I have not any prior experience with installing custom ROMs, but after trying it out (and getting stuck, and googling and finding answers) I successfully did it. Below is my home screen if anybody is curious:
I use OpenBoard for my keyboard. Unfortunately I am still dependent on Play Store since some of the apps I need can only be found there. Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private; then I think this is better than using a regular iPhone or Android phone.
So far I’m liking it. I am naturally inclined to feel hesitant about using this as my main phone and plugging in a SIM since it’s custom, but I’m slowly making the transition.
Feel free to share any beginners advice or your own experience using GOS for the first time. Cheers!
OpenBoard is no longer maintained. Heliboard is a good alternative.
I think Google Play on Graphene is a good compromise, since at least it does not have root access. Unfortunately it is very crippling to completely avoid Google on Android.
That being said, I heard others are using work profiles to isolate all apps using Google Play from their more private apps. I’m not doing that, but work profiles are nice for … well work apps.
Unfortunately it is very crippling to completely avoid Google on Android.
Tbh if you don’t do mobile gaming, I think this is entirely doable. I say this as someone who uses Aurora Store for about 3 or 4 odd apps. I could live without them on my phone, but I just choose not to for the convenience of having a mobile client for some proprietary services I use. And I don’t have Google Play services at all.
To install apps from the Play Store you could maybe look at Aurora Store?
Openboard updated for me recently. When did they stop maintaining it?
https://github.com/openboard-team/openboard
Last commit is two years ago. I’d recommend checking what you have installed. A quick search on GPlay finds what appears to be a clone that may or may not leak user data.
version 1.4.5
org.dslul.openboard.inputmethod.latin versionCode 19
targetSdk 31 minSdk 19
Installed: May 8, 2024; 3:17 PM Updated: May 8, 2024; 3:17 PM
Is this an AHH SHIT moment or I’m good? Lol
So I don’t want to tell you to panic but I can’t find anything about “dslul” or their version of openboard. The questions I have are as follows:
- How did you acquire this apk? (F-Droid, play store, obtainium, regular download?)
- Do you have hypatia installed? If not, can you install it and run a device scan to see if there’s any known malicious blobs on your device?
- Please take a look at heliboard. I know its weird to tell people they’re safer going with the most popular options, but legitimately we’re a pack animal. We do better when we look out for each other and this may be a case where it’s best to go to the version of this project that has the most eyes on it
I use heliboard now downloaded today and deleted open board. I acquired openboard from Fdroid. Both times. I’ve never heard of hapatia. I will check it out momentarily.
So I don’t want to tell you to panic but I can’t find anything about “dslul” or their version of openboard.
It’s the app id from F-droid, so I would assume it is legit: https://f-droid.org/packages/org.dslul.openboard.inputmethod.latin/
Interesting! I assume then that dslul was the original developer. Weird I wasn’t able to turn up anything at all… Well… Not that weird given that internet search is broken
1.4.5 is the latest—and last—OpenBoard version, released 8/8/22 per app on F-Droid.
Did you fresh install it? Your log makes it look like you just installed it.
Yes I forgot I did. My phone bugged out one day about it. I don’t know why. Whats a good FLOSS alternative?
Heliboard is recently restarted sucessor
Futo is another option, I am not sure if it is Foss Lois rossmann backs it though
I am not sure if it is Foss
It is not, just source-available:
https://gitlab.futo.org/keyboard/latinime/-/blob/master/LICENSE.md
I like FlorisBoard
I use Gboard with network permissions toggled off
Thanks for the heads-up!
As someone who has a profile only for Whatsapp (used to also be Instagram), a profile for banking & finances, a profile for some stuff that needs play services, and a profile for most other stuff (main profile)…don’t use profiles unless you’re only creating one more at the most, and you’re absolutely certain there’s no need to share information between the profiles.
Graphene has had a long-standing bug from upstream AOSP, if I recall correctly, where it’ll always ask for your pin when changing profiles, and only sometimes will it allow you to use your fingerprint or alternative methods to get into your profiles. I almost never get the fingerprint option for my main profile, and have to tap back from the pin input on other profiles to get the option to use fingerprint, and not always. They do sometimes push something that loosely resembles a fix, but it’ll go back to not working after another update.
Regarding communicating between profiles, that’s hard to pull off. The curveball of having to send screenshots from banking apps, say, confirming transactions, it’s made a lot worse with profiles. I’m currently relying on my nextcloud instance to upload screenshots from finances, then downloading those screenshots from nextcloud into my WhatsApp profile, just to send a proof of transfer to someone. I’m definitely not keeping my phone like this for much longer.
All else considered, however, I’m not going back to a ROM that doesn’t respect me as the owner of my device. I’m happy to have switched to graphene and I am here to stay.
