This video is 16 minutes long, so you may have forgotten about my podcast I mentioned at 00:56. Just in case you made it to the end and thought, 'Wow, I want to hear more of this guy's voice,' you can check it out at intheshellpodcast.com. It's different from this format-it's stories from the tech world that I think are pretty interesting.
Hi , sorry I have orbot with vpn option active , in my owner profile the question is does my isp see my traffic ? I would have to leave the default dns ?
@@sideofburritos 100%, we have the BMW dealer already do tthis, if you know the problem is. x, they start check/fix a, b, c. first. You mr Bueitos are a true GrapheneOS wiki, your name is many times mentioned in the forum by members who followed your advice on how to. Thanks for that!
Use obtainium where you can(this youtuber has a video showing that), but if you feel a specific app is essential don't worry too much about using the playstroe when you need to. It's better to be imperfect forever than perfect for a month and then giving up.
Congrats on taking the leap! Here's the video @astroid99 mentioned - ruclips.net/video/JiN37bn0OE8/видео.html. But @sbashir9460 and @astroid99 already said what I would have said. Don't complicate yourself when just getting started, it can be a lot to change to a new OS. And “It's better to be imperfect forever than perfect for a month and then giving up.” The official site has some remarkable documentation - grapheneos.org and the forum has a wealth of information - discuss.grapheneos.org.
Today I installed grapheneos. I’m going to sold my iPhone 12. I don’t plan to use any service Google based. Everything open source. Thank you for your videos my friend! You are an extremely kind guy! ❤
You can create a new google account without phone number verification if you create it during the android device setup process. E.g. you could bring an old android device to a cafe and factory reset it + connect to wifi then create the new google account on setup. I've done this many times and haven't needed a phone number
Great to see your videos again, wee bit over my old head, still loving GrapheneOS after three years since dumping everything Apple. Nice to be settled down to a bunch of apps that work well and allow me to do everything I need. (Gray)
Thanks! The initial migration (like you mentioned) is the most work, but after that when you get to a point where things “just work” it's smooth sailing.
Another way to implement this idea would be to disable Orbot and Google Play Services after initial installations and make a separate profile with Orbot+Google and use that profile for updates. That way you can end session on that profile if wanting to save battery and you get to use non-google services on the Owner profile (like updates for Graphene and Obtanium) unencumbered by the slowness of Tor. This would mean having to re-enable Orbot+Google on Owner for new Play Store apps, but that may be very infrequent depending on the user, so perhaps not inconvenient, although prone to some risk of de-isolation if you forget to re-enable Orbot correctly first.
Hmm, that is an interesting setup. It does add some benefit like you said of being able to “end session” on the profile where you would be updating apps from. As long as you have a list to follow when installing new apps “disable VPN in owner, enable Orbot, connect, enable play store etc.” then it should be feasible. I'll have to consider that in the future when I get a new device.
@PaulYannis-o1p @sideofburritos Could you elaborate on that, please? I would really like to understand the workings and problems I may cause by possibly forgetting the correct procedure for installing other Play Store apps. Thank you very much.
@@sideofburritos Could you elaborate on that, please? I would really like to understand the workings and problems I may cause by possibly forgetting the correct procedure for installing other Play Store apps. Thank you very much.
Super useful video - THANKS. Be aware that Google is deleting inactive accounts. Users can prevent their accounts from being deleted by signing in at least once every two years. Activities that count as account usage include sending or reading emails, using Google Drive, watching RUclips videos, or even searching on Google while signed in
For the viewers, connecting to Public WiFi via a Linux live USB may help keep Public WiFi attacks from affecting your main OS and will give you a more unique fingerprint when making a Google account. Buying a pre-paid/PAYG SIM card with some data could work too (for countries where SIM cards don't require KYC) if you have a second smartphone, which you can hotspot from and receive SMS to. (Potentially less private, but possibly more available or secure than Public WiFi, depending on circumstances.)
The one feature keeping me from moving to Graphene is the call screening and auto-blocking of likely spam calls and texts. Not seeing it beyond a notif (or not if I turn them off) is nice. No need to deal with it, but that one is a convenience. The call screening is very handy in the age of spam.
Oh man. Very informative and interesting as usual. I really need to reset my phone and start over. Made a mess of it when i started using Graphene a couple of years ago. Didnt know the apps where installed in the same space. Its messy now to say the least 😂
@@sideofburritos been going good I guess but I'm kinda failing since I've had to download Google play services for stuff. Def interested in a video about ditching the sim card and best practices !
Don't sweat it. The toughest thing is out of the way, switching to GrapheneOS. After that, everything else can be done in stages. In the future, maybe next you try experimenting with Installing Play services in a different user profile and only using apps there that require it, and using apps that don't require it in another one. Even if you don't do that, you're still getting a ton of benefits. Check out these pages to see some of the benefits you get grapheneos.org/features grapheneos.org/faq Play services are a regular app on GrapheneOS vs. PixelOS where they are privileged and can access hardware identifiers. So even by using the GrapheneOS implementation of them you're getting a big benefit - grapheneos.org/faq#hardware-identifiers
Would really be interessted in your setup for your mobile phone number setup. Here in germany I did not find a good solution on how to handle aomething like that
@@sideofburritoshey did I miss something with the Google account is that only used to install the apps! Ie pattern of life and location tracking type activities those are not used, so they won't aggregate location data with other profiles? What about device identifiers ?
This has details regarding device identifiers and what apps can access - grapheneos.org/faq#hardware-identifiers That's just to obtain apps, I was showing what I use instead of Aurora anonymous accounts to download apps.
@@svnbit8408ITS SANDBOXED, that meens no identifiers just do what he says.😂 There's no gms framework, but installing playstore meens some gms framework will be installed. You can sandbox anything you want, identifiers handshakes will still happen.
Awesome! If this setup seems overwhelming, go with something a bit simpler until you get used to GrapheneOS. Even for me, this setup took a bit to get used to.
