I have not any prior experience with installing custom ROMs, but after trying it out (and getting stuck, and googling and finding answers) I successfully did it. Below is my home screen if anybody is curious:

I use OpenBoard for my keyboard. Unfortunately I am still dependent on Play Store since some of the apps I need can only be found there. Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private; then I think this is better than using a regular iPhone or Android phone.

So far I’m liking it. I am naturally inclined to feel hesitant about using this as my main phone and plugging in a SIM since it’s custom, but I’m slowly making the transition.

Feel free to share any beginners advice or your own experience using GOS for the first time. Cheers!

  • @[email protected]
    link
    fedilink
    91
    edit-2
    5 months ago

    OpenBoard is no longer maintained. Heliboard is a good alternative.

    I think Google Play on Graphene is a good compromise, since at least it does not have root access. Unfortunately it is very crippling to completely avoid Google on Android.

    That being said, I heard others are using work profiles to isolate all apps using Google Play from their more private apps. I’m not doing that, but work profiles are nice for … well work apps.

      • JGrffn
        link
        fedilink
        55 months ago

        As someone who has a profile only for Whatsapp (used to also be Instagram), a profile for banking & finances, a profile for some stuff that needs play services, and a profile for most other stuff (main profile)…don’t use profiles unless you’re only creating one more at the most, and you’re absolutely certain there’s no need to share information between the profiles.

        Graphene has had a long-standing bug from upstream AOSP, if I recall correctly, where it’ll always ask for your pin when changing profiles, and only sometimes will it allow you to use your fingerprint or alternative methods to get into your profiles. I almost never get the fingerprint option for my main profile, and have to tap back from the pin input on other profiles to get the option to use fingerprint, and not always. They do sometimes push something that loosely resembles a fix, but it’ll go back to not working after another update.

        Regarding communicating between profiles, that’s hard to pull off. The curveball of having to send screenshots from banking apps, say, confirming transactions, it’s made a lot worse with profiles. I’m currently relying on my nextcloud instance to upload screenshots from finances, then downloading those screenshots from nextcloud into my WhatsApp profile, just to send a proof of transfer to someone. I’m definitely not keeping my phone like this for much longer.

        All else considered, however, I’m not going back to a ROM that doesn’t respect me as the owner of my device. I’m happy to have switched to graphene and I am here to stay.

        • Wild BillOP
          link
          fedilink
          2
          edit-2
          5 months ago

          Thank you for sharing this. Honestly, right now, I simply don’t feel a need to use profiles for my apps. I understand some people claim I probably should considering I use both FOSS and Google apps, but I’m just getting started with this whole privacy thing and I don’t feel like rushing. Using only one profile probably isn’t the absolute worst thing you could do, eh?

        • @[email protected]
          link
          fedilink
          15 months ago

          I was wondering about that. Seems like 90% of the time it flashes the finger print reader then fails and goes back to pin. Also 75% of the time can’t read my fingerprint reader when just unlocking but that’s not a grapheneos issue… :(

    • @[email protected]
      link
      fedilink
      45 months ago

      I’m using a work profile for Google Play. It was surprisingly easy to setup and there are few guides around. But basically you install Shelter, then clone Apps to the work profile. Open up Apps on the work profile and install google play services normally.

    • @[email protected]
      link
      fedilink
      45 months ago

      Unfortunately it is very crippling to completely avoid Google on Android.

      Tbh if you don’t do mobile gaming, I think this is entirely doable. I say this as someone who uses Aurora Store for about 3 or 4 odd apps. I could live without them on my phone, but I just choose not to for the convenience of having a mobile client for some proprietary services I use. And I don’t have Google Play services at all.

    • SeekPie
      link
      fedilink
      15 months ago

      To install apps from the Play Store you could maybe look at Aurora Store?

      • @[email protected]
        link
        fedilink
        125 months ago

        I was referring to features, like adding money to your account. Not that they are needed in aurora.

      • @[email protected]
        link
        fedilink
        65 months ago

        Some apps are not available in my Google store due to geoblocking. Can aurora circumvent this? Or is it a front end of the “local” google play store?

        • @[email protected]
          link
          fedilink
          55 months ago

          A reputable VPN can block this. I’m not sure if the store can solely. I don’t believe so. If your blocked for any reason you need a good VPN. ****

          • @[email protected]
            link
            fedilink
            25 months ago

            You are correct, re-loading the aurora store after shifting my vpn to the target country (and anonymous login) seems to change the aurora storefront too :)

      • @[email protected]
        link
        fedilink
        35 months ago

        Nah, I prefer F-droid wherever I can. The mentioning when an app has anti-features is so helpful.

        But Aurora is a great second option.

  • @[email protected]
    link
    fedilink
    English
    335 months ago

    Every step you take towards a more private digital life is essential. I mean you have to start somewhere right? And the phone is in my opinion the biggest privacy thread out there. I am not on GrapheneOS but I’m considering switching soon.

