This video is 16 minutes long, so you may have forgotten about my podcast I mentioned at 00:56. Just in case you made it to the end and thought, 'Wow, I want to hear more of this guy's voice,' you can check it out at intheshellpodcast.com. It's different from this format-it's stories from the tech world that I think are pretty interesting.
Use obtainium where you can(this youtuber has a video showing that), but if you feel a specific app is essential don't worry too much about using the playstroe when you need to. It's better to be imperfect forever than perfect for a month and then giving up.
Congrats on taking the leap! Here's the video @astroid99 mentioned - ua-cam.com/video/JiN37bn0OE8/v-deo.html. But @sbashir9460 and @astroid99 already said what I would have said. Don't complicate yourself when just getting started, it can be a lot to change to a new OS. And “It's better to be imperfect forever than perfect for a month and then giving up.” The official site has some remarkable documentation - grapheneos.org and the forum has a wealth of information - discuss.grapheneos.org.
New Graphene OS user here. I recently sold my iPhone 14 Pro Max on eBay. I bought a brand new non used Google Pixel 8 Pro Phone. Downloaded Graphene OS. I love it. I haven't used Android in years, but I am glad to be back and especially use it my way, not Google's way! Thanks for the video.
Nice! As someone who went from iPhone -> GrapheneOS, the change was a little rough. Apple took the mafia approach and makes it extremely simple to get into their ecosystem, but a massive pain when you want to get out. Glad to hear GrapheneOS has been working so great for you !
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps.
Have you tried that recently? I saw a Reddit post about it and tried it, but it ended up asking my for a phone number. Just to make sure I'm at the same spot. UA-cam → Sign In → Create Account? Also, what is the URL you see? Does URL start with accounts[.]google[.]com?
This was true for the account I'm using now. I created it via UA-cam fully expecting to have to SMS verify and it didn't ask for it. I used a VPN too. This hasn't been true in the past for me though. So maybe there's some luck in it. (I have my content blocker disabled so maybe they're more lenient for the ad viewers.)
I think I created a few Google accounts with a phone number, added a 2FA authenticator app, and then removed the phone number from the account. At one point I had like 8 Google Accounts.
Would really be interessted in your setup for your mobile phone number setup. Here in germany I did not find a good solution on how to handle aomething like that
@@sideofburritoshey did I miss something with the Google account is that only used to install the apps! Ie pattern of life and location tracking type activities those are not used, so they won't aggregate location data with other profiles? What about device identifiers ?
Another way to implement this idea would be to disable Orbot and Google Play Services after initial installations and make a separate profile with Orbot+Google and use that profile for updates. That way you can end session on that profile if wanting to save battery and you get to use non-google services on the Owner profile (like updates for Graphene and Obtanium) unencumbered by the slowness of Tor. This would mean having to re-enable Orbot+Google on Owner for new Play Store apps, but that may be very infrequent depending on the user, so perhaps not inconvenient, although prone to some risk of de-isolation if you forget to re-enable Orbot correctly first.
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
Super useful video - THANKS. Be aware that Google is deleting inactive accounts. Users can prevent their accounts from being deleted by signing in at least once every two years. Activities that count as account usage include sending or reading emails, using Google Drive, watching UA-cam videos, or even searching on Google while signed in
@@sideofburritos been going good I guess but I'm kinda failing since I've had to download Google play services for stuff. Def interested in a video about ditching the sim card and best practices !
Don't sweat it. The toughest thing is out of the way, switching to GrapheneOS. After that, everything else can be done in stages. In the future, maybe next you try experimenting with Installing Play services in a different user profile and only using apps there that require it, and using apps that don't require it in another one. Even if you don't do that, you're still getting a ton of benefits. Check out these pages to see some of the benefits you get grapheneos.org/features grapheneos.org/faq Play services are a regular app on GrapheneOS vs. PixelOS where they are privileged and can access hardware identifiers. So even by using the GrapheneOS implementation of them you're getting a big benefit - grapheneos.org/faq#hardware-identifiers
For the viewers, connecting to Public WiFi via a Linux live USB may help keep Public WiFi attacks from affecting your main OS and will give you a more unique fingerprint when making a Google account. Buying a pre-paid/PAYG SIM card with some data could work too (for countries where SIM cards don't require KYC) if you have a second smartphone, which you can hotspot from and receive SMS to. (Potentially less private, but possibly more available or secure than Public WiFi, depending on circumstances.)