SoB, very informative video for your setup. Keep it up! The few questions I have are - 1) App command center: Is there any disadvantage to having the command center via a created user profile instead of the “owner” profile? I ask because I seem to have issues with Bluetooth connectivity with incoming calls on the created profile, and there are text/data sync issues as well on the created profile vs on the owner profile (it recognizes, but will not switch to BT device after call is connected - which really sucks). 2) Back up: when backing up the device, is it user profile specific or is it the entire phone and each of the created user profiles that are backed up? 3) Updates: When an app is "disabled" within the command center, will it still fetch for and receive app updates to push to other user profiles so the latest app is on all profiles, or does disabling break the profile synchronization of pushed apps?
1) You can't use “install available apps” in any other profiles except owner. Otherwise, I would prefer to not use owner for this. 2) It *should* back up app profiles, but I don't rely on it. It's known to have issues - discuss.grapheneos.org/?q=seedvault 3) Yes. Even with apps disabled they will still be updated.
Realy great video ! I installed the apps you mentioned. Is there something inherently bad for privacy and security with Aurora ? So, because it is so much easier to use.
Thanks! When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses.
Have you tried that recently? I saw a Reddit post about it and tried it, but it ended up asking my for a phone number. Just to make sure I'm at the same spot. RUclips → Sign In → Create Account? Also, what is the URL you see? Does URL start with accounts[.]google[.]com?
This was true for the account I'm using now. I created it via RUclips fully expecting to have to SMS verify and it didn't ask for it. I used a VPN too. This hasn't been true in the past for me though. So maybe there's some luck in it. (I have my content blocker disabled so maybe they're more lenient for the ad viewers.)
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps.
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
If you use an anonymous Google Play Store account in the owner profile to download apps and then push them into a secondary profile, is there a way to access apps in that secondary profile that need subscriptions in your normal Google Play account without compromising your anonymity?
I don't have any paid apps like that, so I haven't really thought about it. But off the top of my head, I would likely install Play Store in the profile you want to use them in and just install the apps directly there. Then you can keep your free/paid apps separate.
@@sideofburritos In other words, the real account used to pay for the apps needs to be used in that "google profile". No burner account because again, you would have to pay for same apps and link your cards etc.
@@sideofburritos well , that account lands in burner profile then, because I have 2 paid app and use them maybe once a week, then can kill the profile after use:) thank you
Are you concerned about Google Play running in the background in the Owner profile? Like you said, its session cannot be ended like a profile. Or is the fact that it's running through Orbot and you presumably don't give it location permissions sufficient?
Wow... I'm the most boring GrapheneOS user there is. 🤣With mine, I removed the email program...and that's it. My Pixel 6A is just a dumb phone that looks like a smart one. Never thought to install MORE apps.🤣I particularly like that in-phone EXIF scrubber. I've been scrubbing the EXIF when I dump the photos to my Linux box. Mahalo for the new (to me, at any rate) ideas!
Haha, I can appreciate the boring simplicity you've kept. On the plus side, you have one of the most secure dumb phones out there (as compared to the phones marked as “dumb phones”.)
Quick question, can one use a separate “installer” profile to install apps and share those apps to other profiles? Since we can’t put owner to sleep, thought this would be slightly better.
No, you can't. “Install available apps” only works from the Owner user profile. If it did work from other user profiles, then I would do it from there, as you mentioned.
If you’ve already started using apps in owner profile are you already fingerprinted with your device? Can I do a factory reset of graphene OS or a clean reinstall to start over with your protocols in place?
Droidify is all I use for installing apps. If the app doesn't exist in there, I don't install it. However, I'm not a power user - my phone is just a phone/camera/signal/proton/aegis device.
I would very much like to hear about your phone number setup. Can you get calls across profiles? I'd also like to hear about how you came to this configuration.
I can get a notification of a call across user profiles, but not take an actual call across profiles. I think the setup will be inconvenient for most people, but it's worked well so far for my use case.
@@roflchopter11 I wish it didn't, but I emailed them a while ago, and it doesn't seem like that will change anytime soon. I tried different apps and providers for days though and nothing was near as functional as mysudo.
Hi. Question, some apps need to be paid for. So, for example, if you need pro version of torque app, and you paid by using google play, then you move to graphene os, download same app from aurora , it will not be the app you paid for because has no recollection of you/me paying for it due to lack of google play? Is that correct?
Hi, that's correct. The purchase is associated with the account you purchased it from. If you sign in with the account that you purchased it from, then you'll be able to download the paid app.
@@sideofburritos Thank you for your reply, so it seems like I will create a profile gsh*ite , and have that one app I paid for there :D, use when I need with my car. Made list of apps on my old 7y old huawei, checked which need google play services, all seems to need it, BUT even tho signal says it needs it, works fine without :) binance and other apps work too. Will test app by app, installed graphene on new pixel 9, transition will take time, but first I am just testing on wi fi and apps:) love the minimalistic look :)
No, it creates a VPN configuration on the owner profile, and it's applied to the owner user profile. VPNs only apply to the profile they're running in. I mentioned it here how VPNs work with multiple user profiles - ruclips.net/video/IAoCfrqxIEg/видео.html
Is it possible to have those (reference) apps on another profile(e.g. AppRepo). Will those appear on the 'Install Available Apps' option when create/switch to one more profile(e.g. Cautious)? I'm thinking of keeping the owner profile 'empty', no additional apps.
Unfortunately, no. Install available apps is only possible from owner. Someone suggested installing apps from owner, disabling Play Store there. Then have another profile with Play Store and use that to update the apps (since they're already installed). That may be an option I look into in the future, just an extra step.
@@sideofburritos So perhaps later, it will be like one profile with Play Store then both download and update are done there. With Play Store disabled most of the time.
More so initial installations done from owner, then disable play store here. Then update apps from another user profile with play store and only use owner to install new apps. Since you only need to do the initial install from owner to do “install available apps”.
@@sideofburritos Sorry, I wonder how it matters when you have it installed from owner and updated on its own profile. Why not just both on the profile itself, since you'll be setting up Google Play on one profile.
What if I have an app installed directly (not how you did in this video..pushing apps from the owner profile to secondary)? Won't it be installed twice? I would never install whatsapp so Im a little confused about your security model. I had planned and started installing apps only in the profile where they would be uses...not in owner. I wonder if you have gone over if doing so is a bad idea.
