security123's Pixel 3a Config 2020

  • Thread starter ForgottenSeer 85179
  • Start date
Last updated
Dec 10, 2020
Phone brand
Google
Phone model
Pixel 3a
Phone OS
Phone OS updates
Automatic updates
Phone unlock
Biometric security
    • Fingerprint(s)
SIM card lock
Protected by a PIN code
Find my Phone
On
Security & Privacy Apps
Device integrity monitoring + Android internal Sandbox
Browser
Vanadium
File and Photo backup
(own) Nextcloud + GrapheneOS internal backup feature, using the same Cloud
Notable changes
4th March: First post
24th March: some Changes: SECURE: Complete - security123's Pixel 3a Config 2020
2th June: June security update, see GrapheneOS releases
5th June: Remove RedReader Reddit app: SECURE: Complete - security123's Pixel 3a Config 2020
8th July: update to July security: SECURE: Complete - security123's Pixel 3a Config 2020
6th August: update to August security
12th September: update to (1st - not 5th) September security update
27th September: update to fully September security update + Android 11
7th October: fully October security updates
4th November: fully November security updates
10th December: fully December security updates

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Are you going to switch to the Pixel 4a or Pixel 4a?
India only has Pixel 4a 4G version which is slated to be available in Oct.
GrapheneOS use AOSP which itself doesn't care about Pixel experience.

The install is very easy: GrapheneOS install documentation
You don't void warranty. Flashing Stock Google ROM is always possible and easy too.
So google docs should be accurate even on Linux and Windows, correct?
So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.
BTW, GrapheneOS docs are precise and thorough.
 
F

ForgottenSeer 85179

Thread author
So google docs should be accurate even on Linux and Windows, correct?
No idea. I never use Google docs. But their website should work.

So, if you disable OEM unlocking after grapheneOS will it prevent booting of Android 10/11 provided the fastboot flashing lock is engaged? I did have Samsung which didn't boot up after I accidentally disabled OEM unlocking.
The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
No idea. I never use Google docs. But their website should work.


The Pixel phones are the only Android phones which support re-locking the bootloader with non-Stock ROMs. So yes, GrapheneOS work after re-locking which is also important and written in installation guide.

Samsung phones aren't usable that way and also doesn't provide the security and privacy hardening Pixel phones has
That's great news! I thought we're unable to re-lock BL on custom ROM! Haha..... Its a developer's dream phone!
Thanks.
BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.
 
F

ForgottenSeer 85179

Thread author
BTW, Google docs ==> Developer guide for custom ROM and blobs. I'm assume the developer user base on Pixel is huge and not small at xda forums.
GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included ;)
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
GrapheneOS isn't a custom ROM. It's a normal ROM and that's the reason "custom" isn't in the thread titel included ;)
The reason is that GrapheneOS run with re-locked Bootloader and only custom ROMs run without which requires also custom recovery to use system OTA updates.
GrapheneOS don't use or need a custom recovery to do that. Like normal stock ROMs.

GrapheneOS isn't active at XDA forum as only fanboys and non-security-related guys are active.
The only active place is IRC/ Matrix and news are posted on Twitter + Reddit.
In the past Reddit was also the first place for everything but because of maintaining and too much bad Reddit guys, this sadly change/ is in move.

Pixel itself has a big community at Reddit (not GrapheneOS related)
Just read about Graphene its basically Stock Android w/o Google GMS and other tracking. A simple phone for maximum security and performance!
 
F

ForgottenSeer 85179

Thread author
Currently I don't use one of my "Nominated apps" as I don't need it at the moment.
WaveUp also need deep permissions so i recommend "Private Lock" which I would use if new update is released.
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
Thread was locked due to unfortunate drama. But I agree with you:

AVs upload private files and information by default. It's the reason why I don't have an AV on my phone since I have other apps and private data there that is obviously not known to the AV vendor so they might upload it. But seeing how these programs demand Device Admin permission, Accessibility which allows them to see everything you see and type, copy and paste, that's extreme.
Kaspersky: “We are always ready to assist national and international law enforcement agencies if they request it.”