Great video. Im not a pixel owner yet.I just wanted to ask you, have you tried using some kind of authenticator app rather than generating a borrowed phone number? A lot of times I can avoid sms 2FA just using authentication. But I am still an iPhone user so I don’t know if Apple just makes it easier than android. I’ll be on a pixel soon enough. I am a firm believer in the open source philosophy. I been using Linux for years and appreciate free software
Unfortunately, you're forced to use a phone number on the account creation. It's not used for any sort of MFA, just as a way to prevent bots and fraudulent accounts from being registered. After that, you can use an authenticator app.
Wow... I'm the most boring GrapheneOS user there is. 🤣With mine, I removed the email program...and that's it. My Pixel 6A is just a dumb phone that looks like a smart one. Never thought to install MORE apps.🤣I particularly like that in-phone EXIF scrubber. I've been scrubbing the EXIF when I dump the photos to my Linux box. Mahalo for the new (to me, at any rate) ideas!
Haha, I can appreciate the boring simplicity you've kept. On the plus side, you have one of the most secure dumb phones out there (as compared to the phones marked as “dumb phones”.)
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
thanks for the explanation! do you disable the google services in the main profile after installing all desired apps? are there cons to doing this other than losing automatic updates?
You're welcome! No, I don't. I think the benefit of up-to-date apps is > than disabling play services. I currently trust the setup of all traffic over TOR + an anonymous account that I keep it running. That being said, if the option of “install available apps” could be done from a secondary user profile instead of only owner, I would have play store there. Just for the added option to “end session” for the user profile. Then I might try keeping that profile “shutdown” and manually log into it every other day to check for updates.
So you downloaded an app from Google Play Store using an anonymous account via Tor. 1.) Does that mean that you'll also need/want to use it via Tor? 2.) Does an app dowloaded from Play Store have any identifier as to whoever downloaded it? Therefore able to tie/identify that you with that supposed anonymous account? 3.) You mentioned that there's only one instance/copy of an app across Graphene. Can an app installed directly from one profile (with dedicated Play Store, for example) be installed to main and/or other profiles through 'Install available option'?
Droidify is all I use for installing apps. If the app doesn't exist in there, I don't install it. However, I'm not a power user - my phone is just a phone/camera/signal/proton/aegis device.
Looking at buying a used pixel phone to try this out. Some of the used stuff says is unlocked from VZW or t mobile. How can I make sure I am getting a phone unlocked on the carrier it was used on? Thanks.
Check out this clip - ua-cam.com/video/4Ki8xQT6Das/v-deo.html I talk about and show what you need to look for to confirm when buying a used pixel. TL;DR - as long as you have the seller confirm “OEM unlocking” can be enabled, you'll be good to go.
I would really like to learn more about your concerns related to anonymous shared account that are included into Aurora store - you obviously know something, if instead of using it you do those shizzle wizzle movements with buying a number and adding a real google account. Please, tell us more :)
It may be to do with 3rd parties being able to see your Google activity/installed apps, which could add an unnecessary and untrustworthy player in the potential exploitation of your activity data, if you connect to the Aurora Store using identifiable network connections. (Just speculating tho)
Something along the lines of what @PaulYannis-o1p said. You're essentially sharing random Google accounts with strangers. While I can appreciate the idea behind it, something just doesn't sit right with me about it.
Quick question, can one use a separate “installer” profile to install apps and share those apps to other profiles? Since we can’t put owner to sleep, thought this would be slightly better.