Here's the video on how apps work across multiple user profiles - ruclips.net/video/E3erRhXPPNY/видео.html How you did it is perfectly fine. That's how most people do it that use multiple user profiles, there's nothing wrong with that setup.
Looking at buying a used pixel phone to try this out. Some of the used stuff says is unlocked from VZW or t mobile. How can I make sure I am getting a phone unlocked on the carrier it was used on? Thanks.
Check out this clip - ruclips.net/video/4Ki8xQT6Das/видео.html I talk about and show what you need to look for to confirm when buying a used pixel. TL;DR - as long as you have the seller confirm “OEM unlocking” can be enabled, you'll be good to go.
I tried this method but realize not all the apps i use are easy to find. What is your take on Aurora at the end of 2024. Do you think its' safe to use or not. Thanks for all your hard work in putting these videos together.
I published this video ~3 months ago, I'm still using the exact same setup. Whether Aurora works for you is a personal choice based on your threat model. For me, I don't use it.
If you have for example 2 profiles, one has whatsup, other something else, the whatsup profile is currently not in use, do you still get notifications from whatsup?
I believe that when you logoff a certain profile, all apps in that profile will not run in the background, so no you will not receive notifications from a logged-off profile
@UnknownUnrecognized @filipetorchiamiranda It depends. When you create a profile, there's an option to “Allow running in background”. If you have that enabled along with the option to “send notifications to current user” for the profile, it will continue running and you will get notifications. The one limitation is that you're limited to 3 active profiles at a time (including owner). So if you open a 4th profile that is set to “allow running in background”, one of the others (except owner) will be closed.
@@sideofburritos odly I did not receive notifications from ytube! so I had no idea you replied till I went back to rewatch your video! I need just 2 profiles, main, where no gsh*te is installed, and gsh*te profile for anything that needs g....s... :)
Great video. Im not a pixel owner yet.I just wanted to ask you, have you tried using some kind of authenticator app rather than generating a borrowed phone number? A lot of times I can avoid sms 2FA just using authentication. But I am still an iPhone user so I don’t know if Apple just makes it easier than android. I’ll be on a pixel soon enough. I am a firm believer in the open source philosophy. I been using Linux for years and appreciate free software
Unfortunately, you're forced to use a phone number on the account creation. It's not used for any sort of MFA, just as a way to prevent bots and fraudulent accounts from being registered. After that, you can use an authenticator app.
I would really like to learn more about your concerns related to anonymous shared account that are included into Aurora store - you obviously know something, if instead of using it you do those shizzle wizzle movements with buying a number and adding a real google account. Please, tell us more :)
It may be to do with 3rd parties being able to see your Google activity/installed apps, which could add an unnecessary and untrustworthy player in the potential exploitation of your activity data, if you connect to the Aurora Store using identifiable network connections. (Just speculating tho)
Something along the lines of what @PaulYannis-o1p said. You're essentially sharing random Google accounts with strangers. While I can appreciate the idea behind it, something just doesn't sit right with me about it.
The apps I care about work without them (Signal, AntennaPod, ntfy, Calendar, Tasks)
2 месяца назад
Gave a try to graphene. I really like the concept and I am all for privacy. How do you deal with the apps needing google services? There's a bunch of things that are just unusable unfortunately, even with the sandboxed Google services installed from the graphene store.
“There's a bunch of things that are just unusable unfortunately, even with the sandboxed Google services installed from the graphene store.” Which apps are those? I haven't encountered any.
There's Aurora Store, but I don't use that for the reasons I mentioned in the video. Any app that allows you direct access to the Play Store will have to authenticate somehow.
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
thanks for the explanation! do you disable the google services in the main profile after installing all desired apps? are there cons to doing this other than losing automatic updates?
You're welcome! No, I don't. I think the benefit of up-to-date apps is > than disabling play services. I currently trust the setup of all traffic over TOR + an anonymous account that I keep it running. That being said, if the option of “install available apps” could be done from a secondary user profile instead of only owner, I would have play store there. Just for the added option to “end session” for the user profile. Then I might try keeping that profile “shutdown” and manually log into it every other day to check for updates.
Does it make sense to get a Pixel 4a and put Graphene on there? Since its only upgradable to Android 13 I don't even know if Graphene is still an option? I just need a cheap but somewhat secure phone.
No. Being end of life, I would not recommend it. If I were in your situation, I would look for a cheap 6a. It's supported until July 2027 and being an “a” it's pretty affordable. Buying an EOL device is a waste of money.
This has been incredibly useful Josh. I've set up a second device from scratch so I've been able to replicate all these app stores. I'm assuming that if I need Play Services in a 2nd daily profile I don't need the Play Store? Or if I do I don't need to sign in? If you are thinking of future content maybe you could help Apple users migrate. This would help me solve the transfer of 25GB of chronologically dated photos out of iCloud Photos to something more private but retaining date info?! Cheers!
It depends on the apps, you can try without installing Play Store. But from what I understand, Play Store more than just the app store. Correct, you do not need to sign in for things like notifications to work in the 2nd profile. Ahh, that would be interesting (and helpful for many people). Thanks!
Great video, set this up but with aurora store, however I'm not seeing any updates available at any time in the owner profile aurora store. Does this have to do with the fact the apps are disabled or because orbot is on? Furthermore, before I set up my phone like this I just ran the owner profile as my daily. I tested Orbot on there and everything worked fine. However now that I've replicated everything from my daily on a non-owner profile my spotify is unusable when Orbot is on, ant idea what could cause this? Any help is appreciated, your video's are a great resource!
Make sure you can access the internet in the browser first, then try Aurora again. It should make no difference the apps are disabled. If you search for an app you have installed and disabled, does Aurora show it's already installed? Orbot in a different profile will not affect Spotify. That second profile can not access that VPN slot.
@@sideofburritos Thanks for the reply! I checked the internet connection beforehand which was working. I even tried connecting to Aurora store with Orbot turned off and the apps still did not show up. When I searched for an app it just said 'install' as if I'd never downloaded it. As soon as I enabled an app it did show up, even with Orbot on. So I enabled all my Aurora apps, updated all in one go and disabled them again (while Orbot was enabled, so that was not the issue). It's a fix but not ideal. I also use orbot on the second profile. Eventually I found some threads discussing that apparently Spotify is notoriously bad to use with VPN's so not an issue on Orbot's side. Although it is weird as I was running Orbot with Spotify before I made the profile switch with no issues.
