Pixel 8A and Grapheneos
Pixel 8A and Grapheneos
Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.
What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.
Any advice welcome!
Thanks.
If you want to be sure you cant be tracked, monitored, spyed on, and calls can't be intersepted:
Don't ever connect it to WiFi and don't insert a sim card.
Graphene or not, your ISP can still share your position or other meta data with government and stuff (in the us they can also be forced to not tell you) - in some countries they legally sell to third party's, in some probably illegaly
Calls are normally not encrypted so the os doesn't matter as much if its the government who can force your ISP or if someone is skilled enough for a Man in the middle attack.
Android is a highly complex system, it will never be 100% safe.
If you just want to decrease spying by companies and less powerful people:
Use neo store or fdroid (no google play or aurora) as all apps there are Foss
Don't install gapps or any other google services/packages
Use shelter for less trusted apps
Use netguard to block apps from accessing the internet
Physically block your cameras
If you want to be absolutely sure no one is recording audio: destroy mics with a needle and connect headset only when you need it
To only use communication apps which are encrypted and you hold the keys should be not needed to be said: matrix, signal, element, xmpp are good, (telegram (normal chats), Facebook, WhatsApp etc is a no go)
Don't ever connect it to WiFi and don't insert a sim card.
So.. don't ever use the Internet?
Exactly. If you want to be 100℅ sure you don't get tracked AT ALL you can't use the internet.
The second you connect metadata is gained by ISP and all the servers which get called. This can be enough to track you down for powerful entities like the government.
If only your aunt may with a evening school IT course is your threat, a pin and graphene os is probably enough
Also OP mentioned his sim card is registered on his real life name, so having that connected to cellphones is enough to track you if you have a warrant to force your internet service provider to share the information
Can’t be tracked if you never turn it on.
Plus: its google/us hardware. They could always hide something in lower level software like drivers or bios.
(Cant find the arricle i was thinking of, maybe false): It was recently discovered that snapdragons pinged their home server when turning on, which was not noticeable in android as it was on a deeper software level
Start with the basics. Use a VPN preferable a good one payed in crypto /XMR or cash. Use Foss apps only check out F-droid.
Also one that blocks malware and ads. If not use adguard.dns or other that filter traffic
Settings , disable 2-3 G if you always have access to 4-5 G .
Don't change add browsers use vanadium. No gapps obviously.
The more challenging is to just use it as WiFi phone without SIM.
Vanadium doesn't have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.
Vanadium is purposefully made this way. It tries to minimise profiling by making your actions noise in a big mass of users. That only works if you use the standard config without anything to discern you.
Mull is the other extreme of this. They try to eliminate fingerprinting by reducing the amount of trackable things in your browser.
It's hard to say what really is the better option. You can't completely eliminate fingerprinting, and the more you try, the more you will stick out of the masses.
Why would you use Chrome webview plus something else? You can't replace just pile on. Not a good idea. https://grapheneos.org/usage#web-browsing
I have a sim card in this phone. The sim card is one I heavily rely on. I have disabled the option for disable 2G in sims is this good? Even without the LTE mode as my phone doesn't seem to have this.
I don't have any crypto / XMR and in this case, shall I just set the DNS you recommended me without any VPN and just always use that? Thanks.
I use TrackerControl (f-droid).
It's an app that can turn off entirely internet access to an app or granurarly tweak which domains can comunicate with.
Its still being tracked even with gos. Just maybe Google isn't tracking you.
For example, using Aurora Store and Obtanium instead of Google Play and avoid enabling Google Play Services.
But: every non Foss app you download runs code you can't control and could potentially compromise security. So caution is advised.
Congratulations on your first steps in GrapheneOS!
In order to best help you and give relevant suggestions, we need more information of who you are trying to be private from.
If your threat model is particularly sophisticated, it may be recommended that you do not use a sim card, or at least never when your phone is at home. Instead, exclusively rely on WiFi. It may also involve desoldering your microphone and camera and only make calls using an earpiece.
These are not recommendations, but simply examples of how far one can go with respect to their threat model. If you would rather want to avoid "regular" spying by google, Facebook and the likes, you may be better off selecting a private DNS (for example Mullvad's extended DNS which comes with social media filtering https://mullvad.net/en/help/dns-over-https-and-dns-over-tls ). You would need to make sure you do not install Google services (nor microg) and especially no google apps.
Much more can be said, but we would need specific information about your case to provide better guidance.
EDIT: I do not want to give the impression that GrapheneOS does not make a good job in improving your situation already. They do! But to do more you would need to justify it with your threat model, that's what I'm getting at.
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
To be honest, if kyc means what I think it does (I am not from the states) so that your provider knows your real identity, this phone with this sim will not be private, especially not when constantly connected to cell service.
With a warrant the local police could force your provider to tell them to which cell phone tower you are connected to, effectively giving them live position data. They can also read all unencrypted trafic this way (calls, SMS, telegram, http traffic etc.)
If your thread level is the police, you already f'd up, sry :/
(OP can ignore this comment)
I'm a bit upset that GrapheneOS does not follow OpenBSD: ignore any person hating it, ignore anyone who wants to interferes with project personnel and donations like usa is doing on Viet Nam like they are speaking for the Vietnamese, and don't care if the feature works "for you" or not, just going on code improvements & maximally free code. And do whatever Micay want to do. Accept donations from whatever company. There's so much dramas. But they already achieved over-detailed documentations. Focusing on unprivileged google play is the true path, since the demand on google play is much larger and other "private" apps repos are expected to work on the "privacy" people's phone.
Maybe because GrapheneOS haven't made any world-significant project that every companies depend on so that companies have to put so much money on the project.