No, you can't. “Install available apps” only works from the Owner user profile. If it did work from other user profiles, then I would do it from there, as you mentioned.
No, it creates a VPN configuration on the owner profile, and it's applied to the owner user profile. VPNs only apply to the profile they're running in. I mentioned it here how VPNs work with multiple user profiles - ua-cam.com/video/IAoCfrqxIEg/v-deo.html
Is this OS really private and secure? Using google hardware that could be backdoored sounds counter intuitive. I’m interested in using GrapheneOS but those blatant contradiction at plain sight makes me reluctant to take the plunge.
What if I have an app installed directly (not how you did in this video..pushing apps from the owner profile to secondary)? Won't it be installed twice? I would never install whatsapp so Im a little confused about your security model. I had planned and started installing apps only in the profile where they would be uses...not in owner. I wonder if you have gone over if doing so is a bad idea.
Here's the video on how apps work across multiple user profiles - ua-cam.com/video/E3erRhXPPNY/v-deo.html How you did it is perfectly fine. That's how most people do it that use multiple user profiles, there's nothing wrong with that setup.
I would very much like to hear about your phone number setup. Can you get calls across profiles? I'd also like to hear about how you came to this configuration.
I can get a notification of a call across user profiles, but not take an actual call across profiles. I think the setup will be inconvenient for most people, but it's worked well so far for my use case.
@@roflchopter11 I wish it didn't, but I emailed them a while ago, and it doesn't seem like that will change anytime soon. I tried different apps and providers for days though and nothing was near as functional as mysudo.
accrescent.app/docs/guide/maintenance/updates.html accrescent.app/features#unattended-updates It does. It is possible that the app dev didn't upload the newest version yet. What version does Accrescent show and what version does play store show? It's
Does the automatic app update feature from the Google Play Store work when I'm on my secondary profile, or do I have to switch to my owner profile for the automatic updates to function?
It does. Since the Owner profile is always running updates will be automatically installed in the background. OS updates will also be installed in the background, you'll just need to reboot like you normally would for it to be applied.
Does it make sense to get a Pixel 4a and put Graphene on there? Since its only upgradable to Android 13 I don't even know if Graphene is still an option? I just need a cheap but somewhat secure phone.
No. Being end of life, I would not recommend it. If I were in your situation, I would look for a cheap 6a. It's supported until July 2027 and being an “a” it's pretty affordable. Buying an EOL device is a waste of money.
Yes, it's a VPN connection using the Tor network. Services will see you connecting from the Tor exit node (IP) which then passes the connection to a further 2 nodes (IP) before connecting to the IP address provided by your ISP.
Clearly you missed the point. This isn't for him specifically, but for anyone else who might want this. Also having your phone anonymous like this is still good in many other ways for personal security. He's not hiding from the NSA.
Dang, I didn't think about that. Back to an iPhone. /s Anonymity !== Privacy. It's a choice based on my threat model to share my face. I'm not trying to hide it from the world. It's less of a threat to share it online in a way where I control every frame of the footage, vs. the 29 CCTV cameras your face appeared on when you bought pickles & mayonnaise from the grocery store at 2AM.
Is there a link between his face and the fake account? I didn't see one and I'm sure he would trash it after the video anyway. Is his real name anywhere on this or other pages of his? Rob Braxman makes security and privacy videos and that is not his real name.
Nice, but Google soon on later catch us, they aggregate meta data (Snowden case and book), like location, wifi, phone Id, WiFi id, nearby bluetooth connection etc, this method is good only for illusion privacy, but better that nothing.
Where are they getting the location from and nearby BT when it's restricted from accessing it? Also, apps are prohibited from accessing hardware identifiers on GrapheneOS - grapheneos.org/faq#non-hardware-identifiers Saying this is good for only an illusion of privacy is simply untrue.
@@sideofburritos Yes, wherever I used Tor, the exit nodes appeared as India and Egypt-both countries with notorious records of suppressing free speech.