@@TipTop-y5b That's interesting. Play Store is able to update them even if they're disabled in the profile. It sounds like Auaora is different. Maybe it's not querying the API correctly for installed apps. That makes sense about Spotify. Thankfully, I haven't had any issues when I have mullvad running with Spotify. Usually, sites are stricter with TOR IP's, so that makes sense.
I tried installing Orbot from the link provided, but it crashes upon running. I couldn't find any clear information about this online. Has anyone ran into this issue?
So download play services needing apps from your owner profile then install them with the feature onto a secondary profile that also is running google play services? So will the owner and at least 1 other profile have google play services installed?
No, you don't need play services on the other profile (unless the app explicitly requires it). Most apps work without them installed, this is just to obtain them.
I don't disable Obtainium or the other app stores in the owner profile. If they aren't running, apps won't be updated. As long as they're running in one profile, they'll be updated in others.
So you downloaded an app from Google Play Store using an anonymous account via Tor. 1.) Does that mean that you'll also need/want to use it via Tor? 2.) Does an app dowloaded from Play Store have any identifier as to whoever downloaded it? Therefore able to tie/identify that you with that supposed anonymous account? 3.) You mentioned that there's only one instance/copy of an app across Graphene. Can an app installed directly from one profile (with dedicated Play Store, for example) be installed to main and/or other profiles through 'Install available option'?
accrescent.app/docs/guide/maintenance/updates.html accrescent.app/features#unattended-updates It does. It is possible that the app dev didn't upload the newest version yet. What version does Accrescent show and what version does play store show? It's
I have noticed, that camera, on pixel 9, asks you if you want to share location etc, google app u can kill permissions too. Did they improve on data / security?
I am surprised that all apps work work without google services or play, how could that be? (pixel 9). Only one I haven't testes are waze (speed cams) and google maps. How is your experience? It seems a good idea to create one burner profile for just 1 or 2 apps which require google service to run because of waze or app I paid for in the past. Then close the profile and keep other apps in the main profile since they don't need google services
I checked a couple of your videos to see where your mic is, and it's way too far away from where you're speaking. It's picking up a lot of echo and reverberation. I have an Electro-Voice RE20, but even with that in the same way you're using your mic, it would sound terrible.
@@sideofburritos thankyou. The yeti blues stand it notoriously low. I'll look at getting an arm or some other solution. I'm also using GHub to do some dB levels.
wait... so I need to switch user profile to get notification from for example whatsapp and switch it again to make my phone calls and sms working? so during my usage of whatsapp I cannot receive phone calls and when I'm texting sms I won't see any whatsapp notifications? pretty su*ks...
If you have it in a separate user profile, then yes. If you have the apps all in the same user profile, then they will work all from there. The goal is for separation, so it wouldn't make sense to have high levels of integrations between user profiles as it would negate the purpose.
I so wanted this to work. Just went from pixel 5 to pixel 8a with grapheneos on both. The messaging app is just not working right on the daily profile. Some flow in while others do not. Applies to both sms and mms. Frustrating!
Yes, it's a VPN connection using the Tor network. Services will see you connecting from the Tor exit node (IP) which then passes the connection to a further 2 nodes (IP) before connecting to the IP address provided by your ISP.
There's always a certain point or event that makes you say “that's enough”. Glad to hear you made the decision! It's likely going to be a bit tough at first (depending on what you're migrating from) but trust me, it's completely worth the effort and time.
@@sideofburritos Yes, wherever I used Tor, the exit nodes appeared as India and Egypt-both countries with notorious records of suppressing free speech.
Nice, but Google soon on later catch us, they aggregate meta data (Snowden case and book), like location, wifi, phone Id, WiFi id, nearby bluetooth connection etc, this method is good only for illusion privacy, but better that nothing.
Where are they getting the location from and nearby BT when it's restricted from accessing it? Also, apps are prohibited from accessing hardware identifiers on GrapheneOS - grapheneos.org/faq#non-hardware-identifiers Saying this is good for only an illusion of privacy is simply untrue.
Does the automatic app update feature from the Google Play Store work when I'm on my secondary profile, or do I have to switch to my owner profile for the automatic updates to function?
It does. Since the Owner profile is always running updates will be automatically installed in the background. OS updates will also be installed in the background, you'll just need to reboot like you normally would for it to be applied.
Clearly you missed the point. This isn't for him specifically, but for anyone else who might want this. Also having your phone anonymous like this is still good in many other ways for personal security. He's not hiding from the NSA.
Dang, I didn't think about that. Back to an iPhone. /s Anonymity !== Privacy. It's a choice based on my threat model to share my face. I'm not trying to hide it from the world. It's less of a threat to share it online in a way where I control every frame of the footage, vs. the 29 CCTV cameras your face appeared on when you bought pickles & mayonnaise from the grocery store at 2AM.
Is there a link between his face and the fake account? I didn't see one and I'm sure he would trash it after the video anyway. Is his real name anywhere on this or other pages of his? Rob Braxman makes security and privacy videos and that is not his real name.
@@sideofburritos TBH the tech is getting to be a bit much for me. I would go back to a landline if I could. Very happy with Graphene though. You made installation very easy with your video. Thanks. I would love to know more about the "Molly" App if you are looking for video ideas.
@pinoygal6232 I entirely understand that. The only reason I keep testing, experimenting, and sharing, is that I genuinely enjoy the challenge. I do appreciate how simple GrapheneOS is out of the box, it really helps cut down on the normal bloat and BS that stock OS's typically ship with. Thanks for the video suggestion!
What about Neo Store? I would love to see a video of you and another security and privacy creator (like Digital Independent) so you can compare methods and share pros and cons of each.
Sure, becuse whats more suspicios a playstore log from a tor network, or a playstore log drom your local network. Sure use use the tor as is NOT suspicious.
So everyone using TOR for anonymity should just use their local network instead because it's less “suspicious”? We should stop using TOR and VPNs, I suppose.
Why? There are apps in the Play Store that I need, and I don't like the anonymous accounts Aurora uses. There's nothing special about using Aurora to install an app, you still get the same thing whether you use Play Store or Aurora.