    • @[email protected]
      link
      fedilink
      265 months ago

      I switched over a year ago and have no regrets. It does everything I want (including android auto now) and gives me at least a little but more privacy than a stock android image.

      The more people who use it the more impetus there is to further develop it.

      Give it a go! Its a great.

  • @g1ya777
    link
    235 months ago

    I just keep Play store installed with all permissions disabled, including network, and use Aurora store instead.

    • Wild BillOP
      link
      fedilink
      105 months ago

      What is the main difference between using Play Store and Aurora store (logged in with your Google account)?

        • Wild BillOP
          link
          fedilink
          75 months ago

          I’m more curious about the privacy aspect of using Aurora over Play, especially considering since I will be logged into my G account.

          • @[email protected]
            link
            fedilink
            125 months ago

            When starting Aurora, you can choose between an anonymous account or your own. You can still use the anonymous option even if you are logged in to other services with google. If you go logged on anyways, I guess Google will not know your every tap with Aurora? I would think logged in, google play store and aurora would be comparable (not private).

            • Wild BillOP
              link
              fedilink
              55 months ago

              Do you know if it’s safe to download banking apps from third party stores (in this case Aurora)?

                • Wild BillOP
                  link
                  fedilink
                  55 months ago

                  I have heard Aurora is more insecure and you can risk getting your Google account blacklisted or banned using it. Do you have any experience with this or know how common it is?

            • Wild BillOP
              link
              fedilink
              25 months ago

              Excuse my ignorance, but why not use your own G account?

              • @[email protected]
                link
                fedilink
                2
                edit-2
                5 months ago

                By not using your own g account I meant not using account that is assigned to your identity or account that you use for official things.

                Unless you have some purchases on there and you want to use these, but you shouldnt use your own account for that in the first place.

      • @[email protected]
        link
        fedilink
        10
        edit-2
        5 months ago

        Aurora is a foss wrapper with fewer anti-features like ads. You could trust the client more ig if you’re using Aurora. I use F-Droid for most things and then Aurora for like 3 apps I’m not willing to give up and have no foss alternatives. I mostly just use Aurora out of principle for the apps I can’t get from F-Droid, but also I guess out of a lack of trust for Google (which I suppose is related to the principle of not using proprietary software anyway)

  • @[email protected]
    link
    fedilink
    English
    195 months ago

    Even if apps you use depend on play store one of the things you can do on GrapheneOS is temporarily disable it and only turn it back on when apps refuse to run, another option is just keeping those apps in a separate work profile.

    • @answersplease77
      link
      15 months ago

      all android phones can temporarily disable an app until you turn it back on.

          • Andromxda 🇺🇦🇵🇸🇹🇼
            link
            fedilink
            English
            05 months ago

            Sure you can do it through adb, but Graphene exposes this option in the settings. They also recommend against enabling developer settings and using adb for security reasons.

        • @answersplease77
          link
          1
          edit-2
          5 months ago

          yes also including uaer apps: for example I can disable whatsapp by putting it in deep sleep and disabling its allowed network for extra measures, then it wont ring, wont update store version, wont recive calls, nor messages all while I’m online watching youtube for 2 hrs, then I can enable allow mock location and once online I’ll appear in brussel. btw I all non-rooted Androids can but Apple Users cant do any of that with their phones

        • @[email protected]
          link
          fedilink
          2
          edit-2
          5 months ago

          I would argue you shouldn’t be using those apps in the first place since they all contain proprietary blobs (yes that includes Signal, see Molly-FOSS for a non-blobbed fork).

  • @[email protected]
    link
    fedilink
    155 months ago

    Aurora store and F-droid will be your besties, you don’t need play store unless you have purchased something.

  • @[email protected]
    link
    fedilink
    15
    edit-2
    5 months ago

    Check out Heliboard (also on F-Droid) and follow the instructions to enable gesture typing. I also suggest Futo for on-device voice to text.

    What specific apps are you using that you can’t deal going away from? Other than some social media or gamr or something. Even then it seems like there are replacements a lot of the time

  • @[email protected]
    link
    fedilink
    155 months ago

    Sometimes it feels meaningless committing to this whole thing because I’m not perfectly private

    every small change matters

  • @[email protected]
    link
    fedilink
    English
    13
    edit-2
    5 months ago

    I’d love to try out GrapheneOS (or another OS), but I can’t afford a second phone, and there’s no way I’m gonna dive head-first into something entirely unfamiliar to me when it’s my only method for telephony.

    • @[email protected]
      link
      fedilink
      165 months ago

      It does function just like any other phone so far I’ve tested. No app that simply doesn’t work. And if it doesn’t, you can simply exploit the GOS hardening in settings to improve compatibility. You overall have more control over any app, which I like

      • K4mpfie
        link
        fedilink
        3
        edit-2
        5 months ago

        One of my biggest concern is banking apps not working. Is that still an issue with Custom ROMs? Edit: Nevermind, answerd below

        • @[email protected]
          link
          fedilink
          45 months ago

          I can add that ive also had 100% success with that setting, but I’ve only needed it 2 or 3 times.