Next week's video is “How to escape Microsoft” and I'll be demoing how to install Windows 11! /s Bad joke aside, I really didn't want to use “de-googled” in my title. Annoyingly, the SEO juice for "de-googled" is just too good. That's not my goal (nor the goal of GrapheneOS - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle). Using it in a way that, I think, is anonymous and still getting the benefits was my goal.
@@sideofburritos TBH the tech is getting to be a bit much for me. I would go back to a landline if I could. Very happy with Graphene though. You made installation very easy with your video. Thanks. I would love to know more about the "Molly" App if you are looking for video ideas.
@pinoygal6232 I entirely understand that. The only reason I keep testing, experimenting, and sharing, is that I genuinely enjoy the challenge. I do appreciate how simple GrapheneOS is out of the box, it really helps cut down on the normal bloat and BS that stock OS's typically ship with. Thanks for the video suggestion!
What about Neo Store? I would love to see a video of you and another security and privacy creator (like Digital Independent) so you can compare methods and share pros and cons of each.
Problem is, there are so many apps that don't work well without Play Store or Google Play Service. If you go full degoogled Android, you will face more inconvenience to the point you will be better off with a flip phone
No, most apps work perfectly fine without them. The thing that doesn't work is if the app developer uses firebase for notifications, then you need Play Services installed for that. My daily profile has apps installed from the Play Store and I use them daily without Play Services installed on that profile.
@@Redwan777I would argue that you're still better served with graphene than a flip phone because flip phones have series of security and privacy issues.
I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
This video is 16 minutes long, so you may have forgotten about my podcast I mentioned at 00:56. Just in case you made it to the end and thought, 'Wow, I want to hear more of this guy's voice,' you can check it out at intheshellpodcast.com. It's different from this format-it's stories from the tech world that I think are pretty interesting.
New Graphene OS user. Just got my first Pixel (9 pro), and installed Graphene. Trying to figure out how to and which apps to install. Thanks for this.
Definitely check his install video out and follow the advice he gave here to not make it too complicated for yourself.
Use obtainium where you can(this youtuber has a video showing that), but if you feel a specific app is essential don't worry too much about using the playstroe when you need to. It's better to be imperfect forever than perfect for a month and then giving up.
Congrats on taking the leap! Here's the video @astroid99 mentioned - ua-cam.com/video/JiN37bn0OE8/v-deo.html.
But @sbashir9460 and @astroid99 already said what I would have said. Don't complicate yourself when just getting started, it can be a lot to change to a new OS. And “It's better to be imperfect forever than perfect for a month and then giving up.”
The official site has some remarkable documentation - grapheneos.org and the forum has a wealth of information - discuss.grapheneos.org.
@@sideofburritos thankyou, you basically said the same thing to me in a comment I made roughly a year or two ago. And I've appreciated it greatly.
Your videos are so wonderfully informative! Not a lot of extras or slow build-ups. You just get right to it. I really like that.
Thanks for that! I try to make them in a format I would want to watch. I came here for x, I don't need “abcdef” first.
New Graphene OS user here. I recently sold my iPhone 14 Pro Max on eBay. I bought a brand new non used Google Pixel 8 Pro Phone. Downloaded Graphene OS. I love it. I haven't used Android in years, but I am glad to be back and especially use it my way, not Google's way! Thanks for the video.
Nice! As someone who went from iPhone -> GrapheneOS, the change was a little rough. Apple took the mafia approach and makes it extremely simple to get into their ecosystem, but a massive pain when you want to get out. Glad to hear GrapheneOS has been working so great for you !
based
@@TheoParispretty based to leave apple's walled garden.
It's nice to see you again! :D
Thanks! 🤓
Why not using Aurora Store?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps.
I was waiting for this video. Very well done and interesting approach. I may try this method in the future. Appreciate you taking the time to do this.
Thanks, and you're welcome! It's definitely worth a shot to try.
Really happy to see you making videos again!
Glad to be back!
