Amahl Farouk's GrapheneOS setup

Last updated
Jan 1, 2021
Mobile brand
Google
Mobile model
Pixel 3a
Phone OS
Custom Android ROM
Phone OS version
GrapheneOS (latest stable)
Phone OS Updates status
Automatic updates
App updates
Auto-update on any connection
Phone unlock
Biometric security
    • Fingerprint(s)
Stolen Device Protection
Security & Privacy Apps
LibreAV - real-time “AI” permissions scanner
Auditor app - device integrity monitoring
Hardened Memory Allocator - memory isolation
GOS Android Sandbox hardening - app permissions isolation
GOS Firewall - ability to completely revoke internet access permissions from apps, not just block them
Browser
Vanadium
Password manager
Bitwarden
Authenticator
Aegis
Phone & Caller ID
GrapheneOS Dialer
Messaging
QKSMS+
Signal
Music & Podcasts
None.
Entertainment
Signal
Games
None.
File and Photo backup
Nextcloud client with auto-upload to LAN NAS for Photos and Contacts
Notable changes
1.0
  • Initial config
1.1
1.2
  • Added LibreAV (thanks to @HarborFront)
  • Migrated to Aegis for 2FAs instead of Bitwarden
What I'm looking for?

Looking for maximum feedback.

Amahl Farouk

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
I’ve added LibreAV to the mix. Seems like a decent addon especially since it has no requirement for special permissions. It didn’t find anything for the moment but I guess it’s good in case some apps get updated to weird permissions. (y)

P.S. Also in the process of migrating to a separate 2FA app instead of Bitwarden...convenience can be pricey in this case 🤫
 
  • Like
Reactions: Venustus, Protomartyr, Kongo and 4 others
Amahl Farouk

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
Lenny_Fox said:
Having a coffee break, warming my hands from the cold (in Netherlands) from working outside, wondering why a security oriented Android OS receives the RISK: At Risk label. Xould one of the mods explain?
Click to expand...
Was wondering the same thing. Maybe because I was using Bitwarden for both passwords and 2FA, but I’ve since migrated my accounts to Aegis and am in the process of resetting most of my passwords just in case.
Other than this, the only thing that comes to mind is the whole discussion regarding Play Protect, as I’ve explained in previous post, I think the option “Not applicable” should apply to GOS as well. I’ve also added LibreAV which is pretty much better than what Play Protect seems to ofer anyways.
 
  • Like
  • Applause
Reactions: Venustus, Protomartyr, ForgottenSeer 85179 and 2 others
harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,982
Tag changed! "stop crying like boys ;)" initially, as I pointed in post #13 of this thread, there were some security features disabled or just not filled up, and still, for example, Find my phone is disabled...

About "Play Protect" -> Not Applicable for some Android devices, it's @Jack or @Spawn who must add this new option to the mobile fields config structure :)
 
Last edited:
  • Like
  • HaHa
Reactions: Venustus, Protomartyr, upnorth and 4 others
Amahl Farouk

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
harlan4096 said:
Tag changed! "stop crying like boys ;)" initially, as I pointed in post #13 of this thread, there were some security features disabled or just not filled up, and still, for example, Find my phone is disabled...

About "Play Protect" -> Not Applicable for some Android devices, it's @Jack or @Spawn who must add this new option to the mobile fields config structure :)
Click to expand...
Thanks for the update :D Well, since GrapheneOS doesn't have this feature implemented, I guess I could just add it as an addon to my Nextcloud server and use their app for location tracking. But since I rarely need my phone outdoors, it would pretty much be useless data and an extra liability/vector of attack/tracking that for the moment I don't see the point in enabling.

SecurityNightmares said:
Looks like your setup is now even advanced while my is only complete :
malwaretips.com

SECURE: Complete - SecurityNightmares's Mobile Config 2021

new version of my previous one
malwaretips.com malwaretips.com
Click to expand...
Well, I would imagine that "Complete" implies that it is the max level of security and "Advanced" has some tweaks that still need to be made. For my phone, I guess that would be the "Find my phone" feature. (y)
 
  • Like
Reactions: Venustus, ForgottenSeer 85179, Protomartyr and 2 others
You must log in or register to reply here.

Similar threads

simmerskool
    • +Reputation
    • HaHa
Serious Discussion Nordvpn Threat Protection & setup comment
Replies
14
Views
1,072
VPN and DNS
simmerskool
simmerskool
R
Question Is the Bitwarden Password Manager Extension secure?
Replies
5
Views
875
Web Extensions
rashmi
R
Gandalf_The_Grey
    • Like
    • +Reputation
New Update Microsoft Releases October Optional Update for Windows 11 Versions 23H2 and 22H2
Replies
0
Views
241
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top