I was wondering about that. Seems like 90% of the time it flashes the finger print reader then fails and goes back to pin. Also 75% of the time can’t read my fingerprint reader when just unlocking but that’s not a grapheneos issue… :(
Thank you for sharing this. Honestly, right now, I simply don’t feel a need to use profiles for my apps. I understand some people claim I probably should considering I use both FOSS and Google apps, but I’m just getting started with this whole privacy thing and I don’t feel like rushing. Using only one profile probably isn’t the absolute worst thing you could do, eh?
I’m using a work profile for Google Play. It was surprisingly easy to setup and there are few guides around. But basically you install Shelter, then clone Apps to the work profile. Open up Apps on the work profile and install google play services normally.
I found a separate profile with google play was too much of a pain in the ass unfortunatly.
Don’t forget to change your DNS provider to something such as NextDNS for added benefits
Does it have any benefits over just running pihole, other than reliability?
It also works when using cellular data or connecting to a different Wi-Fi network. Your Pi-Hole only works when you’re at home or when you VPN into your home network
Fair. I always assumed I could just point to it while I’m out, but i also haven’t put a lot of thought into it yet lol
I mean you technically could expose the Pi-Hole from your home network on the internet, but I don’t recommend it. A VPN (either a simple WireGuard setup or something more fancy like NetBird, ZeroTier or Tailscale) could work, but I think NextDNS is the easier solution. Alternatively you could look into running your Pi-Hole on a VPS with WireHole.
You aren’t always home, therefore when you aren’t home it’s useful.
You might be underestimating the OP
I have not yet looked into the DNS topic. What are the risks if I use the provider’s default DNS? Or what are the advantages of using a different DNS?
ISP DNS servers often lies, depending on your country, a lot do DNS blocking so it’s a way to evade basic censorship. Also some alternative DNS can lie in useful ways, for adblocking or malware protection. You can also check mullvad DNS.
NextDNS even let’s you customize your DNS filter. You can choose which blocklists you want to use, and you can manually whitelist/blacklist individual domains. It also has other cool features like parental controls and malware protection.
You can still use PiHole as your DNS when not home if you setup a VPN. For me that was the route I went.
or you can allow public authenticated access to dns over https… (just don’t expose the raw udp dns server, it’s a really bad idea)
(not sure if DoT can also support auth, but if it does that’s great because android supports dot natively)I know I don’t want to open up any more ports than I have to, but you’re right, that does sound like another alternative to setting up VPN.
Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don’t want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.
Edit: how would I go about that if I felt so inclined? Any tips?
Have you checked out this?
Yes. The reason I don’t use Aurora is because I’ve heard it’s instable sometimes and uses many anonymous Google accounts in order to install apps. I feel safer using my own burner account for that.
You can also use your own Google account in Aurora store.
Interesting. I’ll check this out later.
Definitely do! I also suggest Droid-ify for FOSS apps :)
There is also Neo Store which can be used as a F-Droid client.
Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private
every small change matters
Exactly. I don’t even think of myself as having escaped surveillance capitalism. I’ve made it less lucrative though. All that data they’re mining? I’ve done a little bit of work to make sure the mines are tapped out. I’m gonna keep working to convince others that there’s value in doing the same. Its all part of telling these greedy shitheads we won’t accept their global destruction anymore
Aurora store is also pretty cool. You can download from there without a google account.
Sorry for the noob question, but are you able to access your banking apps with GrapheneOS? If so, how?
I’ve used four different banking apps (admittedly banks which may not operate in your country, but they’re popular enough in my country) on GrapheneOS no problems. I currently don’t have a banking app installed because I don’t need one and it’s probably spyware. I just do my digital banking in my web browser. But if you want to install a banking app, it should work completely fine, save for notifications—a lot of proprietary apps seem to rely on Play services for notifications 🤷♀️
For me, going into the app info and enabling “Exploit protection compatibility mode” worked for banking.
Most apps should work with no issues. There’s a compatibility list at https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Aurora store and F-droid will be your besties, you don’t need play store unless you have purchased something.
You don’t need Play Store if you’ve purchased something. I had to use a paid app for a few years and installed it through Aurora. You can install paid apps on Aurora if you log into the google account you bought it on.
Thanks for the heads up.
I like neo store
I suggest Droid-ify over the F-Droid store for ease of use, but both work fine
I personally like the F-droid app way better. It is pretty polished and has the benefit of being first party
The latest f-droid release has been causing me headaches and I’ve switched (for the time being) to droid-ify. Which also has some headaches but no show stoppers. Of the two, I can definitely say I prefer f-droid. I hope this helps someone find what they want in an app installing app
deleted by creator
Automatic updates were added about six months ago. https://gitlab.com/AuroraOSS/AuroraStore/-/issues/719
They’ve been working well enough for me.
deleted by creator
Unfortunately I’m experiencing the same thing :( Not too big of a deal for me to do manual updates once every two weeks or so but still an annoyance
Is it really a massive inconvenience? I would hardly even call it a minor inconvenience. I get a notification maybe twice per week that there are updates pending, and I just accept them in bulk. Your life must be absolutely perfect and ridiculously easy if that simple infrequent action can be classified as a massive inconvenience.
