to GitHub if this isn't figured out there. https://github.com/GrapheneOS/os_issue_tracker/issues

Edit: Developer Options are not officially supported and the setting is probably related to Android in general not GrapheneOS's app. Look at the Usage Guide on how to disable auto updates. Auto updates aren't meant to be turned off as security is the core goal of the project.

https://grapheneos.org/usage#updates-disabling

You don't need to go through the setup process. If it did your device wouldn't expose that identifier again. It's a non issue. You don't need to even boot the device up with the updated Stock OS.

https://grapheneos.org/faq#hardware-identifiers https://grapheneos.org/faq#non-hardware-identifiers

If you would like to contribute to this community project the goal is to move into the hardware space (potentially with an extended reference based design). The more people improving parts of the software help this along.