Next week's video is “How to escape Microsoft” and I'll be demoing how to install Windows 11! /s Bad joke aside, I really didn't want to use “de-googled” in my title. Annoyingly, the SEO juice for "de-googled" is just too good. That's not my goal (nor the goal of GrapheneOS - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle). Using it in a way that, I think, is anonymous and still getting the benefits was my goal.
Nice try. But you could have saved some time by typing the correct abbreviation for the word minutes, which is min not mnts. It was 54 seconds + 24 second for an announcement. I'm sorry that you would have to hover your mouse over the progress bar to see where to skip to in the video, that must have been excruciating.
Problem is, there are so many apps that don't work well without Play Store or Google Play Service. If you go full degoogled Android, you will face more inconvenience to the point you will be better off with a flip phone
No, most apps work perfectly fine without them. The thing that doesn't work is if the app developer uses firebase for notifications, then you need Play Services installed for that. My daily profile has apps installed from the Play Store and I use them daily without Play Services installed on that profile.
@@Redwan777I would argue that you're still better served with graphene than a flip phone because flip phones have series of security and privacy issues.
How he installed playstore so easily a hughe red flag. Yeah go ahead install PS, your so fool thinking PS will work witouth some gms framework you are insane.
Should I take Play Store off my dating profile since it's a red flag? When you install Play Store on GrapheneOS it also installs Google Services Framework. You can read more about it here if you're genuinely curious to learn - grapheneos.org/usage#sandboxed-google-play
Was it worth trading your privacy for RUclips views by flashing your mug all over the world? It's biometric. Every video management software these days has neural networks built in.
I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
This video is 16 minutes long, so you may have forgotten about my podcast I mentioned at 00:56. Just in case you made it to the end and thought, 'Wow, I want to hear more of this guy's voice,' you can check it out at intheshellpodcast.com. It's different from this format-it's stories from the tech world that I think are pretty interesting.
I hope the video wasn't removed by Google like do linus tech 😅
Hi , sorry I have orbot with vpn option active , in my owner profile the question is does my isp see my traffic ?
I would have to leave the default dns ?
Your videos are so wonderfully informative! Not a lot of extras or slow build-ups. You just get right to it. I really like that.
Thanks for that! I try to make them in a format I would want to watch. I came here for x, I don't need “abcdef” first.
@@sideofburritos 100%, we have the BMW dealer already do tthis, if you know the problem is. x, they start check/fix a, b, c. first. You mr Bueitos are a true GrapheneOS wiki, your name is many times mentioned in the forum by members who followed your advice on how to. Thanks for that!
New Graphene OS user. Just got my first Pixel (9 pro), and installed Graphene. Trying to figure out how to and which apps to install. Thanks for this.
Definitely check his install video out and follow the advice he gave here to not make it too complicated for yourself.
Use obtainium where you can(this youtuber has a video showing that), but if you feel a specific app is essential don't worry too much about using the playstroe when you need to. It's better to be imperfect forever than perfect for a month and then giving up.
Congrats on taking the leap! Here's the video @astroid99 mentioned - ruclips.net/video/JiN37bn0OE8/видео.html.
But @sbashir9460 and @astroid99 already said what I would have said. Don't complicate yourself when just getting started, it can be a lot to change to a new OS. And “It's better to be imperfect forever than perfect for a month and then giving up.”
The official site has some remarkable documentation - grapheneos.org and the forum has a wealth of information - discuss.grapheneos.org.
@@sideofburritos thankyou, you basically said the same thing to me in a comment I made roughly a year or two ago. And I've appreciated it greatly.
I have a problem on my 8 pro where my aps cant reach the internet for some reason. I dont know what to do
Today I installed grapheneos. I’m going to sold my iPhone 12. I don’t plan to use any service Google based. Everything open source. Thank you for your videos my friend! You are an extremely kind guy! ❤
Thanks for the kind words and that's awesome to hear! Congrats on making the switch!
It's nice to see you again! :D
Thanks! 🤓
Really happy to see you making videos again!
Glad to be back!
You can create a new google account without phone number verification if you create it during the android device setup process. E.g. you could bring an old android device to a cafe and factory reset it + connect to wifi then create the new google account on setup. I've done this many times and haven't needed a phone number
Tried today and works a treat - thanks
Great to see your videos again, wee bit over my old head, still loving GrapheneOS after three years since dumping everything Apple. Nice to be settled down to a bunch of apps that work well and allow me to do everything I need. (Gray)
Thanks! The initial migration (like you mentioned) is the most work, but after that when you get to a point where things “just work” it's smooth sailing.
I was waiting for this video. Very well done and interesting approach. I may try this method in the future. Appreciate you taking the time to do this.
Thanks, and you're welcome! It's definitely worth a shot to try.
More videos needed YOU ARE THE BEST
Another way to implement this idea would be to disable Orbot and Google Play Services after initial installations and make a separate profile with Orbot+Google and use that profile for updates. That way you can end session on that profile if wanting to save battery and you get to use non-google services on the Owner profile (like updates for Graphene and Obtanium) unencumbered by the slowness of Tor.
This would mean having to re-enable Orbot+Google on Owner for new Play Store apps, but that may be very infrequent depending on the user, so perhaps not inconvenient, although prone to some risk of de-isolation if you forget to re-enable Orbot correctly first.
Hmm, that is an interesting setup. It does add some benefit like you said of being able to “end session” on the profile where you would be updating apps from. As long as you have a list to follow when installing new apps “disable VPN in owner, enable Orbot, connect, enable play store etc.” then it should be feasible. I'll have to consider that in the future when I get a new device.
@PaulYannis-o1p @sideofburritos Could you elaborate on that, please? I would really like to understand the workings and problems I may cause by possibly forgetting the correct procedure for installing other Play Store apps. Thank you very much.
@@sideofburritos Could you elaborate on that, please? I would really like to understand the workings and problems I may cause by possibly forgetting the correct procedure for installing other Play Store apps. Thank you very much.
