I have not any prior experience with installing custom ROMs, but after trying it out (and getting stuck, and googling and finding answers) I successfully did it. Below is my home screen if anybody is curious:
I use OpenBoard for my keyboard. Unfortunately I am still dependent on Play Store since some of the apps I need can only be found there. Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private; then I think this is better than using a regular iPhone or Android phone.
So far I’m liking it. I am naturally inclined to feel hesitant about using this as my main phone and plugging in a SIM since it’s custom, but I’m slowly making the transition.
Feel free to share any beginners advice or your own experience using GOS for the first time. Cheers!
I just keep Play store installed with all permissions disabled, including network, and use Aurora store instead.
What is the main difference between using Play Store and Aurora store (logged in with your Google account)?
Aurora store has a cleaner interface with no ads and can be used without a google account.
I’m more curious about the privacy aspect of using Aurora over Play, especially considering since I will be logged into my G account.
When starting Aurora, you can choose between an anonymous account or your own. You can still use the anonymous option even if you are logged in to other services with google. If you go logged on anyways, I guess Google will not know your every tap with Aurora? I would think logged in, google play store and aurora would be comparable (not private).
Do you know if it’s safe to download banking apps from third party stores (in this case Aurora)?
It does download from google (servers), so it is safe enough
I have heard Aurora is more insecure and you can risk getting your Google account blacklisted or banned using it. Do you have any experience with this or know how common it is?
I do not know on a technical level.
Just dont use your personal g acc (obviously), and its fine.
Aurora is a foss wrapper with fewer anti-features like ads. You could trust the client more ig if you’re using Aurora. I use F-Droid for most things and then Aurora for like 3 apps I’m not willing to give up and have no foss alternatives. I mostly just use Aurora out of principle for the apps I can’t get from F-Droid, but also I guess out of a lack of trust for Google (which I suppose is related to the principle of not using proprietary software anyway)
Even if apps you use depend on play store one of the things you can do on GrapheneOS is temporarily disable it and only turn it back on when apps refuse to run, another option is just keeping those apps in a separate work profile.
all android phones can temporarily disable an app until you turn it back on.
No, that only applies to (some, not all) system apps. GrapheneOS allows this for all (including user-installed apps): https://grapheneos.org/features#user-installed-apps-can-be-disabled
adb shell pm disable-user PACKAGE_NAMEworked for me with Signal on a stock pixel
Sure you can do it through adb, but Graphene exposes this option in the settings. They also recommend against enabling developer settings and using adb for security reasons.
But you said “no” before… I was just showing that it is indeed possible with non-system apps.
yes also including uaer apps: for any rooted/or non-rooted android I can disable whatsapp and it wont ring, update store version, recive calls, nor messages all while I’m online watchung youtube for 2 hrs, then enable fake location and go online to share with you live that I arrived brussel
Not google services
Not all of them can disable google play service apps
I would argue you shouldn’t be using those apps in the first place since they all contain proprietary blobs (yes that includes Signal, see Molly-FOSS for a non-blobbed fork).
Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private
every small change matters
Check out Heliboard (also on F-Droid) and follow the instructions to enable gesture typing. I also suggest Futo for on-device voice to text.
What specific apps are you using that you can’t deal going away from? Other than some social media or gamr or something. Even then it seems like there are replacements a lot of the time
Every step you take towards a more private digital life is essential. I mean you have to start somewhere right? And the phone is in my opinion the biggest privacy thread out there. I am not on GrapheneOS but I’m considering switching soon.
I switched over a year ago and have no regrets. It does everything I want (including android auto now) and gives me at least a little but more privacy than a stock android image.
The more people who use it the more impetus there is to further develop it.
Give it a go! Its a great.
You can use the aurora store for most of your play store need’s.
Should be all, its simply a frontend. I have never seen an app be “missing” so to say.
I was referring to features, like adding money to your account. Not that they are needed in aurora.
Some apps are not available in my Google store due to geoblocking. Can aurora circumvent this? Or is it a front end of the “local” google play store?
A reputable VPN can block this. I’m not sure if the store can solely. I don’t believe so. If your blocked for any reason you need a good VPN. ****
You are correct, re-loading the aurora store after shifting my vpn to the target country (and anonymous login) seems to change the aurora storefront too :)
Nah, I prefer F-droid wherever I can. The mentioning when an app has anti-features is so helpful.
But Aurora is a great second option.
Yeah I use play store because I have to have some stuff furnished from play store for work but aurora store is a great way to acquire those apps you do need to get through life but that aren’t open source
vouch for aurora store being awesome
I recommend you use GrapheneOS as your daily driver. There’s not really any reason not to. I have been for years and never had trouble.
Aurora store is also pretty cool. You can download from there without a google account.
I’m curious why no one recommending FlorisBoard.
