Recent changes
Nov 4, 2020
Manufacturer
Google
Manufacturer Model
Pixel 3a
Device priority
Primary device
Mobile OS
Android 11
Software updates
Automatic
Account security
Protected by 2-Step Verification
Screen Lock
Password
Biometric Unlock
  1. Fingerprint(s) / TouchID
Notifications
Hide sensitive information when locked
Google Play Protect
Activated
Find My Phone
Activated
Unknown apps
Allowed via special app access (Android 10 or higher)
Apple AirDrop
Not applicable for Android
SIM card lock
Activated
Real-time protection
Device integrity monitoring + Android internal Sandbox
Periodic scanners
Photos and Files backup
(own) Nextcloud + GrapheneOS internal backup feature, using the same Cloud
File backup schedule
Changes are automatically sync'd to my cloud storage provider
Web browsers
Vanadium
Content filtering
NextDNS (DoT)
Your changelog
4th March: First post
24th March: some Changes: SECURE: Complete - security123's Pixel 3a Config 2020
2th June: June security update, see GrapheneOS releases
5th June: Remove RedReader Reddit app: SECURE: Complete - security123's Pixel 3a Config 2020
8th July: update to July security: SECURE: Complete - security123's Pixel 3a Config 2020
6th August: update to August security
12th September: update to (1st - not 5th) September security update
27th September: update to fully September security update + Android 11
7th October: fully October security updates
4th November: fully November security updates
Nominated apps
PhoneTrack, andOTP

security123

Level 27
Verified
This is my Pixel 3a with GrapheneOS. (Thread about)

It's up2date with March 2020 security updates from Google.

System updates are not only are downloaded over WiFi. They're enabled over Mobile network too.

As I don't need nor have any Google account (phone run without GAPPS), none of the Google templates here are real for this config.

Find my phone is done with the app "PhoneTrack" which send the data to my own Nextcloud.

Install unknown apps is only allowed for F-Droid and Aurora store (a downloader for apps in Google Playstore).

Developer mode is activated because of a needed (for me) fix for play music over Bluetooth bug - which only disable one Bluetooth setting.

Vanadium is the system internal hardened Chromium browser.

Also phone is protected against theft with the app "WaveUp". Screen got immediately locked.
 

security123

Level 27
Verified
A lot of changes happened:

  • Change "Developer Mode: Enabled" to Disabled. Thanks to new GrapheneOS update
  • Change "Content Filtering for Privacy: BlahDNS (DoT)" to AdGuard DoT for better performance & security
  • "Data Backup (own) Nextcloud" now include the GrapheneOS internal backup feature which backup to my Nextcloud too
  • Also of course i use latest Android security updates (may 2020)
 

Vasudev

Level 31
Verified
Nice. I may opt for 3a or 4a since Nokia actually destroyed the mic and charging speed is reduced to increase battery longevity. It barely touches 7W on wall AC adapter from Nokia. I use wither PC to charge at 7.5W. So, I haven't updated to May update SP.
Its nice to see you can do BL unlock. Graphene OS is no telemetry OS with user being in total control.
 

Vitali Ortzi

Level 20
Verified
Nice. I may opt for 3a or 4a since Nokia actually destroyed the mic and charging speed is reduced to increase battery longevity. It barely touches 7W on wall AC adapter from Nokia. I use wither PC to charge at 7.5W. So, I haven't updated to May update SP.
Its nice to see you can do BL unlock. Graphene OS is no telemetry OS with user being in total control.
It's H_C plus LTSC for Android XD.
 

Vasudev

Level 31
Verified
It's only unlocked once. After installing GrapheneOS, the Bootloader get locked again.
Else it would be a huge security problem and is highly not recommend
HMD included BL unlock and I enabled it and after a update they disabled it entirely! I can't switch from slot A to B or vice-versa in the event of broken patches. Even some of their update broke good battery life and other things as well!
 

security123

Level 27
Verified
Today i replace the Reddit app "RedReader" (from F-Droid) with mobile website and create a shortcut to Desktop.

Little bit different but Reddit doesn't make popups the whole time for not using their App (can be configured in settings), i increase my Android Security (less Attack Surface) and my Privacy as i don't need any longer allowing the App accessing my Account.
 

security123

Level 27
Verified
Any reason for the switch from AdGuard DNS to NextDNS? What are the pros/cons of each?
NextDNS is in many terms better:
they has very good filter and maintain their lists well,
account 2FA is upcomming,
good web interface management,
server from Germany can be used,
nice features like NextDNS first to support blocking of ALL third-party trackers disguised as first-party

To be fair: i never use a AdGuard account.
 

Protomartyr

Level 6
Verified
I'll have to check out NextDNS.

I don't have an AdGuard account either. I'm pretty happy with using AdGuard DNS via Android's private DNS feature. The only downside is AdGuard DNS doesn't handle cosmetic filtering (you have to use the app).

Does NextDNS have that capability?
 

security123

Level 27
Verified
I'll have to check out NextDNS.

I don't have an AdGuard account either. I'm pretty happy with using AdGuard DNS via Android's private DNS feature. The only downside is AdGuard DNS doesn't handle cosmetic filtering (you have to use the app).

Does NextDNS have that capability?
Don't know. I don't use their app as I don't care about cosmetic.
 

Vasudev

Level 31
Verified
Thanks to new GrapheneOS update I run now August security patch level.
Just wanted to ask you, if Graphene uses AOSP and uses Google blobs to make it close to pixel experience or is it entirely different?
How easy it is to flash factory images on Pixel unlike OEMs do I void warranty or is it developer's dream device to try anything and then flashback to factory image during repair process? I want to buy a Pixel and wanted to know the factory image flashing through adb and OEM unlocking? I really want more control over my device unlike my current owned Phone.
 

security123

Level 27
Verified
Just wanted to ask you, if Graphene uses AOSP and uses Google blobs to make it close to pixel experience or is it entirely different?
How easy it is to flash factory images on Pixel unlike OEMs do I void warranty or is it developer's dream device to try anything and then flashback to factory image during repair process? I want to buy a Pixel and wanted to know the factory image flashing through adb and OEM unlocking? I really want more control over my device unlike my current owned Phone.
GrapheneOS use AOSP which itself doesn't care about Pixel experience.

The install is very easy: GrapheneOS install documentation
You don't void warranty. Flashing Stock Google ROM is always possible and easy too.
 
Top