Recent changes
Nov 4, 2020
Manufacturer
Google
Manufacturer Model
Pixel 3a
Device priority
Primary device
Mobile OS
Android 11
Software updates
Automatic
Account security
Protected by 2-Step Verification
Screen Lock
Password
Biometric Unlock
  1. Fingerprint(s) / TouchID
Notifications
Hide sensitive information when locked
Google Play Protect
Activated
Find My Phone
Activated
Unknown apps
Allowed via special app access (Android 10 or higher)
Apple AirDrop
Not applicable for Android
SIM card lock
Activated
Real-time protection
Device integrity monitoring + Android internal Sandbox
Periodic scanners
Photos and Files backup
(own) Nextcloud + GrapheneOS internal backup feature, using the same Cloud
File backup schedule
Changes are automatically sync'd to my cloud storage provider
Web browsers
Vanadium
Content filtering
NextDNS (DoT)
Your changelog
4th March: First post
24th March: some Changes: SECURE: Complete - security123's Pixel 3a Config 2020
2th June: June security update, see GrapheneOS releases
5th June: Remove RedReader Reddit app: SECURE: Complete - security123's Pixel 3a Config 2020
8th July: update to July security: SECURE: Complete - security123's Pixel 3a Config 2020
6th August: update to August security
12th September: update to (1st - not 5th) September security update
27th September: update to fully September security update + Android 11
7th October: fully October security updates
4th November: fully November security updates
Nominated apps
PhoneTrack, andOTP

Vasudev

Level 31
Verified
Are you going to switch to the Pixel 4a or Pixel 4a?
India only has Pixel 4a 4G version which is slated to be available in Oct.
GrapheneOS use AOSP which itself doesn't care about Pixel experience.

The install is very easy: GrapheneOS install documentation
You don't void warranty. Flashing Stock Google ROM is always possible and easy too.
So google docs should be accurate even on Linux and Windows, correct?
So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.
BTW, GrapheneOS docs are precise and thorough.
 

security123

Level 27
Verified
So google docs should be accurate even on Linux and Windows, correct?
No idea. I never use Google docs. But their website should work.

So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.
The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has
 

Vasudev

Level 31
Verified
No idea. I never use Google docs. But their website should work.


The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has
That's great news! I thought we're unable to re-lock BL on custom ROM! Haha..... Its a developer's dream phone!
Thanks.
BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.
 

security123

Level 27
Verified
BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.
GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included ;)
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)
 

Vasudev

Level 31
Verified
GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included ;)
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)
Just read about Graphene its basically Stock Android w/o Google GMS and other tracking. A simple phone for maximum security and performance!
 

SpiderWeb

Level 4
Thread was locked due to unfortunate drama. But I agree with you:

AVs upload private files and information by default. It's the reason why I don't have an AV on my phone since I have other apps and private data there that is obviously not known to the AV vendor so they might upload it. But seeing how these programs demand Device Admin permission, Accessibility which allows them to see everything you see and type, copy and paste, that's extreme.
Kaspersky: “We are always ready to assist national and international law enforcement agencies if they request it.”

ESET: “We may disclose Personal Information and any other information about you if we believe it is reasonably necessary to respond to legal requests (including court orders, subpoenas, government inquiry), to protect the safety, property, or rights of ESET, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.”
No thank you!
-Some of these AVs don't let you opt-out
-Some of these AVs don't make it clear where and WHEN a file gets uploaded
-Some of these AVs don't upload your files with encryption so your files are flying through the Internet unencrypted. Great
-MANY of these AVs store the files on servers that can be compromised
-NONE of these AVs share how long they keep your uploaded files or what efforts are being made to anonymize the data.
-ALL of these AVs will comply with the law of their jurisdictions (China, Russia, EU, US) and hand over anything they know about you and your device

It's crazy that people entrust a third party with admin privileges to their phone when that party could secretly listen to calls, read passwords and wipe the traces of their spying or wipe your entire your phone without your permission. I agree with you, AVs are a security liability and they should be seen with as even more skepticism as any other application if not more.

Edit: Google's Latest Malware Report
Android devices infected by potentially harmful applications (PHA): 0.5% for devices with Play store + sideloading enabled, 0.1% for devices with only Play store enabled.
 
Last edited:

Vasudev

Level 31
Verified
August 5.
But September update is coming :)

Anyway GrapheneOS is faster then stock Google with security updates as Google always use rollouts
Thanks.
***K Nokia aka HMD. I'm done with them. I'm getting crappy battery life, performance and UI glitches. Even SP updates are behind everyone else. Hell, they use older kernel 4.9.186. I'm seriously considering Pixel 4a. I don't want to win benchmark contest and Overclocking competitions but I want a phone that works as advertised. Do you know, I can't use Hello Google since enabling it will disable mic during in-call and I can't hear other person's voice.
Do you mind posting kernel version?
 

Spawn

Administrator
Verified
Staff member
AVs upload private files and information by default. It's the reason why I don't have an AV on my phone
Permissions need to granted by the user for Storage, Contacts etc., before the app can start siphoning all your data.

Guaranteed on a Desktop OS this is far worse, there's no permission based system in place to protect the user - unless you download apps exclusively from the Microsoft Store / Mac App Store.
 

security123

Level 27
Verified
Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes (y)

More info:
 

Vasudev

Level 31
Verified
Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes (y)

More info:
Nice. I thought GrapheneOS would have taken another 2 months, looks like Developer beta is for developers including app and custom rooted firmware developers too!
 

security123

Level 27
Verified
Nice. I thought GrapheneOS would have taken another 2 months
New updates never take this long. But this time bigger changes (by android 11) are necessary, otherwise the updates are available the same day or one day after Google


looks like Developer beta is for developers including app and custom rooted firmware developers too!
It doesn't exist a developer beta. Every build has 2 stages:
  1. beta for 1 day
  2. stable + public changelog
Also no build include nor use ROOT as ROOT is a big security risk + attack surface.

;)
 
Top