I’ve been using GraoheneOS as my daily driver for months now. I still have issues with things that need Google Localization (car sharing program in my city for example) and I’ve had a few banking apps complaining when being installed from the Aurora Store.
I miss having my cards on my phone quite a lot.
+1 for this, but i will mention that suggestions/autocorrect is not stable yet if that matters for people.
Suggestions/autocorrect will likely come within the next 2 months when 0.5 releases
It’s also easily customizable and will likely have an in-app layout editor by 0.6
hopefully i can move clipboard buttons too.
Checkout Heliboard, it’s a fork of the discontinued Openboard which fixes a lot of it’s bugs and adds new features and improvements:
https://github.com/Helium314/HeliBoard
It’s avaible on F-Droid and IzzyOnDroid
Aurora store and F-droid will be your besties, you don’t need play store unless you have purchased something.
You don’t need Play Store if you’ve purchased something. I had to use a paid app for a few years and installed it through Aurora. You can install paid apps on Aurora if you log into the google account you bought it on.
Thanks for the heads up.
I suggest Droid-ify over the F-Droid store for ease of use, but both work fine
I personally like the F-droid app way better. It is pretty polished and has the benefit of being first party
Last I used it, Aurora store can’t do automatic updates without user attention. Is that still true? If so, it’s adding another massive inconvenience.
Automatic updates were added about six months ago. https://gitlab.com/AuroraOSS/AuroraStore/-/issues/719
They’ve been working well enough for me.
Well that’s awesome news. I used it a little over a year ago, so I didn’t know they were working on it.
Is it really a massive inconvenience? I would hardly even call it a minor inconvenience. I get a notification maybe twice per week that there are updates pending, and I just accept them in bulk. Your life must be absolutely perfect and ridiculously easy if that simple infrequent action can be classified as a massive inconvenience.
There are much more annoying things when de-googling and using graphene OS than this IMO. This hardly even registers as annoying. Not being able to use my government 2FA app or NFC payments, now that is massive inconvenience.
Okay, smuglord. It’s a massive inconvenience compared to doing literally nothing. And it heavily depends on what apps you use and how often they update.
Don’t forget to change your DNS provider to something such as NextDNS for added benefits
Does it have any benefits over just running pihole, other than reliability?
It also works when using cellular data or connecting to a different Wi-Fi network. Your Pi-Hole only works when you’re at home or when you VPN into your home network
Fair. I always assumed I could just point to it while I’m out, but i also haven’t put a lot of thought into it yet lol
I mean you technically could expose the Pi-Hole from your home network on the internet, but I don’t recommend it. A VPN (either a simple WireGuard setup or something more fancy like NetBird, ZeroTier or Tailscale) could work, but I think NextDNS is the easier solution. Alternatively you could look into running your Pi-Hole on a VPS with WireHole.
You aren’t always home, therefore when you aren’t home it’s useful.
You can still use PiHole as your DNS when not home if you setup a VPN. For me that was the route I went.
or you can allow public authenticated access to dns over https… (just don’t expose the raw udp dns server, it’s a really bad idea)
(not sure if DoT can also support auth, but if it does that’s great because android supports dot natively)I know I don’t want to open up any more ports than I have to, but you’re right, that does sound like another alternative to setting up VPN.
Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don’t want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.
Edit: how would I go about that if I felt so inclined? Any tips?
I have not yet looked into the DNS topic. What are the risks if I use the provider’s default DNS? Or what are the advantages of using a different DNS?
ISP DNS servers often lies, depending on your country, a lot do DNS blocking so it’s a way to evade basic censorship. Also some alternative DNS can lie in useful ways, for adblocking or malware protection. You can also check mullvad DNS.
NextDNS even let’s you customize your DNS filter. You can choose which blocklists you want to use, and you can manually whitelist/blacklist individual domains. It also has other cool features like parental controls and malware protection.
You might be underestimating the OP
Have you checked out this?
Yes. The reason I don’t use Aurora is because I’ve heard it’s instable sometimes and uses many anonymous Google accounts in order to install apps. I feel safer using my own burner account for that.
You can also use your own Google account in Aurora store.
Interesting. I’ll check this out later.
Definitely do! I also suggest Droid-ify for FOSS apps :)
You can set up multiple user profile and install the play services in only 1 profile if you want to jeep other profile more private
Sorry for the noob question, but are you able to access your banking apps with GrapheneOS? If so, how?
Most apps should work with no issues. There’s a compatibility list at https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
For me, going into the app info and enabling “Exploit protection compatibility mode” worked for banking.
I’ve used four different banking apps (admittedly banks which may not operate in your country, but they’re popular enough in my country) on GrapheneOS no problems. I currently don’t have a banking app installed because I don’t need one and it’s probably spyware. I just do my digital banking in my web browser. But if you want to install a banking app, it should work completely fine, save for notifications—a lot of proprietary apps seem to rely on Play services for notifications 🤷♀️
