Amahl Farouk's GrapheneOS setup

Last updated
Jan 1, 2021
Phone brand
Google
Phone model
Pixel 3a
Phone OS
Custom
Phone OS version
GrapheneOS (latest stable)
Phone OS updates
Automatic updates
App updates
Automatic, auto-app updates on any connection
Phone unlock
Biometric security
    • Fingerprint(s)
SIM card lock
Protected by a PIN code
Find my Phone
Off (disabled)
Security & Privacy Apps
LibreAV - real-time “AI” permissions scanner
Auditor app - device integrity monitoring
Hardened Memory Allocator - memory isolation
GOS Android Sandbox hardening - app permissions isolation
GOS Firewall - ability to completely revoke internet access permissions from apps, not just block them
Browser
Vanadium
Password manager
Bitwarden
Authenticator
Aegis
Phone & Caller ID
GrapheneOS Dialer
Messaging
QKSMS+
Signal
Music & Podcasts
None.
Entertainment
Signal
Games
None.
File and Photo backup
Nextcloud client with auto-upload to LAN NAS for Photos and Contacts
Notable changes
1.0
  • Initial config
1.1
1.2
  • Added LibreAV (thanks to @HarborFront)
  • Migrated to Aegis for 2FAs instead of Bitwarden
What I'm looking for?

Looking for maximum feedback.

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
I’ve added LibreAV to the mix. Seems like a decent addon especially since it has no requirement for special permissions. It didn’t find anything for the moment but I guess it’s good in case some apps get updated to weird permissions. (y)

P.S. Also in the process of migrating to a separate 2FA app instead of Bitwarden...convenience can be pricey in this case 🤫
 

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
Having a coffee break, warming my hands from the cold (in Netherlands) from working outside, wondering why a security oriented Android OS receives the RISK: At Risk label. Xould one of the mods explain?
Was wondering the same thing. Maybe because I was using Bitwarden for both passwords and 2FA, but I’ve since migrated my accounts to Aegis and am in the process of resetting most of my passwords just in case.
Other than this, the only thing that comes to mind is the whole discussion regarding Play Protect, as I’ve explained in previous post, I think the option “Not applicable” should apply to GOS as well. I’ve also added LibreAV which is pretty much better than what Play Protect seems to ofer anyways.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Tag changed! "stop crying like boys ;)" initially, as I pointed in post #13 of this thread, there were some security features disabled or just not filled up, and still, for example, Find my phone is disabled...

About "Play Protect" -> Not Applicable for some Android devices, it's @Jack or @Spawn who must add this new option to the mobile fields config structure :)
 
Last edited:

Amahl Farouk

Level 1
Thread author
Jan 11, 2021
34
Tag changed! "stop crying like boys ;)" initially, as I pointed in post #13 of this thread, there were some security features disabled or just not filled up, and still, for example, Find my phone is disabled...

About "Play Protect" -> Not Applicable for some Android devices, it's @Jack or @Spawn who must add this new option to the mobile fields config structure :)
Thanks for the update :D Well, since GrapheneOS doesn't have this feature implemented, I guess I could just add it as an addon to my Nextcloud server and use their app for location tracking. But since I rarely need my phone outdoors, it would pretty much be useless data and an extra liability/vector of attack/tracking that for the moment I don't see the point in enabling.

Looks like your setup is now even advanced while my is only complete :
Well, I would imagine that "Complete" implies that it is the max level of security and "Advanced" has some tweaks that still need to be made. For my phone, I guess that would be the "Find my phone" feature. (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top