Super useful video - THANKS. Be aware that Google is deleting inactive accounts. Users can prevent their accounts from being deleted by signing in at least once every two years. Activities that count as account usage include sending or reading emails, using Google Drive, watching RUclips videos, or even searching on Google while signed in
For the viewers, connecting to Public WiFi via a Linux live USB may help keep Public WiFi attacks from affecting your main OS and will give you a more unique fingerprint when making a Google account.
Buying a pre-paid/PAYG SIM card with some data could work too (for countries where SIM cards don't require KYC) if you have a second smartphone, which you can hotspot from and receive SMS to. (Potentially less private, but possibly more available or secure than Public WiFi, depending on circumstances.)
Using TailsOS is also an option.
The one feature keeping me from moving to Graphene is the call screening and auto-blocking of likely spam calls and texts. Not seeing it beyond a notif (or not if I turn them off) is nice. No need to deal with it, but that one is a convenience. The call screening is very handy in the age of spam.
I really liked this video, will enjoy more videos if you make them. :)
First! Thanks man for this really useful video!, I was really looking forward for the app-pushing info!👌🏻
You're welcome! I figured quite a few people were curious about it, so it was about time to get a video together for it.
Welcome back, Side of Burritos! Can you talk about a private cloud solution some day?
New nextCloud just rolled out. Haven’t seen it, but I was considering the old one before
Oh man. Very informative and interesting as usual. I really need to reset my phone and start over. Made a mess of it when i started using Graphene a couple of years ago. Didnt know the apps where installed in the same space. Its messy now to say the least 😂
Haha, don't worry. You see my clean-er setup after a few years of experimenting. I have had some pretty messy setups over the last few years.
Accrecent is based and can't wait till more apps get ported over to it 🗿
I just saw your videos 2 weeks ago and finally installed graphene . Glad to have a recent update about it lol
That's awesome! Congrats on taking the leap, I hope it's going well for you so far.
@@sideofburritos been going good I guess but I'm kinda failing since I've had to download Google play services for stuff. Def interested in a video about ditching the sim card and best practices !
Don't sweat it. The toughest thing is out of the way, switching to GrapheneOS. After that, everything else can be done in stages. In the future, maybe next you try experimenting with Installing Play services in a different user profile and only using apps there that require it, and using apps that don't require it in another one. Even if you don't do that, you're still getting a ton of benefits.
Check out these pages to see some of the benefits you get
grapheneos.org/features
grapheneos.org/faq
Play services are a regular app on GrapheneOS vs. PixelOS where they are privileged and can access hardware identifiers. So even by using the GrapheneOS implementation of them you're getting a big benefit - grapheneos.org/faq#hardware-identifiers
Always learn something new here! TY!
You really do go the extra mile to make things more secure
Would really be interessted in your setup for your mobile phone number setup. Here in germany I did not find a good solution on how to handle aomething like that
Noted! Hopefully, it'll give you some ideas of what you can try.
@@sideofburritoshey did I miss something with the Google account is that only used to install the apps! Ie pattern of life and location tracking type activities those are not used, so they won't aggregate location data with other profiles? What about device identifiers ?
This has details regarding device identifiers and what apps can access - grapheneos.org/faq#hardware-identifiers
That's just to obtain apps, I was showing what I use instead of Aurora anonymous accounts to download apps.
@@svnbit8408ITS SANDBOXED, that meens no identifiers just do what he says.😂 There's no gms framework, but installing playstore meens some gms framework will be installed. You can sandbox anything you want, identifiers handshakes will still happen.
Thanks for the video just got the new graphene os. On my pixel 8
Awesome! If this setup seems overwhelming, go with something a bit simpler until you get used to GrapheneOS. Even for me, this setup took a bit to get used to.
Excellent video. Do you think it is necessary to have Aurora also running via Orbot? Thanks for your help.
This can be my reference to my Huawei Tab. Thanks
You're welcome!
SoB, very informative video for your setup. Keep it up! The few questions I have are -
1) App command center: Is there any disadvantage to having the command center via a created user profile instead of the “owner” profile? I ask because I seem to have issues with Bluetooth connectivity with incoming calls on the created profile, and there are text/data sync issues as well on the created profile vs on the owner profile (it recognizes, but will not switch to BT device after call is connected - which really sucks).
2) Back up: when backing up the device, is it user profile specific or is it the entire phone and each of the created user profiles that are backed up?
3) Updates: When an app is "disabled" within the command center, will it still fetch for and receive app updates to push to other user profiles so the latest app is on all profiles, or does disabling break the profile synchronization of pushed apps?
1) You can't use “install available apps” in any other profiles except owner. Otherwise, I would prefer to not use owner for this.
2) It *should* back up app profiles, but I don't rely on it. It's known to have issues - discuss.grapheneos.org/?q=seedvault
3) Yes. Even with apps disabled they will still be updated.
Awesome explanation. Thank you.
You are welcome!
I assume you block internet access on the main profile without VPN (tor)?
Correct. I have the “Block connections without VPN” enabled.
Why not a paid vpn?
Realy great video ! I installed the apps you mentioned. Is there something inherently bad for privacy and security with Aurora ? So, because it is so much easier to use.
Thanks! When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses.
You can create a google account without a phone number if you go to youtube, accounts, create new account. Super convenient
Have you tried that recently? I saw a Reddit post about it and tried it, but it ended up asking my for a phone number. Just to make sure I'm at the same spot. RUclips → Sign In → Create Account?
Also, what is the URL you see? Does URL start with accounts[.]google[.]com?
I would also like the details on this.
This was true for the account I'm using now. I created it via RUclips fully expecting to have to SMS verify and it didn't ask for it. I used a VPN too. This hasn't been true in the past for me though. So maybe there's some luck in it.
(I have my content blocker disabled so maybe they're more lenient for the ad viewers.)
@@_nobody_of_consequence_ Pointless. You added it once it's in their database, deleting it just removes it client side.
Fantastic! Thank you!
You're very welcome!
Why not using Aurora Store?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps.
Because he wants to show you he can go to parking lots etc..have time for tickets no kids etc ...drive home no issues
@_modiX I explained in the video why I don't use Aurora Store. I don't like the shared Anonymous accounts.
@@BuhaiGras It's true, I do like to drive to parking lots, and then drive home with no issues. I can't deny that.
