|| Phlog 35 - GrapheneOS || || || || || OpenBSD || || Kitchen Table || A run-up to, during and after installing GrapheneOS as a daily-driver phone It's not a very hot take to state that smart phones, both iOS & Android-based, are getting progressively less "owned" by us the user. There are new features to keep us placated and impressed - more camera lenses, new and improved ways to socialize and share, ways to backup settings and content to The Cloud(TM) and the ubiquitous AI-ification of new phones. Should you be as uninterested in those features as I am, please consider giving GrapheneOS a try. Apple's threat of on-device scanning via "Enhanced Visual Search" along with Google's barely-announced "SafetyCore", it's become *very* clear that these devices are less-ours than ever. I'd been curious about alternate phone options for a while and looked at everything from Pine Phone to LibrePhone to the Furi FLX1. I liked the ideas of all of these to varying degrees, but the apps I need for work and what few personal apps I use all tend to reside on the Play store or alternates (or via sideloading) which added to Graphene OS's appeal. The Pixel phones seem like decent hardware as well - I'm too hard on mobile phones for a modern flip-style phone (I had a Samsung Flip 3 that lasted all of 3 months, sadly) and it's the phone of choice for Graphene OS due to some of the hardware perks and security. I. I acquired a very lightly used Pixel from eBay. There are certainly more clandestine and/or local ways involving cash or cryptocurrency but for the price and timing, this option worked out very well. The phone itself is very 'iphone 16-esque' in the light-weight, dark-tinted aluminum and gorilla glass monolith. I believe that a large barrier to entry to most people trying out a more secure phone is, sadly, asthetics: folks will absolutely go with the sleeker looking device that bleeds information about them vs something that's far more secure but may not have rounded edges or more buttons than they're used to seeing. The fact it's already a mainstream device, coupled with the large amount of case, screen protector and accessory options can make this appealing to the mainstream. II. Installing Graphene OS was incredibly straight-forward. The web-installer works over USB via Firefox and I did not try the cli method but it doesn't seem incredibly daunting if the web-based installer isn't an option. (CLI does require installing the android tools package and some additional libraries, along with openssh based on the reading.) Unlocking the bootloader, downloading, flashing/installing and rebooting was maybe 45 min from plugging the phone in to booting into Graphene. III. Graphene OS itself will look very familiar to stock Android but without all the Google-fication and carrier bloatware. The personalization options are mostly there, save for anything that would compromise security. The Graphene App Store app has all the pre-installed applications for reinstall if need be and also contains the security-focused app store, Accrescent. The Graphene OS-specific Google Play Store and accompanying Google Play services are what most Graphene users will be after, though. These allow install of apps from the Google store while keeping security settings managable. The Play Store itself runs described as "Sandboxed Google PLay" with separate settings for security and location along with specific Android Auto settings and requirements. One of the most interesting features is the ability via the Sandboxed Play Store to route location requests to the OS instead of phoning home as with a normal phone OS install. IV. Application options are plentiful and (for the most part) easy to manage. The most obvious option is the GrapheneOS-provided version of the Play Store which allows for traditional install of Android apps from the Google ecosystem. Also included in the GrapheneOS install is the Accrescent App Store which gives a number of privacy-focused applications. These 2 options definitely work for the vast majority of phone apps (provided you don't mind getting it from Google), however a couple other options exist. The Aurora store is a wonderful option to get Google Play apps without needing to sign in or even have a google account. The apps I've installed from GrapheneOS's Google Play vs. the Aurora store both run without issues. The Play store will notice if an application wasn't originally installed via Play if it's searched via the Play Store and notes that it's updating an application from a different source. Aurora is a huge resource for those that don't want to take part in Google's account pro cess. It also allows for grabbing earlier versions of some apps if need be. For non-app store applications and projects or things that just have an .apk out there (or if you just want extra scrutiny of where apps are being installed from), Obtainium is the tool for you. It's able to pull from F-Droid, Github, RSS feed, local directories, etc. to install less-common applications. I've only tested a couple sources but it was a lifesaver getting a couple applications installed. Apps themselves all work without issue, aside from apps that require the Graphene OS Exploit Protection compatibility mode. Thus far, this has only been banking apps as described on the Graphene OS site (https://grapheneos.org/usage#banking-apps) along, oddly enough with the TouchTunes jukebox application: it was honestly just as difficult to get working as the financial apps that do all the integrity checks. The lone app I could not get to function was the Chamberlain garage door sensor application for my aging garage door. I tri ed numerous older versions and with & without exploit protection mode but still no luck in getting it to run without errors. Reading forum posts leads me to believe this is par for the course with this particular app. V. Day to day use has worked very well. Changing over mobile service was seamless, which I was honestly worried about - I had visions of my carrier flagging this new phone as some anomaly and having a human intervene and tell me my account was banned or something for daring to use an alternate phone OS. Setting up email, calendar, SSH, work apps and crucial apps was no different than other Android-based devices. The phone and SMS experience has been reliable and without issue. After reading about how to get RCS messages set up, I set up Google Messages and limited permissions with the option to use it without an account. The stock SMS messaging app did work right out of the gate, but I did want to take advantage of RCS. My nephew was kind enough to stress-test SNES9X with various games with no complaints. Sound for Peertube clips and music has been good - though, I haven't traditionally used my phone for music (shameless plug for Tangara player goes here). Maps on the Graphene OS-specific version of A ndroid Auto has worked fine and with the appropriate permission tweaks, the voice to text SMS messaging in my car is also functional. I'm very happy with the switch to Graphene and plan on keeping this particular phone around for the planned 7-year hardware support cycle (provided it doesn't get destroyed through daily life) and stick w/Graphene on the next iteration of devices they support. Getting out of the Apple, Google and carrier-controlled phone business isn't as daunting as it once was and I can't recommend it enough, especially for security & privacy-centric folks. Good luck!! Links: Project Page: https://grapheneos.org/ Find a device: https://www.ebay.com/sch/i.html?_nkw=google+pixel+unlocked&_sop=12 Solene's writeup: https://dataswamp.org/~solene/2025-01-12-intro-to-grapheneos.html Accrescent App Store: https://accrescent.app/ Aurora Store: https://store.auroraoss.com/ Obtainium: https://obtainium.imranr.dev/