Posted: February 21, 2021

Updated: February 27, 2021

GrapheneOS is a secure, Google-free implementation of Android. I decided to buy a Pixel 4a to use with GrapheneOS.

Initial impressions

This is the Android that I know and love, without the tracking.

The Pixel 4a has an oLED screen, is $100 less than the iPhone SE, still includes a headphone jack, still has a physical fingerprint sensor, and allows me to manage files via Linux (I was never able to put music on my iPhone SE, thanks Apple).

Other benefits of Android include:

• Calendar and weather widgets on my home screen
• App drawer, so I only need one home page
• Eliminate “smart app search” and other things I don’t want from the interface
• Brave Browser supports background video playback via settings
• VLC on Android has much better usability
• It’s relatively free software

I’ve considered using LineageOS in the past, but because you can’t lock the bootloader, it’s inherently insecure.

GrapheneOS on a Pixel 4a allows you to re-lock the bootloader and cryptographically verify the image on boot, which is a huge plus. Combined with the Titan M security chip, this phone is just as secure as an iPhone.

Block ads globally

Adguard provides a free, high-quality DNS adblocking service.

Settings > Network & Internet > Advanced > Private DNS: dns.adguard.com

Apps

The first app I installed on GrapheneOS was F-Droid, an app store for open source software.

From there, I installed Aurora Store, which allows you to install apps from the Google Play store anonymously.

The only limitations of Aurora Store are:

• You can’t use paid apps, unless the developer allows direct licensing outside of the Play store framework
• Some apps which require Google Play services will crash (Taco Bell is the only app I can no longer use)

Other apps I installed from F-Droid:

• Open Camera, a really nice camera app
• DAVx5 to sync calendars and contacts (Google doesn’t support this because they want you to use GCal)
• Geometric Weather
• VLC

Apps installed from Aurora Store:

• Signal
• Bitwarden
• Brave Browser
• Dropbox
• Yeelight
• Google Maps (OsmAnd+ is available on F-Droid but address search doesn’t work…)

File transfers on Linux

New versions of Android support MTP, Media Transfer Protocol.

On Arch, install the gvfs-mtp package. This allows you to open the phone’s filesystem inside file browsers such as nemo

On the phone, do this:

Settings > Connected devices > USB Preferences > USE USB FOR: File Transfer

It seems this option only becomes available when actually connected via USB.

Disable upcoming alarm notifications

Upcoming alarms will still appear on the lock screen.

Settings > Apps & notifications > Clock > Uncheck all but firing alarms

Hide Signal websocket notification

Without Google Play services, Signal needs to open a websocket connection. This keeps a notification running, which you can hide:

Settings > Apps & notifications > Signal > Uncheck 'Other'

Some people report battery issues using websockets - but Google Play service itself uses a websocket connection. This is the only app I use that has notifications, and I haven’t had any issues with battery life at all.

Various other settings

Settings > Apps & notifications > Notifications > Advanced > Do Not Disturb > Schedules
Settings > Display > Night Light > Schedule
Settings > Display > Screen Timeout > 2 minutes

Geometric Weather

Allow location once when starting the app, then deny:

Settings > Apps & notifications > Geometric Weather > Permissions > Location: OFF

In-app settings:

Dark mode: Always dark
Appearance > Interface style: Circular sky # removes big gap at top
Appearance > Displayed cards: to your preference
Appearance > List animation: disabled
Appearance > Item animation: disabled

Bitwarden

Visit the Bitwarden in-app settings and enable autofill.

Conclusion

I’m pretty stoked about this change. I’m finally able to listen to music on my device without paying for a streaming service, and it seems like GrapheneOS will be a reliable, secure OS for years to come.