I tried it and it crashed to much
what about F-Droid or Aurora?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
He explained in the video why he doesn't use Aurora. And F-droid is obsolete if you use Obtanium
If you use an anonymous Google Play Store account in the owner profile to download apps and then push them into a secondary profile, is there a way to access apps in that secondary profile that need subscriptions in your normal Google Play account without compromising your anonymity?
I don't have any paid apps like that, so I haven't really thought about it. But off the top of my head, I would likely install Play Store in the profile you want to use them in and just install the apps directly there. Then you can keep your free/paid apps separate.
@@sideofburritos In other words, the real account used to pay for the apps needs to be used in that "google profile". No burner account because again, you would have to pay for same apps and link your cards etc.
Correct, you would need to use the account that originally made the purchase.
@@sideofburritos well , that account lands in burner profile then, because I have 2 paid app and use them maybe once a week, then can kill the profile after use:) thank you
Are you concerned about Google Play running in the background in the Owner profile? Like you said, its session cannot be ended like a profile. Or is the fact that it's running through Orbot and you presumably don't give it location permissions sufficient?
I don't worry about it. I use an anonymous Google account that I only use on this specific device, and all traffic goes through Orbot.
Wow... I'm the most boring GrapheneOS user there is. 🤣With mine, I removed the email program...and that's it. My Pixel 6A is just a dumb phone that looks like a smart one. Never thought to install MORE apps.🤣I particularly like that in-phone EXIF scrubber. I've been scrubbing the EXIF when I dump the photos to my Linux box. Mahalo for the new (to me, at any rate) ideas!
Haha, I can appreciate the boring simplicity you've kept. On the plus side, you have one of the most secure dumb phones out there (as compared to the phones marked as “dumb phones”.)
Quick question, can one use a separate “installer” profile to install apps and share those apps to other profiles?
Since we can’t put owner to sleep, thought this would be slightly better.
No, you can't. “Install available apps” only works from the Owner user profile. If it did work from other user profiles, then I would do it from there, as you mentioned.
If you’ve already started using apps in owner profile are you already fingerprinted with your device? Can I do a factory reset of graphene OS or a clean reinstall to start over with your protocols in place?
For sure, I think it's more than fine to do it that way.
Droidify is all I use for installing apps. If the app doesn't exist in there, I don't install it. However, I'm not a power user - my phone is just a phone/camera/signal/proton/aegis device.
Droid-ify is just a better skin of F-Droid. I like it but I don't think he will include it
I would very much like to hear about your phone number setup. Can you get calls across profiles? I'd also like to hear about how you came to this configuration.
I can get a notification of a call across user profiles, but not take an actual call across profiles. I think the setup will be inconvenient for most people, but it's worked well so far for my use case.
@@sideofburritos Cool, I was very disappointed that mysudo requires Google Play for notifications.
@@roflchopter11 I wish it didn't, but I emailed them a while ago, and it doesn't seem like that will change anytime soon. I tried different apps and providers for days though and nothing was near as functional as mysudo.
@@sideofburritos big sad. Proton requires GPS, too. Did you find an alternative, or just don't worry about email notifications?
I don't worry about notifications for Proton, I just check it every so often.
Hi. Question, some apps need to be paid for. So, for example, if you need pro version of torque app, and you paid by using google play, then you move to graphene os, download same app from aurora , it will not be the app you paid for because has no recollection of you/me paying for it due to lack of google play? Is that correct?
Hi, that's correct. The purchase is associated with the account you purchased it from. If you sign in with the account that you purchased it from, then you'll be able to download the paid app.
@@sideofburritos Thank you for your reply, so it seems like I will create a profile gsh*ite , and have that one app I paid for there :D, use when I need with my car. Made list of apps on my old 7y old huawei, checked which need google play services, all seems to need it, BUT even tho signal says it needs it, works fine without :) binance and other apps work too. Will test app by app, installed graphene on new pixel 9, transition will take time, but first I am just testing on wi fi and apps:) love the minimalistic look :)
Is Orbot system-wide? How do you know when Orbot is working on the Play Store? Do you add the app in Orbot?
No, it creates a VPN configuration on the owner profile, and it's applied to the owner user profile. VPNs only apply to the profile they're running in. I mentioned it here how VPNs work with multiple user profiles - ruclips.net/video/IAoCfrqxIEg/видео.html
13:19 please make a video on this.
virtual number
Where can I find The Blog Post ?
The link is in the description - sideofburritos.com/blog/grapheneos-how-i-install-apps/
Is it possible to have those (reference) apps on another profile(e.g. AppRepo). Will those appear on the 'Install Available Apps' option when create/switch to one more profile(e.g. Cautious)? I'm thinking of keeping the owner profile 'empty', no additional apps.
Unfortunately, no. Install available apps is only possible from owner. Someone suggested installing apps from owner, disabling Play Store there. Then have another profile with Play Store and use that to update the apps (since they're already installed). That may be an option I look into in the future, just an extra step.
@@sideofburritos So perhaps later, it will be like one profile with Play Store then both download and update are done there. With Play Store disabled most of the time.
More so initial installations done from owner, then disable play store here. Then update apps from another user profile with play store and only use owner to install new apps. Since you only need to do the initial install from owner to do “install available apps”.
@@sideofburritos Sorry, I wonder how it matters when you have it installed from owner and updated on its own profile. Why not just both on the profile itself, since you'll be setting up Google Play on one profile.
What if I have an app installed directly (not how you did in this video..pushing apps from the owner profile to secondary)?
Won't it be installed twice?
I would never install whatsapp so Im a little confused about your security model.
I had planned and started installing apps only in the profile where they would be uses...not in owner. I wonder if you have gone over if doing so is a bad idea.
I should say, I wasn't able to see the link you mentioned on the topic.
Here's the video on how apps work across multiple user profiles - ruclips.net/video/E3erRhXPPNY/видео.html
How you did it is perfectly fine. That's how most people do it that use multiple user profiles, there's nothing wrong with that setup.
Looking at buying a used pixel phone to try this out. Some of the used stuff says is unlocked from VZW or t mobile. How can I make sure I am getting a phone unlocked on the carrier it was used on? Thanks.
