GrapheneOS

First and foremost the GrapheneOS team has made an amazing guide on how to install GrapheneOS on your phone. Therefore I will not be copy pasting or reinventing the wheel. Follow GrapheneOS’ own guide

What we know is that GrapheneOS is the most private and secure operating system you can have on your phone. GrapheneOS is Android well, it looks like Android. After all Android under the hood is vastly different from GrapheneOS. 

We don’t need to get into technical details but GrapheneOS is easy to install because all you have to do is follow the above guide. The phone has to be a pixel phone (ironically). And as a result, when you are done with the initial setup, you are presented with a welcome screen. When you see that welcome screen, do the following.

         Initial Setup

          • Pick your language and click on next.
          • Click on “Setup without Wi-Fi”.
          • Set the time, date and timezone and click on next.
          • Uncheck location services and press next.
          • Set a PIN.
          • Set up at fingerprint (Optional).
          • Skip “Restore apps & data”.
          • “Swipe to navigate your phone” is optional.
          • On the “You’re all set now!” screen, click on Start.

After this you now have a fully functioning GrapheneOS phone. I usually do all the offline things first. I believe that this is the safest and most private way to do things as things. Settings are next

        Settings

          • Go to settings.
          • Scroll down to “System” and click on “System update”. (Always keep your phone updated).
          • Click on Check for updates.
          • Verify if there are any updates.
          • — If there are any updates, then update before continuing.

        Network Settings

          • Go to Network & internet.
          • Click on “Private DNS”.
          • Click on “Private DNS provider hostname”.
          • Enter your host name. (Example: 12ab34.dns.nextdns.io).
          • Click on the back arrow at the top left corner.

          (Always keep NextDNS on on your phone, you should sooner unblock things than disable your custom DNS)

        Connected Devices

          • Go to “Connected devices”.
          • Click on “Connection preferences”.
          • Click on “NFC” and disable it, then go back.
          • Click on “Connected Cameras” and disable it.
          • Go back to the settings menu.

        Security & Privacy

          • Go to “Security & privacy”.
          • Click on “Privacy controls”.
          • Disable “Camera access”.
          • Disable “Microphone access”.
          • Verify that “Show clipboard access” is on.
          • Click “Location” and verify that “App location permissions” are off.
          • Click “Location services” and click and disable all options.
          • Go back to “Location” > “Privacy controls” > “Security & Privacy”.

        Exploit Protection

          • Click on “Exploit protection”.
          • Set “Auto reboot” to 12 hours or less.
          • Set “USB-C port” to “Charging-only”.
          • Set “Turn off Wi-Fi automatically” to a minute or less.
          • Set “Turn off Bluetooth automatically” to a minute or less.
          • Set “Native code debugging” to “Block for third-party apps by default”.
          • Set “WebView JIT” to “Disable for third-party apps by default”.
          • Set “Dynamic code loading via memory” to “Restrict for third-party apps by default”.
          • Set “Dynamic code loading via storage” to “Restrict for third-party apps by default”.
          • Enable “Secure app spawning”.
          • Go back to “Security & privacy”.

I keep all exploit protections on at all times because there is a reason that it’s there. I’d rather not use an app than compromise my phone’s security.

        More Security & Privacy

          • Go to “More security & privacy”.
          • Disable “Notifications on lock screen”.
          • Disable “Show media on lock screen”.
          • Disable “Allow Sensors permission to apps by default”.
          • Disable “Save screenshot timestamp to EXIF”.
          • Disable “Automatic exploit protection compatibility mode”.
          • Go back to “Security & privacy”.

        Privacy Controls

          • Go to “Privacy controls”.
          • Go to “Permission manager”.
          • Scroll down to “Sensors” and click on it.
          • Click each and disable every item.
          • Go back.
          • Go to network and disable anything that does not need network. (Only disable things you are sure of).

        My Network Permissions Leftovers List:

          • Accrescent
          • Ad Privacy
          • App Store
          • com.android.imsserviceentitlement
          • com.android.sdksandbox
          • Droid-ify
          • ImsService
          • Intent Filter Verification Service
          • Network Location
          • NextDNS Manager
          • OsuLogin
          • Proton VPN
          • ProxyHandler
          • RcsService
          • Signal
          • SimpleX
          • System Updater
          • Vanadium
          • Vanadium Webview

Notification Center

This is my notification center on my phone. You will notice the brightness is at half, which of course is to preserve battery.

1st row consists of microphone access, camera access, bluetooth and wifi.
2nd row consists of flight mode, location, screen rotation, security center.
3rd row consists of Proton VPN and Hotspot
4th row consists of Flashlight and QR scanner.

The red text are things that should be disabled altogether when you are not using them which is why only my Wi-Fi is on. It is because I am currently using it. I basically always without 2nd thought disable microphone and camera. The location tile is evidently only there to verify the location services are off. That’s because I never actually use location services. The reason is that if you can navigate a map without a dot on it. 

On a side note about QR-codes. If you travel and the ticket has a QR-code, make a screenshot so no other data will be exposed to cameras. A QR-code only need itself to work so it’s very wise to make sure that its screenshotted.

After location I got screen rotation which I rarely use but it is nice to have. I only have the security center because it looks cool. I usually just use the center while I am in privacy settings anyways.

As for the proton tile, its not on because my Wi-Fi is running ProtonVPN itself. Do not run double VPN systems.

The Hotspot, I sometimes use when my Wi-Fi is down and I have also been using it while traveling.

The last row is not something I really want to explain, those are tools, I don’t actually use the QR scanner much. Don’t scan random QR codes, it will give you virus! On a side note about QR-codes. If you travel and the ticket has a QR-code, make a screenshot so no other data will be exposed to cameras. A QR-code only need itself to work so it’s very wise to make sure that its screenshotted.


Return To Home

Nullvoided.com