Heaps of questions from a brand new grapheneos user
Hi everyone
Writing this on my new (second hand) pixel with grapheneos. Have been watching this project for a few years and stoked to finally be here. I'm getting closer and closer to the online life I want all the time.
I have a few questions:
-
Sourcing apps - is it safer to use f-droid (in my case I like the neo-store) or obtainium?
-
For non open-source apps, Aurora or sandboxed google play?
-
Is it OK to use WiFi at my work? Or at the mall? What are the risks? I've got a VPN but using it prevents me from accessing my server via tailscale
-
WhatsApp - I've tried to set up whatsapp but I get stuck at retrieving the backup from google drive. I'm seeing conflicting views on weather or not this is possible. It'd be great but its a price I'm willing to pay if it means not using WhatsApp
-
Can any app be sandboxed?
-
What else should I know about operating the phone? I'm effectively an absolute beginner to grapheneos
-
My phone now won't connect to the internet without the VPN, is this normal?
Any advice appreciated, thank you
3 - I don't do it without a VPN. Some places block VPN (happened to me in a hotel), in that case I don't use Wi-Fi.
2: I have a separate user for closed source apps, and created a new Google account on the sandboxed google play store. Anonymous enough for me.
2 - While I personally prefer Aurora some banking apps are checking the installer referrer and don't work if not originally installed with Google Play.
4 - I found I had to give WhatsApp basically every permission it wanted to restore the backup, after restoring I could then revoke them again
7 - It's in the Settings application of the phone. VPN > [Your VPN] > Block connections without VPN .
4 settings, apps, exploit protection compatibility
7 is not normal
6 read the gos faq it's good info
5 here sandbox just means not privileged, and all apps except Google apps are used to running without privilage. You have three independent spaces on your main interface: owner, work, private you can put apps with different VPNs, google services into each. You have more with account switch, but it's more work
3 depends on what you do with your internet and your threat model, if you have a always on vpn wifi anywhere isn't a threat
2 depends on your threat model: google will give you the most official packages and good chain of custody. You can just use Google play in one account /space copy the app to another space, and let play update it
1 depend on your threat model - reproducible builds where the code is signed by the developer but froid verifies the source used to build the code is the gold standard
I think fdroid is a good place to start they do a quick vetting process on releases. I use obtainium for things i need quick updates on like PipePipe.
I use aurora for things I need from play store.
WiFi is fine ur only leaking location, ip and target server ip to whoever runs the WiFi internet traffic can't really be snooped unless ur using insecure such as http. If u don't use WiFi ur leaking that same info to ur mobile provider. If j use VPN ur leaking to VPN provider. Pick ur poison.
I have no idea but can't imagine why it wouldn't work.
Yep all apps are sandboxes by default.
Its not a magic bullet its just one layer in a secure digital existence.
absolutely not no idea whats going on here. Ask Dr GPT.