    • Mike D.
      link
      fedilink
      55 months ago

      I feel the same. If I try to install a different ROM and it falls I could be without a phone for a bit.

    • Ironically it was when the stock android upgrade on my pixel 7 completely bricked my phone (due to the multiple user profiles bug) that I decided to jump in to Graphene head first.

      Compared to my experience running random ROMs on Samsungs back in the era of galaxy note 1 to 4, Graphene installer was so easy!

    • @[email protected]
      link
      fedilink
      35 months ago

      It is really similar to stock android in terms of functionality. It’s just degoogled and hardened. It’s designed to be user-friendly and not for tech-savvy people (though tech-savvy-friendly—which is part of being user-friendly imo). I promise you you can use it out of the box once installed just like a stock android install. The only thing to be aware of is to install some kind of package manager like fdroid or aurora store, or even grapheneos’s unprivileged google play store, to get apps, unless you just want to use the stock apps it comes with i guess in which case you probably shouldn’t waste money on a smartphone.

        • @[email protected]
          link
          fedilink
          25 months ago

          Yes, only Pixels are officially supported. If you want to add support for other devices, it’s a foss project and you’re welcome to write the code yourself. For other devices there are other degoogled OSes you can use. Graphene is generally considered the most secure but if you have another phone you can install one of the other AOSP forks or turn it into a linux phone or something

  • @[email protected]
    link
    fedilink
    13
    edit-2
    5 months ago

    http://futo.org/keyboard

    Been using that for a few days now, I’ll never go back to AOSP, gboard, heli, nor anything else. Saw a video of who I think is the head of futo, giving a no fucks given presentation, says he’s tired of non google keyboards that make it feel like your typing drunk. Website has a QR code to add the Futo repo to fdroid, ez pz.

  • @[email protected]
    link
    fedilink
    English
    135 months ago

    Don’t forget to change your DNS provider to something such as NextDNS for added benefits

      • 0^2
        link
        fedilink
        75 months ago

        You aren’t always home, therefore when you aren’t home it’s useful.

        • @[email protected]
          link
          fedilink
          45 months ago

          I have not yet looked into the DNS topic. What are the risks if I use the provider’s default DNS? Or what are the advantages of using a different DNS?

          • @[email protected]
            link
            fedilink
            45 months ago

            ISP DNS servers often lies, depending on your country, a lot do DNS blocking so it’s a way to evade basic censorship. Also some alternative DNS can lie in useful ways, for adblocking or malware protection. You can also check mullvad DNS.

            • Andromxda 🇺🇦🇵🇸🇹🇼
              link
              fedilink
              English
              25 months ago

              NextDNS even let’s you customize your DNS filter. You can choose which blocklists you want to use, and you can manually whitelist/blacklist individual domains. It also has other cool features like parental controls and malware protection.

        • Hellmo_luciferrari
          link
          fedilink
          English
          35 months ago

          You can still use PiHole as your DNS when not home if you setup a VPN. For me that was the route I went.

          • voxel
            link
            fedilink
            2
            edit-2
            5 months ago

            or you can allow public authenticated access to dns over https… (just don’t expose the raw udp dns server, it’s a really bad idea)
            (not sure if DoT can also support auth, but if it does that’s great because android supports dot natively)

            • Hellmo_luciferrari
              link
              fedilink
              English
              1
              edit-2
              5 months ago

              I know I don’t want to open up any more ports than I have to, but you’re right, that does sound like another alternative to setting up VPN.

              Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don’t want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.

              Edit: how would I go about that if I felt so inclined? Any tips?

      • Andromxda 🇺🇦🇵🇸🇹🇼
        link
        fedilink
        English
        65 months ago

        It also works when using cellular data or connecting to a different Wi-Fi network. Your Pi-Hole only works when you’re at home or when you VPN into your home network

        • @[email protected]
          link
          fedilink
          25 months ago

          Fair. I always assumed I could just point to it while I’m out, but i also haven’t put a lot of thought into it yet lol

          • Andromxda 🇺🇦🇵🇸🇹🇼
            link
            fedilink
            English
            15 months ago

            I mean you technically could expose the Pi-Hole from your home network on the internet, but I don’t recommend it. A VPN (either a simple WireGuard setup or something more fancy like NetBird, ZeroTier or Tailscale) could work, but I think NextDNS is the easier solution. Alternatively you could look into running your Pi-Hole on a VPS with WireHole.

  • @Dop
    link
    85 months ago

    You can set up multiple user profile and install the play services in only 1 profile if you want to jeep other profile more private

  • @[email protected]
    link
    fedilink
    7
    edit-2
    5 months ago

    Look into the user profiles feature to further isolate any play store apps you still use. I have one profile called gshit and thats the only one I install anything non-opensource on from the Aurora store.

    This prevents any playstore apps from accessing say photos, contacts, messages, etc on your main profile.

    PS. If you don’t like the stock launcher either you should check out KISS launcher (minimal mode)