You can create a google account without a phone number if you go to youtube, accounts, create new account. Super convenient
Have you tried that recently? I saw a Reddit post about it and tried it, but it ended up asking my for a phone number. Just to make sure I'm at the same spot. UA-cam → Sign In → Create Account?
Also, what is the URL you see? Does URL start with accounts[.]google[.]com?
I would also like the details on this.
This was true for the account I'm using now. I created it via UA-cam fully expecting to have to SMS verify and it didn't ask for it. I used a VPN too. This hasn't been true in the past for me though. So maybe there's some luck in it.
(I have my content blocker disabled so maybe they're more lenient for the ad viewers.)
I think I created a few Google accounts with a phone number, added a 2FA authenticator app, and then removed the phone number from the account. At one point I had like 8 Google Accounts.
Would really be interessted in your setup for your mobile phone number setup. Here in germany I did not find a good solution on how to handle aomething like that
Noted! Hopefully, it'll give you some ideas of what you can try.
@@sideofburritoshey did I miss something with the Google account is that only used to install the apps! Ie pattern of life and location tracking type activities those are not used, so they won't aggregate location data with other profiles? What about device identifiers ?
Another way to implement this idea would be to disable Orbot and Google Play Services after initial installations and make a separate profile with Orbot+Google and use that profile for updates. That way you can end session on that profile if wanting to save battery and you get to use non-google services on the Owner profile (like updates for Graphene and Obtanium) unencumbered by the slowness of Tor.
This would mean having to re-enable Orbot+Google on Owner for new Play Store apps, but that may be very infrequent depending on the user, so perhaps not inconvenient, although prone to some risk of de-isolation if you forget to re-enable Orbot correctly first.
So what is wrong with Aurora and F-Droid?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
Exactly .. the Aurora store is the best.
Accrecent is based and can't wait till more apps get ported over to it 🗿
First! Thanks man for this really useful video!, I was really looking forward for the app-pushing info!👌🏻
You're welcome! I figured quite a few people were curious about it, so it was about time to get a video together for it.
Always learn something new here! TY!
Super useful video - THANKS. Be aware that Google is deleting inactive accounts. Users can prevent their accounts from being deleted by signing in at least once every two years. Activities that count as account usage include sending or reading emails, using Google Drive, watching UA-cam videos, or even searching on Google while signed in
This can be my reference to my Huawei Tab. Thanks
You're welcome!
Good to get your update! Was wondering where you were!!!!
Just floating around in the ether 🛜
@@sideofburritos Well thank God you are! Was missing you and your impartial and informative content. Make USA Great Again.
I just saw your videos 2 weeks ago and finally installed graphene . Glad to have a recent update about it lol
That's awesome! Congrats on taking the leap, I hope it's going well for you so far.
@@sideofburritos been going good I guess but I'm kinda failing since I've had to download Google play services for stuff. Def interested in a video about ditching the sim card and best practices !
Don't sweat it. The toughest thing is out of the way, switching to GrapheneOS. After that, everything else can be done in stages. In the future, maybe next you try experimenting with Installing Play services in a different user profile and only using apps there that require it, and using apps that don't require it in another one. Even if you don't do that, you're still getting a ton of benefits.
Check out these pages to see some of the benefits you get
grapheneos.org/features
grapheneos.org/faq
Play services are a regular app on GrapheneOS vs. PixelOS where they are privileged and can access hardware identifiers. So even by using the GrapheneOS implementation of them you're getting a big benefit - grapheneos.org/faq#hardware-identifiers
For the viewers, connecting to Public WiFi via a Linux live USB may help keep Public WiFi attacks from affecting your main OS and will give you a more unique fingerprint when making a Google account.
Buying a pre-paid/PAYG SIM card with some data could work too (for countries where SIM cards don't require KYC) if you have a second smartphone, which you can hotspot from and receive SMS to. (Potentially less private, but possibly more available or secure than Public WiFi, depending on circumstances.)
