GrapheneOS

GrapheneOS: a privacy focused android-based OS for your smartphone. This post covers its background, installation, and related applications.

After getting fed up with Samsung’s un-deletable bloatware, random repetitive restarts, and blatant apathy for user privacy on a Galaxy S5 and then S9+, I decided I wanted to try something different. While I have a later batch Purism Librem 5 coming, these are ostensibly early beta-ish prototypes. Though Google has in practice clearly inverted their old motto of “don’t be evil”, the Pixel phones' modern feature package combined with a custom OS like GrapheneOS is appealing alternative.

Oft proclaimed is the mutual exclusivity of convenience and privacy/security. But this certainly need not be true in the long run. And perhaps, at least to some extent, in the short run–which the Pixel3a running GrapheneOS is to (in part) test.

GrapheneOS background

  • started 3/2019
  • main developer: Daniel Micay
    • previously CTO & 50% stakeholder in CopperheadOS - dramatic departure
  • previously called Android Hardening Project
  • focused on supporting Pixel line of smartphones (for now excluding newer Pixel 4 line)
  • endorsed by Snowden in later 2019
  • licenses: MIT, Apache 2

grahene features

other custom OSs

  • copperhead

  • lineage - successor fork of cyanogen. https://en.wikipedia.org/wiki/LineageOS

    • replicant: completely free software variant of LineageOS

  • rattlesnake

  • android open source project (AOSP)

  • related:

    • MicroG: FOSS implementation of proprietary google libraries

network

Tracfone from Ting. Others have used cash-paid SIMs with pseudo-anonymous addresses as a greater-privacy alternative.

OS installation

  • boot stock system first & update it through normal channels

download & flash fastboot

  • on desktop (arch)

    • ensured following installed:
      • android-tools android-udev (had to uninstall some conflicts)
      • signify
    • ensure fastbook in path (should be upon doing above and opening new shell) - check with version: 
      [user@arch ~]$ fastboot --version
fastboot version 29.0.5-2
Installed as /usr/bin/fastboot

  • on phone

    • enable developer options (system -> about -> click on build number until developer mode enabled)
    • enable oem unlocking:
      • settings -> system -> advanced -> developer -> enabled oem unlocking
    • boot into bootloader interface:
      • turn off phone
      • turn on by holding vol down + power

  • connect phone via usb to desktop machine

  • on desktop machine execute:

    • fastboot flashing unlock

  • on phone:

    • confirm unlocking of bootloader

get & verify the OS

  • download/verify graphene factory public key

    • check against: graphene website, reddit, twitter
    • contents: 
      untrusted comment: GrapheneOS factory images public key
RWQZW9NItOuQYJ86EooQBxScfclrWiieJtAO9GpnfEjKbCO/3FriLGX3

  • download stable graphene image:

  • verify graphene image:

    • signify -Cqp factory.pub -x crosshatch-factory-2019.06.23.05.zip.sig && echo verified

      • adapted:

        signify -Cqp factory_key/factory_grapheneos_website.pub -x sargo-factory-2020.01.06.21.zip.sig && echo verified; \
signify -Cqp factory_key/factory_twitter.pub -x sargo-factory-2020.01.06.21.zip.sig && echo verified; \
signify -Cqp factory_key/factory_reddit.pub -x sargo-factory-2020.01.06.21.zip.sig && echo verified; \
signify -Cqp factory_key/factory_github.pub -x sargo-factory-2020.01.06.21.zip.sig && echo verified

      • results:

        verified
verified
verified
verified

  • extract graphene zip

flash the OS

  • enter resulting directory and execute ./flash-all.sh
  • wait until boots to flashbootd
  • reboot from there into bootloader again
  • relock flashing (note: apparently wipes data):
    • fastboot flashing lock
    • confirm on phone
  • reboot
  • on boot -> developer options -> disable oem unlocking now

basic setup

  • installed f-droid from fdroid website (probably not best way) - couldn’t find easy guide
    • best would probably be download on desktop, verify signature, then transfer to phone
  • to install apps like signal through google play store, installed aurora store (preserves degree of pseudo-anonymity)
  • note: aurora store seems intermittently buggy
    • initially used anonymous login and only login info shown (no store)
    • after doing nothing specific suddenly apps appeared after restarting and opening/closing apps a bunch of times
  • fix bluetooth:

apps

  • f-droid

    • video: vlc
    • music: spotify (“updater for spotify”)
    • navigation:
      • google maps (see discussion below)
      • alternatives:
        • OsmAnd~
        • ?magic earth
    • email: k9
      • other options include: fairmail, tutanota
    • podcasts: antennapod
    • desktop integration: kdeconnect
    • weather:
    • photo:
      • open camera (works but NOT as good as default camera/setup on e.g. S9+, even with tailoring custom settings)
    • 2-factor:
    • voicemail
      • due to the amount of spam calls I received I initially simply disabled this!
      • thereafter I used AT&T’s default non-visual voicemail
      • re visual voicemail: I’m not sure what best options are, given privacy implications of using 3rd party services
    • redshifting: no great option yet, but I am using Twilight
      • Twilight app is great re customization/options (set temp & intensity, screen dim, time-settings) but doesn’t affect system overlays!
      • built-in android “night light” is very poor quality vs. e.g. redshift desktop
        • redshift desktop allows easy setting of brightness level (e.g. 50%: -b 0.5) & color temperature (e.g. 2700K: -O 2700)
      • Red Moon is another that, similar to Twilight, allows custom settings but also doesn’t impact system overlays
      • because these apps have to draw over other windows, a great deal of trusts seems involved re permissions required
    • chat
      • RiotX
    • file syncing
      • Syncthing - seems to work well

  • aurora (google store)

    • texts: signal
    • google maps for navigation

  • to be determined

    • contact syncing
      • DecSync CC is one option that I am experimenting with
    • calendar
    • crypto
      • samourai - drawbacks include lack of fiat value (necessary for OTC transactions!)
    • vpn - options include openvpn, mullvad

maps

Initially I tried using OsmAnd~. In some ways, this is a great app: you can have specified maps fully functional offline and you are not reliant on Google’s totalitarian-loving infrastructure. However, two aspects have precluded me using this as a primary map app: it’s search/lookup is terrible to non-existent, and turn-by-turn directions are radically inferior to google maps. Trying this out for a week or so I was constantly using the website of google maps to retrieve coordinates to feed to OsmAnd~! Even though this is still probably better from a privacy perspective, it is a significant usability issue. With turn by turn directions these were frequently without street names, looking ahead to next turn did not seem possible (with google maps you can swipe the top overlay to preview future turns), and there were many more errors in navigation vs. google maps. I really hope the search and turn features improve. The fact this app has come so far is fantastic. But for now, I need to not be late to appointments due to mis-navigation that seems to go with this app for now. Obviously google maps is terrible for privacy, but I don’t think its use negates all other positive attributes of using GrapheneOS. At minimum, you specifically don’t have to explicitly link a google account to use the app, thanks to Aurora.

usability

Using the above apps & setup, I have had no significant issues using GrapheneOS as my primary phone. Compared to a Samsung Galaxy S9+ using Android, the drawbacks are: lower photo quality (using Pixel3a so may be hardware/camera) & slightly slower UI response time (makes sense given 3a). I don’t think I’ve experienced any usability drawbacks that I can specifically for-sure associate specifically with GrapheneOS itself.