security123's Pixel 3a Config 2020

  • Thread starter ForgottenSeer 85179
  • Start date
Last updated
Dec 10, 2020
Mobile brand
Google
Mobile model
Pixel 3a
Phone OS
Phone OS Updates status
Automatic updates
Phone unlock
Biometric security
    • Fingerprint(s)
Stolen Device Protection
Security & Privacy Apps
Device integrity monitoring + Android internal Sandbox
Browser
Vanadium
File and Photo backup
(own) Nextcloud + GrapheneOS internal backup feature, using the same Cloud
Notable changes
4th March: First post
24th March: some Changes: SECURE: Complete - security123's Pixel 3a Config 2020
2th June: June security update, see GrapheneOS releases
5th June: Remove RedReader Reddit app: SECURE: Complete - security123's Pixel 3a Config 2020
8th July: update to July security: SECURE: Complete - security123's Pixel 3a Config 2020
6th August: update to August security
12th September: update to (1st - not 5th) September security update
27th September: update to fully September security update + Android 11
7th October: fully October security updates
4th November: fully November security updates
10th December: fully December security updates
F

ForgottenSeer 85179

Thread author
This is my Pixel 3a with GrapheneOS. (Thread about)

It's up2date with March 2020 security updates from Google.

System updates are not only are downloaded over WiFi. They're enabled over Mobile network too.

As I don't need nor have any Google account (phone run without GAPPS), none of the Google templates here are real for this config.

Find my phone is done with the app "PhoneTrack" which send the data to my own Nextcloud.

Install unknown apps is only allowed for F-Droid and Aurora store (a downloader for apps in Google Playstore).

Developer mode is activated because of a needed (for me) fix for play music over Bluetooth bug - which only disable one Bluetooth setting.

Vanadium is the system internal hardened Chromium browser.

Also phone is protected against theft with the app "WaveUp". Screen got immediately locked.
 
F

ForgottenSeer 85179

Thread author
A lot of changes happened:

  • Change "Developer Mode: Enabled" to Disabled. Thanks to new GrapheneOS update
  • Change "Content Filtering for Privacy: BlahDNS (DoT)" to AdGuard DoT for better performance & security
  • "Data Backup (own) Nextcloud" now include the GrapheneOS internal backup feature which backup to my Nextcloud too
  • Also of course i use latest Android security updates (may 2020)
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,250
Nice. I may opt for 3a or 4a since Nokia actually destroyed the mic and charging speed is reduced to increase battery longevity. It barely touches 7W on wall AC adapter from Nokia. I use wither PC to charge at 7.5W. So, I haven't updated to May update SP.
Its nice to see you can do BL unlock. Graphene OS is no telemetry OS with user being in total control.
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
Nice. I may opt for 3a or 4a since Nokia actually destroyed the mic and charging speed is reduced to increase battery longevity. It barely touches 7W on wall AC adapter from Nokia. I use wither PC to charge at 7.5W. So, I haven't updated to May update SP.
Its nice to see you can do BL unlock. Graphene OS is no telemetry OS with user being in total control.
It's H_C plus LTSC for Android XD.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,250
It's only unlocked once. After installing GrapheneOS, the Bootloader get locked again.
Else it would be a huge security problem and is highly not recommend
HMD included BL unlock and I enabled it and after a update they disabled it entirely! I can't switch from slot A to B or vice-versa in the event of broken patches. Even some of their update broke good battery life and other things as well!
 
F

ForgottenSeer 85179

Thread author
Today i replace the Reddit app "RedReader" (from F-Droid) with mobile website and create a shortcut to Desktop.

Little bit different but Reddit doesn't make popups the whole time for not using their App (can be configured in settings), i increase my Android Security (less Attack Surface) and my Privacy as i don't need any longer allowing the App accessing my Account.
 
F

ForgottenSeer 85179

Thread author

Protomartyr

Level 7
Sep 23, 2019
314
I'll have to check out NextDNS.

I don't have an AdGuard account either. I'm pretty happy with using AdGuard DNS via Android's private DNS feature. The only downside is AdGuard DNS doesn't handle cosmetic filtering (you have to use the app).

Does NextDNS have that capability?
 
F

ForgottenSeer 85179

Thread author
I'll have to check out NextDNS.

I don't have an AdGuard account either. I'm pretty happy with using AdGuard DNS via Android's private DNS feature. The only downside is AdGuard DNS doesn't handle cosmetic filtering (you have to use the app).

Does NextDNS have that capability?
Don't know. I don't use their app as I don't care about cosmetic.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,250
Thanks to new GrapheneOS update I run now August security patch level.
Just wanted to ask you, if Graphene uses AOSP and uses Google blobs to make it close to pixel experience or is it entirely different?
How easy it is to flash factory images on Pixel unlike OEMs do I void warranty or is it developer's dream device to try anything and then flashback to factory image during repair process? I want to buy a Pixel and wanted to know the factory image flashing through adb and OEM unlocking? I really want more control over my device unlike my current owned Phone.
 
F

ForgottenSeer 85179

Thread author
Just wanted to ask you, if Graphene uses AOSP and uses Google blobs to make it close to pixel experience or is it entirely different?
How easy it is to flash factory images on Pixel unlike OEMs do I void warranty or is it developer's dream device to try anything and then flashback to factory image during repair process? I want to buy a Pixel and wanted to know the factory image flashing through adb and OEM unlocking? I really want more control over my device unlike my current owned Phone.
GrapheneOS use AOSP which itself doesn't care about Pixel experience.

The install is very easy: GrapheneOS install documentation
You don't void warranty. Flashing Stock Google ROM is always possible and easy too.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top