Great video. Im not a pixel owner yet.I just wanted to ask you, have you tried using some kind of authenticator app rather than generating a borrowed phone number? A lot of times I can avoid sms 2FA just using authentication. But I am still an iPhone user so I don’t know if Apple just makes it easier than android. I’ll be on a pixel soon enough. I am a firm believer in the open source philosophy. I been using Linux for years and appreciate free software
Unfortunately, you're forced to use a phone number on the account creation. It's not used for any sort of MFA, just as a way to prevent bots and fraudulent accounts from being registered. After that, you can use an authenticator app.
@@sideofburritos ah okay. Well I tried!
Awesome explanation. Thank you.
You are welcome!
I assume you block internet access on the main profile without VPN (tor)?
Correct. I have the “Block connections without VPN” enabled.
Why not a paid vpn?
Wow... I'm the most boring GrapheneOS user there is. 🤣With mine, I removed the email program...and that's it. My Pixel 6A is just a dumb phone that looks like a smart one. Never thought to install MORE apps.🤣I particularly like that in-phone EXIF scrubber. I've been scrubbing the EXIF when I dump the photos to my Linux box. Mahalo for the new (to me, at any rate) ideas!
Haha, I can appreciate the boring simplicity you've kept. On the plus side, you have one of the most secure dumb phones out there (as compared to the phones marked as “dumb phones”.)
what about F-Droid or Aurora?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
He explained in the video why he doesn't use Aurora. And F-droid is obsolete if you use Obtanium
Fantastic! Thank you!
You're very welcome!
thanks for the explanation! do you disable the google services in the main profile after installing all desired apps? are there cons to doing this other than losing automatic updates?
You're welcome! No, I don't. I think the benefit of up-to-date apps is > than disabling play services. I currently trust the setup of all traffic over TOR + an anonymous account that I keep it running. That being said, if the option of “install available apps” could be done from a secondary user profile instead of only owner, I would have play store there. Just for the added option to “end session” for the user profile. Then I might try keeping that profile “shutdown” and manually log into it every other day to check for updates.
@@sideofburritos gotcha, thanks!
Superb. Thanks
Thanks, you're welcome!
So you downloaded an app from Google Play Store using an anonymous account via Tor.
1.) Does that mean that you'll also need/want to use it via Tor?
2.) Does an app dowloaded from Play Store have any identifier as to whoever downloaded it? Therefore able to tie/identify that you with that supposed anonymous account?
3.) You mentioned that there's only one instance/copy of an app across Graphene. Can an app installed directly from one profile (with dedicated Play Store, for example) be installed to main and/or other profiles through 'Install available option'?
Droidify is all I use for installing apps. If the app doesn't exist in there, I don't install it. However, I'm not a power user - my phone is just a phone/camera/signal/proton/aegis device.
Droid-ify is just a better skin of F-Droid. I like it but I don't think he will include it
Looking at buying a used pixel phone to try this out. Some of the used stuff says is unlocked from VZW or t mobile. How can I make sure I am getting a phone unlocked on the carrier it was used on? Thanks.
Check out this clip - ua-cam.com/video/4Ki8xQT6Das/v-deo.html I talk about and show what you need to look for to confirm when buying a used pixel. TL;DR - as long as you have the seller confirm “OEM unlocking” can be enabled, you'll be good to go.
@@sideofburritos Thank you watching now.
Off Topic: How well does Android Auto work on GraphenOS? Any First Hand experience?
awesome info
Thanks!
I would really like to learn more about your concerns related to anonymous shared account that are included into Aurora store - you obviously know something, if instead of using it you do those shizzle wizzle movements with buying a number and adding a real google account. Please, tell us more :)
It may be to do with 3rd parties being able to see your Google activity/installed apps, which could add an unnecessary and untrustworthy player in the potential exploitation of your activity data, if you connect to the Aurora Store using identifiable network connections.
(Just speculating tho)
Something along the lines of what @PaulYannis-o1p said. You're essentially sharing random Google accounts with strangers. While I can appreciate the idea behind it, something just doesn't sit right with me about it.
