Recent changes
Nov 4, 2020
Manufacturer
Google
Manufacturer Model
Pixel 3a
Device priority
Primary device
Mobile OS
Android 11
Software updates
Automatic
Account security
Protected by 2-Step Verification
Screen Lock
Password
Biometric Unlock
  1. Fingerprint(s) / TouchID
Notifications
Hide sensitive information when locked
Google Play Protect
Activated
Find My Phone
Activated
Unknown apps
Allowed via special app access (Android 10 or higher)
Apple AirDrop
Not applicable for Android
SIM card lock
Activated
Real-time protection
Device integrity monitoring + Android internal Sandbox
Periodic scanners
Photos and Files backup
(own) Nextcloud + GrapheneOS internal backup feature, using the same Cloud
File backup schedule
Changes are automatically sync'd to my cloud storage provider
Web browsers
Vanadium
Content filtering
NextDNS (DoT)
Your changelog
4th March: First post
24th March: some Changes: SECURE: Complete - security123's Pixel 3a Config 2020
2th June: June security update, see GrapheneOS releases
5th June: Remove RedReader Reddit app: SECURE: Complete - security123's Pixel 3a Config 2020
8th July: update to July security: SECURE: Complete - security123's Pixel 3a Config 2020
6th August: update to August security
12th September: update to (1st - not 5th) September security update
27th September: update to fully September security update + Android 11
7th October: fully October security updates
4th November: fully November security updates
Nominated apps
PhoneTrack, andOTP

security123

Level 27
Verified
That's the combination of your screen lock password? Is it a complex 64 characters with symbols, or 4 words with digits?
6+ pin & fingerprint. Face unlock isn't sadly possible on my Pixel 3a.

But even a 4+ pin is secure enough for years as Titan M chip protects against brute forcing and fingerprint is completely sorted in Titan M so that's not hackable (bug bounty is 1+ million dollar!)
 

Vasudev

Level 31
Verified
Performance is good, reboot is a lot faster then with 10.

Known bugs are only the strange new alarm app from AOSP team (it activate a notification sound 30 minutes before alarm should start) but the alarm app is in rebuilding. Don't know if this is related to Google Android user
I'm waiting for P4a in India release. Will let you know when I'm using GrapheneOS. Will GPay, MS Auth, LP Authneticator work on Graphene?
 

security123

Level 27
Verified
Yes they use GMS. Damn....
But some work without so you need to try. This site can help: techlore-official/plexus

Also it exists alternatives. For example for 2FA you can use andOTP or Aegis from F-Droid or Google Store.
I guess Google Pay need GAPPS but you can't get privacy with it anyway. If you want using a privacy payment alternative to that, only Apple Pay is the solution.


Also:
Thanks to latest GrapheneOS update i use now fully October security updates
 

Vasudev

Level 31
Verified
But some work without so you need to try. This site can help: techlore-official/plexus

Also it exists alternatives. For example for 2FA you can use andOTP or Aegis from F-Droid or Google Store.
I guess Google Pay need GAPPS but you can't get privacy with it anyway. If you want using a privacy payment alternative to that, only Apple Pay is the solution.


Also:
Thanks to latest GrapheneOS update i use now fully October security updates
I think I may need to use Stock OS for a year.
I don't think andOTP and Aegis are listed as compatible authenticator for Amazon, Mega, Gmail and outlook. I think this will take time and it might improve on Android 12+.
I really like custom ROM since they extend the longevity of old phones. I still use 1GB RAM Samsung which is used as backup phone for 2FA in case I don't get locked out of my account.
 

security123

Level 27
Verified
I don't think andOTP and Aegis are listed as compatible authenticator for Amazon, Mega, Gmail and outlook. I think this will take time and it might improve on Android 12+.
andOTP and Aegis works with every OTP standard so it works with them. Only few (Blizzard, Steam for example) use own solutions but even these can be forced to work with both apps.
Their isn't anything which Android itself need change here as it's not Android fault.

I really like custom ROM since they extend the longevity of old phones.
GrapheneOS isn't a custom ROM ;)
 

Vasudev

Level 31
Verified
andOTP and Aegis works with every OTP standard so it works with them. Only few (Blizzard, Steam for example) use own solutions but even these can be forced to work with both apps.
Their isn't anything which Android itself need change here as it's not Android fault.


GrapheneOS isn't a custom ROM ;)
I know GrapheneOS is close to Pixel experience w/o GMS and other hardened security measures.
I did intend to root Pixel and run LineageOS.
 

Vasudev

Level 31
Verified
This is highly not recommend!
Root destroy a lot! important security features like verified boot.
LineageOS make it even worse!

Please read Android | Madaidan's Insecurities
Oh I didn't know that.
Can I trust Pixel Titan M in keeping my device and files secure when using GrapheneOS for Pixel imprint auth? Is it even valid when using GrapheneOS? I think Google Pay and other services will not work. Do you use Youtube vanced? I am using microG and youtube vanced. I still have GMS services installed on stock ROM.
 

security123

Level 27
Verified
Can I trust Pixel Titan M in keeping my device and files secure when using GrapheneOS for Pixel imprint auth?
Yes. You can also check the source code: GrapheneOS source

Is it even valid when using GrapheneOS?
Yes. Here you can read about Titan M: Titan M makes Pixel 3 our most secure phone yet

I think Google Pay and other services will not work.
Apps which require Google Services will not work. Ever: GrapheneOS

Do you use Youtube vanced?
No. I just use their website.

I am using microG and youtube vanced.
microG doesn't increase your privacy in any way as it still use Google services. It only provide a false sense of privacy and increase the attack surface a lot.
 

Vasudev

Level 31
Verified
Yes. You can also check the source code: GrapheneOS source


Yes. Here you can read about Titan M: Titan M makes Pixel 3 our most secure phone yet


Apps which require Google Services will not work. Ever: GrapheneOS


No. I just use their website.


microG doesn't increase your privacy in any way as it still use Google services. It only provide a false sense of privacy and increase the attack surface a lot.
I did check my old rooted phone using Kernel tweaker app. It seems some build properties have debug enabled. Like you said, debug mode increases logging and decrease overall security to 0%.
 
Top