ESET: “We may disclose Personal Information and any other information about you if we believe it is reasonably necessary to respond to legal requests (including court orders, subpoenas, government inquiry), to protect the safety, property, or rights of ESET, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.”
No thank you!
-Some of these AVs don't let you opt-out
-Some of these AVs don't make it clear where and WHEN a file gets uploaded
-Some of these AVs don't upload your files with encryption so your files are flying through the Internet unencrypted. Great
-MANY of these AVs store the files on servers that can be compromised
-NONE of these AVs share how long they keep your uploaded files or what efforts are being made to anonymize the data.
-ALL of these AVs will comply with the law of their jurisdictions (China, Russia, EU, US) and hand over anything they know about you and your device

It's crazy that people entrust a third party with admin privileges to their phone when that party could secretly listen to calls, read passwords and wipe the traces of their spying or wipe your entire your phone without your permission. I agree with you, AVs are a security liability and they should be seen with as even more skepticism as any other application if not more.

Edit: Google's Latest Malware Report
Android devices infected by potentially harmful applications (PHA): 0.5% for devices with Play store + sideloading enabled, 0.1% for devices with only Play store enabled.
 
Last edited:

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
August 5.
But September update is coming :)

Anyway GrapheneOS is faster then stock Google with security updates as Google always use rollouts
Thanks.
***K Nokia aka HMD. I'm done with them. I'm getting crappy battery life, performance and UI glitches. Even SP updates are behind everyone else. Hell, they use older kernel 4.9.186. I'm seriously considering Pixel 4a. I don't want to win benchmark contest and Overclocking competitions but I want a phone that works as advertised. Do you know, I can't use Hello Google since enabling it will disable mic during in-call and I can't hear other person's voice.
Do you mind posting kernel version?
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Sure. Kernel for my Pixel 3a is:
4.9.210-gc5a1fea4240e
#1 Mon 03 Aug 2020 04:25:01 PM EDT
Damn... You got upstream kernel during March but Nokia released MR update with 4.9.186 inferior modem firmware and all buggy mess!
Thanks for taking time to answer my queries. I think AOSP codebase is good since Google pushes upstream fixes and backports fixes to AOSP.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
AVs upload private files and information by default. It's the reason why I don't have an AV on my phone
Permissions need to granted by the user for Storage, Contacts etc., before the app can start siphoning all your data.

Guaranteed on a Desktop OS this is far worse, there's no permission based system in place to protect the user - unless you download apps exclusively from the Microsoft Store / Mac App Store.
 
F

ForgottenSeer 85179

Thread author
Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes (y)

More info:
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Thanks to new GrapheneOS update i got September security updates, but this time not the full "5th" update so only the "1st" September security updates.
This is do to much work for upcoming Android 11 upgrade and some problems, the update was delayed some days which isn't a big deal through.
The upcoming Android 11 upgrade (as this is the last Android 11 GrapheneOS update) will include all September fixes (y)

More info:

Nice. I thought GrapheneOS would have taken another 2 months, looks like Developer beta is for developers including app and custom rooted firmware developers too!
 
F

ForgottenSeer 85179

Thread author
Nice. I thought GrapheneOS would have taken another 2 months
New updates never take this long. But this time bigger changes (by android 11) are necessary, otherwise the updates are available the same day or one day after Google


looks like Developer beta is for developers including app and custom rooted firmware developers too!
It doesn't exist a developer beta. Every build has 2 stages:
  1. beta for 1 day
  2. stable + public changelog
Also no build include nor use ROOT as ROOT is a big security risk + attack surface.

;)
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Most of this thread & others similar are a bit beyond me as haven't used Android for some years being a IOS user but interesting never the less :):)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top