Quick question, can one use a separate “installer” profile to install apps and share those apps to other profiles?
Since we can’t put owner to sleep, thought this would be slightly better.
No, you can't. “Install available apps” only works from the Owner user profile. If it did work from other user profiles, then I would do it from there, as you mentioned.
Put it on my P9P today.
Nice! The Pixel 9 seems like a nice device, I was tempted to upgrade.
Good work :). So I also use obtainium but now when I am opening it, I get a warning about the 32 bits.... Is it just for me?
I think what you might be seeing is this - discuss.grapheneos.org/d/14004-phasing-out-32-bit-only-app-support-for-older-devices-too
Is Orbot system-wide? How do you know when Orbot is working on the Play Store? Do you add the app in Orbot?
No, it creates a VPN configuration on the owner profile, and it's applied to the owner user profile. VPNs only apply to the profile they're running in. I mentioned it here how VPNs work with multiple user profiles - ua-cam.com/video/IAoCfrqxIEg/v-deo.html
How do you handle notifications without google services?
The apps I care about work without them (Signal, AntennaPod, ntfy, Calendar, Tasks)
Thanks
You're welcome!
Is this OS really private and secure? Using google hardware that could be backdoored sounds counter intuitive.
I’m interested in using GrapheneOS but those blatant contradiction at plain sight makes me reluctant to take the plunge.
What if I have an app installed directly (not how you did in this video..pushing apps from the owner profile to secondary)?
Won't it be installed twice?
I would never install whatsapp so Im a little confused about your security model.
I had planned and started installing apps only in the profile where they would be uses...not in owner. I wonder if you have gone over if doing so is a bad idea.
I should say, I wasn't able to see the link you mentioned on the topic.
Here's the video on how apps work across multiple user profiles - ua-cam.com/video/E3erRhXPPNY/v-deo.html
How you did it is perfectly fine. That's how most people do it that use multiple user profiles, there's nothing wrong with that setup.
I would very much like to hear about your phone number setup. Can you get calls across profiles? I'd also like to hear about how you came to this configuration.
I can get a notification of a call across user profiles, but not take an actual call across profiles. I think the setup will be inconvenient for most people, but it's worked well so far for my use case.
@@sideofburritos Cool, I was very disappointed that mysudo requires Google Play for notifications.
@@roflchopter11 I wish it didn't, but I emailed them a while ago, and it doesn't seem like that will change anytime soon. I tried different apps and providers for days though and nothing was near as functional as mysudo.
@@sideofburritos big sad. Proton requires GPS, too. Did you find an alternative, or just don't worry about email notifications?
It doesn't appear Accrescent currently does updates. My other play stores have an update for Clipious, but Accrescent does not show the update.
accrescent.app/docs/guide/maintenance/updates.html
accrescent.app/features#unattended-updates
It does. It is possible that the app dev didn't upload the newest version yet. What version does Accrescent show and what version does play store show? It's
Does the automatic app update feature from the Google Play Store work when I'm on my secondary profile, or do I have to switch to my owner profile for the automatic updates to function?
It does. Since the Owner profile is always running updates will be automatically installed in the background. OS updates will also be installed in the background, you'll just need to reboot like you normally would for it to be applied.
shame that the Aurora store stopped working.
yeah, it stops working frequently, but they usually don't take too long to fix it on the backend. Usually a few hours to a few days.
Does it make sense to get a Pixel 4a and put Graphene on there? Since its only upgradable to Android 13 I don't even know if Graphene is still an option?
I just need a cheap but somewhat secure phone.
No. Being end of life, I would not recommend it. If I were in your situation, I would look for a cheap 6a. It's supported until July 2027 and being an “a” it's pretty affordable. Buying an EOL device is a waste of money.
Does Orbot hide your IP ?
Yes, it's a VPN connection using the Tor network. Services will see you connecting from the Tor exit node (IP) which then passes the connection to a further 2 nodes (IP) before connecting to the IP address provided by your ISP.
