GrapheneOS

The GrapheneOS setup and settings guide will help you get started with the most private and secure system in the world. First and foremost the GrapheneOS team has made an amazing guide on how to install it on your phone.After all I will therefore not be copy pasting or reinventing the wheel. Follow Installation own guide.

Initial Setup

To set up your GrapheneOS phone, follow these steps:

  1. Choose Your Language: Select your preferred language and click Next.
  2. Wireless Setup: Click on Setup without Wi-Fi.
  3. Date and Time: Set the time, date, and timezone, then click Next.
  4. Location Services: Uncheck the box for location services and press Next.
  5. Set a PIN: Create a secure PIN for your device.
  6. Fingerprint Setup (Optional): You can set up fingerprint authentication if desired.
  7. Restore Apps & Data: Choose to Skip this step.
  8. Swipe Navigation: Opt for Swipe to navigate your phone if you wish (optional).
  9. Finalize Setup: On the “**You’re all set now!**” screen, click Start.

Upon completing these steps, your GrapheneOS phone will be fully operational. Therefore we will now go directly to settings

Settings

Configuring settings is crucial for maintaining privacy. In GrapheneOS, you have the ability to manage permissions comprehensively:

  1. Go to Settings.
  2. Scroll down to “System” and click on “System update”. (Always keep your phone updated.)
  3. Click on Check for updates to see if there are any updates available.
  4. If updates are available, make sure to update before continuing.

Network Settings

This section allows you to block unwanted content and manage your always-on VPN for enhanced privacy.

  1. Go to Network & internet.
  2. Click on “Private DNS”.
  3. Click on “Private DNS provider hostname”.
  4. Enter your hostname (e.g., 12ab34.dns.nextdns.io).
  5. Click the back arrow at the top left corner.

It’s important to keep NextDNS enabled on your phone for optimal security. You should consider unblocking rather than disabling your custom DNS.

Connected Devices Settings

Control your connected devices for a more secure environment.

  1. Go to “Connected devices”.
  2. Click on “Connection preferences”.
  3. Click on “NFC” and disable it, then go back.
  4. Click on “Connected Cameras” and disable it.
  5. Return to the settings menu.

Security & Privacy Settings

This section is very important as it manages your security and privacy controls:

  1. Go to “Security & privacy”.
  2. Click on “Privacy controls”.
  3. Disable “Camera access”.
  4. Disable “Microphone access”.
  5. Ensure “Show clipboard access” is enabled.
  6. Click “Location” and confirm that “App location permissions” are off.
  7. Click on “Location services” and disable all options.
  8. Return to “Location” > “Privacy controls” > “Security & Privacy”.

Exploit Protection Settings

Ensure maximum protection against vulnerabilities:

  1. Click on “Exploit protection”.
  2. Set “Auto reboot” to 12 hours or less.
  3. Set “USB-C port” to “Charging-only.”
  4. Set “Turn off Wi-Fi automatically” to 1 minute or less.
  5. Set “Turn off Bluetooth automatically” to 1 minute or less.
  6. Set “Native code debugging” to “Block for third-party apps by default.”
  7. Set “WebView JIT” to “Disable for third-party apps by default.”
  8. Set “Dynamic code loading via memory” to “Restrict for third-party apps by default.”
  9. Set “Dynamic code loading via storage” to “Restrict for third-party apps by default.”
  10. Enable “Secure app spawning.”
  11. Return to “Security & privacy”.

I recommend keeping all exploit protection settings enabled, as they play a crucial role in safeguarding your device.

More Security & Privacy Settings

  1. Go to “More security & privacy”.
  2. Disable “Notifications on lock screen.”
  3. Disable “Show media on lock screen.”
  4. Disable “Allow Sensors permission to apps by default.”
  5. Disable “Save screenshot timestamp to EXIF.”
  6. Disable “Automatic exploit protection compatibility mode.”
  7. Return to “Security & privacy.”

Privacy Controls Settings

  • Go to “Privacy controls.”
  • Navigate to “Permission manager.”
  • Scroll down to “Sensors” and click on it.
  • Click each item and disable every option.
  • Go back.
  • Go to network and disable anything that does not need network access. (Only disable things you are sure of.)
Privacy & Security For All!