security123's Pixel 3a Config 2020

[Vasudev]

Are you going to switch to the Pixel 4a or Pixel 4a?

India only has Pixel 4a 4G version which is slated to be available in Oct.

GrapheneOS use AOSP which itself doesn't care about Pixel experience.

The install is very easy: GrapheneOS install documentation
You don't void warranty. Flashing Stock Google ROM is always possible and easy too.

So google docs should be accurate even on Linux and Windows, correct?
So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.
BTW, GrapheneOS docs are precise and thorough.

 

[ForgottenSeer 85179]

So google docs should be accurate even on Linux and Windows, correct?

No idea. I never use Google docs. But their website should work.

So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.

The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has

 

[Vasudev]

No idea. I never use Google docs. But their website should work.


The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has

That's great news! I thought we're unable to re-lock BL on custom ROM! Haha..... Its a developer's dream phone!
Thanks.
BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.

 

[ForgottenSeer 85179]

BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.

GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)

 

[Vasudev]

GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)

Just read about Graphene its basically Stock Android w/o Google GMS and other tracking. A simple phone for maximum security and performance!

 

[ForgottenSeer 85179]

Currently I don't use one of my "Nominated apps" as I don't need it at the moment.
WaveUp also need deep permissions so i recommend "Private Lock" which I would use if new update is released.

 

[SpiderWeb]

Your setup is super fascinating to me. I have watched and read so much about GrapheneOS and I admire anyone who made the switch. I'm too dependent on the Google environment to detach so I did a different approach.

 

[SpiderWeb]

Thread was locked due to unfortunate drama. But I agree with you:

Are Anti-Malware products Uploading Your Private Data?

Given that you’re reading this on IVPN’s website, you probably care about online privacy. And you probably use VPN services to hide your online activity from ISPs. That’s prudent, because ISPs clearly spy on their customers.

www.ivpn.net

https://www.av-comparatives.org/wp-content/uploads/2016/12/avc_datasending_2014_en.pdf

AVs upload private files and information by default. It's the reason why I don't have an AV on my phone since I have other apps and private data there that is obviously not known to the AV vendor so they might upload it. But seeing how these programs demand Device Admin permission, Accessibility which allows them to see everything you see and type, copy and paste, that's extreme.

Kaspersky: “We are always ready to assist national and international law enforcement agencies if they request it.”

ESET: “We may disclose Personal Information and any other information about you if we believe it is reasonably necessary to respond to legal requests (including court orders, subpoenas, government inquiry), to protect the safety, property, or rights of ESET, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.”

No thank you!
-Some of these AVs don't let you opt-out
-Some of these AVs don't make it clear where and WHEN a file gets uploaded
-Some of these AVs don't upload your files with encryption so your files are flying through the Internet unencrypted. Great
-MANY of these AVs store the files on servers that can be compromised
-NONE of these AVs share how long they keep your uploaded files or what efforts are being made to anonymize the data.
-ALL of these AVs will comply with the law of their jurisdictions (China, Russia, EU, US) and hand over anything they know about you and your device

It's crazy that people entrust a third party with admin privileges to their phone when that party could secretly listen to calls, read passwords and wipe the traces of their spying or wipe your entire your phone without your permission. I agree with you, AVs are a security liability and they should be seen with as even more skepticism as any other application if not more.

Edit: Google's Latest Malware Report

Google Transparency Report

transparencyreport.google.com

Android devices infected by potentially harmful applications (PHA): 0.5% for devices with Play store + sideloading enabled, 0.1% for devices with only Play store enabled.

 

[Vasudev]

@security123 Did your P3a get August 5 2020 Patch or just 1 Aug 2020 patch?

 

[ForgottenSeer 85179]

@security123 Did your P3a get August 5 2020 Patch or just 1 Aug 2020 patch?

August 5.
But September update is coming

Anyway GrapheneOS is faster then stock Google with security updates as Google always use rollouts

 

[Vasudev]

August 5.
But September update is coming

Anyway GrapheneOS is faster then stock Google with security updates as Google always use rollouts

Thanks.
***K Nokia aka HMD. I'm done with them. I'm getting crappy battery life, performance and UI glitches. Even SP updates are behind everyone else. Hell, they use older kernel 4.9.186. I'm seriously considering Pixel 4a. I don't want to win benchmark contest and Overclocking competitions but I want a phone that works as advertised. Do you know, I can't use Hello Google since enabling it will disable mic during in-call and I can't hear other person's voice.
Do you mind posting kernel version?

 

[ForgottenSeer 85179]

Do you mind posting kernel version?

Sure. Kernel for my Pixel 3a is:
4.9.210-gc5a1fea4240e
#1 Mon 03 Aug 2020 04:25:01 PM EDT

 

[Vasudev]

Sure. Kernel for my Pixel 3a is:
4.9.210-gc5a1fea4240e
#1 Mon 03 Aug 2020 04:25:01 PM EDT

Damn... You got upstream kernel during March but Nokia released MR update with 4.9.186 inferior modem firmware and all buggy mess!
Thanks for taking time to answer my queries. I think AOSP codebase is good since Google pushes upstream fixes and backports fixes to AOSP.

 

[Ink]

AVs upload private files and information by default. It's the reason why I don't have an AV on my phone

Permissions need to granted by the user for Storage, Contacts etc., before the app can start siphoning all your data.

Guaranteed on a Desktop OS this is far worse, there's no permission based system in place to protect the user - unless you download apps exclusively from the Microsoft Store / Mac App Store.

 

[ForgottenSeer 85179]

Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes

More info:

 

[Vasudev]

Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes

More info:

Nice. I thought GrapheneOS would have taken another 2 months, looks like Developer beta is for developers including app and custom rooted firmware developers too!

 

[ForgottenSeer 85179]

Nice. I thought GrapheneOS would have taken another 2 months

New updates never take this long. But this time bigger changes (by android 11) are necessary, otherwise the updates are available the same day or one day after Google

looks like Developer beta is for developers including app and custom rooted firmware developers too!

It doesn't exist a developer beta. Every build has 2 stages:

1. beta for 1 day
2. stable + public changelog

Also no build include nor use ROOT as ROOT is a big security risk + attack surface.

 

[ForgottenSeer 85179]

Thanks to new GrapheneOS update I now use fully September security updates + Android 11

 

[Cortex]

Most of this thread & others similar are a bit beyond me as haven't used Android for some years being a IOS user but interesting never the less

 

[ForgottenSeer 85179]

Most of this thread & others similar are a bit beyond me as haven't used Android for some years being a IOS user but interesting never the less

iOS is safe as GrapheneOS
Privacy is better on GrapheneOS while comfort is less