The whole anonymous thing goes out the window when you plaster your face over the internet
Clearly you missed the point. This isn't for him specifically, but for anyone else who might want this. Also having your phone anonymous like this is still good in many other ways for personal security. He's not hiding from the NSA.
Dang, I didn't think about that. Back to an iPhone. /s
Anonymity !== Privacy. It's a choice based on my threat model to share my face. I'm not trying to hide it from the world. It's less of a threat to share it online in a way where I control every frame of the footage, vs. the 29 CCTV cameras your face appeared on when you bought pickles & mayonnaise from the grocery store at 2AM.
@@dubz5149 Exactly. And, even if I was hiding from the NSA, Snowden shows his face and manages to still pull it off 🤣
@@sideofburritos this guy gets it! 🤣
Is there a link between his face and the fake account? I didn't see one and I'm sure he would trash it after the video anyway.
Is his real name anywhere on this or other pages of his?
Rob Braxman makes security and privacy videos and that is not his real name.
Nice, but Google soon on later catch us, they aggregate meta data (Snowden case and book), like location, wifi, phone Id, WiFi id, nearby bluetooth connection etc, this method is good only for illusion privacy, but better that nothing.
Where are they getting the location from and nearby BT when it's restricted from accessing it? Also, apps are prohibited from accessing hardware identifiers on GrapheneOS - grapheneos.org/faq#non-hardware-identifiers
Saying this is good for only an illusion of privacy is simply untrue.
I’ve decided not to use Tor anymore as my exit nodes have been compromised.
All the exit nodes you used were compromised?
How?
@@sideofburritos Yes, wherever I used Tor, the exit nodes appeared as India and Egypt-both countries with notorious records of suppressing free speech.
@User35003 That is not an indication in any way that the exit nodes were compromised. Have you tried manually selecting the exit in Orbot?
I am surprised you install gapps. :(
"How to degoogle yourself" first thing he installs is google playstore :D
Next week's video is “How to escape Microsoft” and I'll be demoing how to install Windows 11! /s
Bad joke aside, I really didn't want to use “de-googled” in my title. Annoyingly, the SEO juice for "de-googled" is just too good. That's not my goal (nor the goal of GrapheneOS - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle). Using it in a way that, I think, is anonymous and still getting the benefits was my goal.
Too much effort. I'll just live without the paid apps.
-Sure would like to find a free GPS tracker detector though. Anyone know of one?
The Play Store has more than just paid apps. Some users have banking apps on their devices, and those are only on the Play Store.
@@sideofburritos TBH the tech is getting to be a bit much for me. I would go back to a landline if I could. Very happy with Graphene though. You made installation very easy with your video. Thanks.
I would love to know more about the "Molly" App if you are looking for video ideas.
I use AirGuard which is available in the F-droid store
@pinoygal6232 I entirely understand that. The only reason I keep testing, experimenting, and sharing, is that I genuinely enjoy the challenge. I do appreciate how simple GrapheneOS is out of the box, it really helps cut down on the normal bloat and BS that stock OS's typically ship with.
Thanks for the video suggestion!
What about Neo Store? I would love to see a video of you and another security and privacy creator (like Digital Independent) so you can compare methods and share pros and cons of each.
The whole thing about using graphene os is to degoogle your device. Using playstore simply ruins the idea behind the OS.
That's simply not an accurate statement about the project - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle
Problem is, there are so many apps that don't work well without Play Store or Google Play Service. If you go full degoogled Android, you will face more inconvenience to the point you will be better off with a flip phone
No, most apps work perfectly fine without them. The thing that doesn't work is if the app developer uses firebase for notifications, then you need Play Services installed for that. My daily profile has apps installed from the Play Store and I use them daily without Play Services installed on that profile.
@@Redwan777I would argue that you're still better served with graphene than a flip phone because flip phones have series of security and privacy issues.
@roflchopter11 💯
Where F-Droid ? 🦧🦧
I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
F-Droid is pointless if you're already using Obtanium....