Considering GrapheneOS? Quick tour + useful settings
🎥 Video Link
Links referenced for video
- https://grapheneos.org - GrapheneOS
- https://grapheneos.org/features - GrapheneOS Features
- https://grapheneos.org/usage - GrapheneOS Usage
- https://grapheneos.org/faq - GrapheneOS FAQ
- https://attestation.app/ - Auditor App
- https://attestation.app/tutorial#scheduled-remote-verification - Remote attestation setup
- https://grapheneos.org/usage#grapheneos-camera-app GrapheneOS Camera documentation
- https://github.com/GrapheneOS/Camera - GrapheneOS Camera GitHub
GrapheneOS PDF Viewer
- https://grapheneos.org/features#grapheneos-pdf-viewer - GrapheneOS PDF Viewer documentation
- https://github.com/GrapheneOS/PdfViewer - GrapheneOS PDF Viewer GitHub
- https://grapheneos.org/features#vanadium - GrapheneOS Vanadium documentation
- https://github.com/GrapheneOS/Vanadium - GrapheneOS Vanadium GitHub
- https://grapheneos.org/features#auto-reboot - Auto reboot
- https://grapheneos.org/features#attack-surface-reduction - Wi-Fi/Bluetooth timeout
- https://grapheneos.org/features#pin-scrambling - Pin Scrambling
Please excuse any grammatical errors. I used a tool to generate the transcript and haven't had a chance to read through it yet. ✔️
I received a message recently that asked if I ever considered doing a tour of GrapheneOS. This individual was interested in seeing what the operating system was like just after the install before they actually set it up on their own device or purchased one to use it with. I thought it was a great idea, so if that sounds like you, then I think you'll enjoy this video.
Before we start, I do want to mention that the best source for information is always going directly to the source. The GrapheneOS Project does a fantastic job documenting the features, usage, and some commonly asked questions, all of which will be linked down below.
This is a Pixel 6A running the latest version of GrapheneOS. All I've done is go through the initial setup screen, which I talk about in my install video. I've connected to Wi-Fi and I've changed the display to Dark theme to make this video a bit easier to watch.
So, this is the home screen. It might feel a bit barren; it might be a shock at first, especially if you're coming from a stock OS that's bundled with apps. So, we're going to swipe up and go through each app individually in the app drawer.
The first app is called "Apps." This is the official GrapheneOS app repository. It tracks and updates GrapheneOS apps, and it lets you install Google Play services. So, now going back to the app drawer, the next app is the "Auditor" app.
This app uses hardware-based security features to validate the identity of a device, along with the authenticity and integrity of the operating system. It will verify that the device is running the stock operating system with the bootloader locked, and that no tampering with the operating system has occurred. A downgrade to a previous version will also be detected. This is one of those features that doesn't get enough credit.
I really need to do a deep dive on this topic, but I haven't yet. I do use the remote attestation feature and the process for that is documented here. Give this a read-over; it's a very useful feature. Here, we have the calculator app. This is for doing math. This is the AOSP version of the calculator app. Nothing too much else to say about that. This is the official Graphene OS camera app. It's based on Android's camera X Library, and it works well. This is all I use. Following that, we have the clock. This is just the standard AOSP clock app; alarm clock, timer, stopwatch. Next is Contacts. This is the AOSP Contacts app. You can import and store your contacts locally, or you can use an app like Dev X5 to sync your contacts with a cloud service.
Following the Contacts app, we have the Files app. This is another AOSP app; it's simple, but it works well. The main things I do with it are rename screen recordings or copy them to an external USB drive. Besides that, I don't do much else in here. Next, we have the AOSP Gallery app. It's simple, doesn't have a ton of features, but all I use it for is browsing my photos. After that, we have the AOSP messaging app. It works fine for sending and receiving SMS messages. Most of my communication takes place over Signal. SMS is not encrypted, so I would suggest you use something like Signal, which is encrypted and secure, and try to use SMS as little as possible.
Next, we have PDF viewer. This is a simple Android PDF viewer by Graphene OS based on pdf.js and content providers. This app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files, which is pretty cool. The app works well for me, and all the PDFs I've opened on my device have been formatted correctly to read. Following that, we have the AOSP Phone app. Similar to the messaging app, most of my voice communication takes place over Signal, so I don't use this app much, but when I do, it works well.
After that, we have Settings. I'll come back to this shortly, and lastly is Vanadium. Vanadium is the stock Graphene OS browser maintained by the Graphene OS team. It's a privacy and security-enhanced release of Chromium. It also provides the WebView and a standard user-facing browser on the OS. This is the only browser I use on my device, and I'll link a video down below where I talked more about Vanadium and my configuration if you're interested.
Now, back to the Settings app. If you've ever used Android before, then this should look pretty familiar to you. There are a few options that Graphene OS offers that I like to enable. The first is under the Network and Internet. If we select our Wi-Fi network that we're connected to, the network preferences, there's a setting here to turn off Wi-Fi automatically. I like to change this to 10 minutes. This is helpful so that when you leave your home or wherever you're connected to Wi-Fi, your phone is no longer scanning for available Wi-Fi networks or saved networks.
Similar to the auto-off for Wi-Fi, there's a similar setting for Bluetooth. So under connected devices, Bluetooth timeout, I like to set this one to two minutes. And again, I enable this for the same reason I enabled the auto-off for Wi-Fi. It is a minor inconvenience that you need to manually turn on Wi-Fi or Bluetooth when you want to use them, but I think the benefits outweigh the inconvenience that it causes.
Now, the last two settings that I like to enable: the first is auto reboot, which is under security Auto reboot. For me, I like to change this to 12 hours. So what this does is, if your device has not had a successful unlock within the time period specified, your device will automatically reboot. This puts the device fully at rest in a pre-first unlock state, which is the most secure state for your data. This is a useful feature if your device is lost, stolen, or taken.
And now, the last feature I want to mention is on the same page, and that is pin scrambling. This feature does exactly what it says; it scrambles your pin on the lock screen. I find this feature extremely useful in public places. So, if someone is watching me type my PIN code on my screen, they won't be able to tell which numbers I pressed just based on the physical location of my finger.
These settings are all just preference; you don't need to use them. But I will link the relevant documentation down below if you would like to read more about them. So that was my tour of Graphene OS. It was a basic overview, but hopefully, it can give you a bit more confidence in case you are hesitant about installing it. So, if you enjoyed this video, I think you'll like the top one here, and this bottom video was selected for you by the machines at YouTube.