There are much more annoying things when de-googling and using graphene OS than this IMO. This hardly even registers as annoying. Not being able to use my government 2FA app or NFC payments, now that is massive inconvenience.
Okay, smuglord. It’s a massive inconvenience compared to doing literally nothing. And it heavily depends on what apps you use and how often they update.
Removed by mod
To me I love to have control over what I update, I agree with it not being inconvenient. For other it might so it’s not really necessary to be mean about it!
I’m curious why no one recommending FlorisBoard.
I’ve been using GraoheneOS as my daily driver for months now. I still have issues with things that need Google Localization (car sharing program in my city for example) and I’ve had a few banking apps complaining when being installed from the Aurora Store.
I miss having my cards on my phone quite a lot.
I tried Floris board. Its particular rough patches are deal breakers for me, but I’m sure my keyboard of choice has rough patches that would be deal breakers for potential Floris board users. I hope some people see your comment and give it a try. It seems like a promising project
+1 for this, but i will mention that suggestions/autocorrect is not stable yet if that matters for people.
Suggestions/autocorrect will likely come within the next 2 months when 0.5 releases
It’s also easily customizable and will likely have an in-app layout editor by 0.6
hopefully i can move clipboard buttons too.
FUTO Keyboard is really nice imo
deleted by creator
I have been using lots of the different private keyboards that have been out for a while but FUTO just came out with a amazing Keyboard that has better then Google Voice typing.
What are your concerns regarding using your SIM card?
It’s actually nothing but beginner paranoia. Will it work properly even on a custom ROM, is the main question spinning in my head.
When I last used Graphene, it was on a pixel 4 XL, and I used a Google Fi sim card just fine. Texting, specifically MMS was borked, group chats would just be massive sentences of spaghetti letters. Other than that though, issue free.
Same issues here. I love GOS but I need basic things like SMS/MMS/RCS to work, and right now they just don’t.
Damn, not even RCS works?! I’m back to stock Android on a 6 Pro because I don’t have the energy, and can’t be fucked to deal with tech problems that often.
RCS works with my Pixel 7
OK, yea a feature that uses data not working didn’t make sense.
Some people apparently got it to work. Maybe check this thread on the Graphene forum: https://discuss.grapheneos.org/d/1353-using-rcs-with-google-messages-on-grapheneos/
Thank you! It was interesting skimming that thread.
Works for me on Verizon and has for 5+ years. Google Fi even works as I’ve tried that with a different phone on GrapheneOS.
No reason it wouldn’t as far as I know, assuming your hardware is compatible.
Futo keyboard. Its the best.
You can set up multiple user profile and install the play services in only 1 profile if you want to jeep other profile more private
I’m still waiting on LineageOS being ported on my phone (SM-A536B).
You are welcome to work on it. However, Samsung devices are a absolute pain to work with.
Yes, I know that, and I tried porting it to PostmarketOS, but the build failed miserably.
You need to mainline the kernel for Linux systems. That is a very difficult job
Even if apps you use depend on play store one of the things you can do on GrapheneOS is temporarily disable it and only turn it back on when apps refuse to run, another option is just keeping those apps in a separate work profile.
all android phones can temporarily disable an app until you turn it back on.
No, that only applies to (some, not all) system apps. GrapheneOS allows this for all (including user-installed apps): https://grapheneos.org/features#user-installed-apps-can-be-disabled
adb shell pm disable-user PACKAGE_NAMEworked for me with Signal on a stock pixel
Sure you can do it through adb, but Graphene exposes this option in the settings. They also recommend against enabling developer settings and using adb for security reasons.
But you said “no” before… I was just showing that it is indeed possible with non-system apps.
Yeah you’re right, I didn’t think of adb while writing that comment. It’s not possible through the settings is what I meant.
yes also including uaer apps: for example I can disable whatsapp by putting it in deep sleep and disabling its allowed network for extra measures, then it wont ring, wont update store version, wont recive calls, nor messages all while I’m online watching youtube for 2 hrs, then I can enable allow mock location and once online I’ll appear in brussel. btw I all non-rooted Androids can but Apple Users cant do any of that with their phones
Not all of them can disable google play service apps
I would argue you shouldn’t be using those apps in the first place since they all contain proprietary blobs (yes that includes Signal, see Molly-FOSS for a non-blobbed fork).
Molly also includes other useful features like database encryption and UnifiedPush support.
Yes but for me it is a non-starter for legal reasons because screenshots do not work with fingerprint lock turned on. I don’t understand why the user cannot choose to enable this or not like other apps can (including Signal).
Absolutely, my suggestion was just for folks who have apps that still require play services, not everyone can avoid it, but you can minimize usage if you do need them.
Not google services