Check out this clip - ruclips.net/video/4Ki8xQT6Das/видео.html I talk about and show what you need to look for to confirm when buying a used pixel. TL;DR - as long as you have the seller confirm “OEM unlocking” can be enabled, you'll be good to go.
@@sideofburritos Thank you watching now.
I tried this method but realize not all the apps i use are easy to find. What is your take on Aurora at the end of 2024. Do you think its' safe to use or not. Thanks for all your hard work in putting these videos together.
I published this video ~3 months ago, I'm still using the exact same setup. Whether Aurora works for you is a personal choice based on your threat model. For me, I don't use it.
If you have for example 2 profiles, one has whatsup, other something else, the whatsup profile is currently not in use, do you still get notifications from whatsup?
I believe that when you logoff a certain profile, all apps in that profile will not run in the background, so no you will not receive notifications from a logged-off profile
@@filipetorchiamiranda thank you
@UnknownUnrecognized
@filipetorchiamiranda It depends. When you create a profile, there's an option to “Allow running in background”. If you have that enabled along with the option to “send notifications to current user” for the profile, it will continue running and you will get notifications. The one limitation is that you're limited to 3 active profiles at a time (including owner). So if you open a 4th profile that is set to “allow running in background”, one of the others (except owner) will be closed.
@@sideofburritos odly I did not receive notifications from ytube! so I had no idea you replied till I went back to rewatch your video! I need just 2 profiles, main, where no gsh*te is installed, and gsh*te profile for anything that needs g....s... :)
Can this system be downloaded on other devices such as Realme?
No, only Pixels are supported. They're the only devices that meet the project's hardware security requirements - grapheneos.org/faq#supported-devices
What is your opinion on APK mirror?
I used it one time in a pinch, but I prefer not to use it. In my current setup, I have no need for it.
@@sideofburritos is it worth it if you the ability to check the hash?
Great video. Im not a pixel owner yet.I just wanted to ask you, have you tried using some kind of authenticator app rather than generating a borrowed phone number? A lot of times I can avoid sms 2FA just using authentication. But I am still an iPhone user so I don’t know if Apple just makes it easier than android. I’ll be on a pixel soon enough. I am a firm believer in the open source philosophy. I been using Linux for years and appreciate free software
Unfortunately, you're forced to use a phone number on the account creation. It's not used for any sort of MFA, just as a way to prevent bots and fraudulent accounts from being registered. After that, you can use an authenticator app.
@@sideofburritos ah okay. Well I tried!
awesome info
Thanks!
I would really like to learn more about your concerns related to anonymous shared account that are included into Aurora store - you obviously know something, if instead of using it you do those shizzle wizzle movements with buying a number and adding a real google account. Please, tell us more :)
It may be to do with 3rd parties being able to see your Google activity/installed apps, which could add an unnecessary and untrustworthy player in the potential exploitation of your activity data, if you connect to the Aurora Store using identifiable network connections.
(Just speculating tho)
Something along the lines of what @PaulYannis-o1p said. You're essentially sharing random Google accounts with strangers. While I can appreciate the idea behind it, something just doesn't sit right with me about it.
How do you handle notifications without google services?
The apps I care about work without them (Signal, AntennaPod, ntfy, Calendar, Tasks)
Gave a try to graphene. I really like the concept and I am all for privacy. How do you deal with the apps needing google services? There's a bunch of things that are just unusable unfortunately, even with the sandboxed Google services installed from the graphene store.
“There's a bunch of things that are just unusable unfortunately, even with the sandboxed Google services installed from the graphene store.”
Which apps are those? I haven't encountered any.
Is there an alternative to Google play which is safe and doesn't require a sign in?
There's Aurora Store, but I don't use that for the reasons I mentioned in the video. Any app that allows you direct access to the Play Store will have to authenticate somehow.
So what is wrong with Aurora and F-Droid?
When it comes to Aurora, I mentioned I don't like using the shared accounts. I also don't like the “hacky” implementation used to access Play Store Apps. Using Sandboxed Play Store lets you access the Play store securely, while avoiding using any workarounds that Aurora uses. Aurora isn't magically removing Google from the equation. Your device is still connecting to Google to download and search for apps. F-droid, I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
Exactly .. the Aurora store is the best.
I explained in the video why I don't use Aurora and instead of F-Droid I use Obtainium.
thanks for the explanation! do you disable the google services in the main profile after installing all desired apps? are there cons to doing this other than losing automatic updates?
You're welcome! No, I don't. I think the benefit of up-to-date apps is > than disabling play services. I currently trust the setup of all traffic over TOR + an anonymous account that I keep it running. That being said, if the option of “install available apps” could be done from a secondary user profile instead of only owner, I would have play store there. Just for the added option to “end session” for the user profile. Then I might try keeping that profile “shutdown” and manually log into it every other day to check for updates.
@@sideofburritos gotcha, thanks!
Im interested in the setup you have in the SIM card! ❤
Noted!
There is now private space on the new update, please do a new video since work profiles can now be combined with private space
Does it make sense to get a Pixel 4a and put Graphene on there? Since its only upgradable to Android 13 I don't even know if Graphene is still an option?
I just need a cheap but somewhat secure phone.
No. Being end of life, I would not recommend it. If I were in your situation, I would look for a cheap 6a. It's supported until July 2027 and being an “a” it's pretty affordable. Buying an EOL device is a waste of money.
This has been incredibly useful Josh. I've set up a second device from scratch so I've been able to replicate all these app stores. I'm assuming that if I need Play Services in a 2nd daily profile I don't need the Play Store? Or if I do I don't need to sign in? If you are thinking of future content maybe you could help Apple users migrate. This would help me solve the transfer of 25GB of chronologically dated photos out of iCloud Photos to something more private but retaining date info?! Cheers!
It depends on the apps, you can try without installing Play Store. But from what I understand, Play Store more than just the app store. Correct, you do not need to sign in for things like notifications to work in the 2nd profile.
Ahh, that would be interesting (and helpful for many people). Thanks!
Great video, set this up but with aurora store, however I'm not seeing any updates available at any time in the owner profile aurora store. Does this have to do with the fact the apps are disabled or because orbot is on? Furthermore, before I set up my phone like this I just ran the owner profile as my daily. I tested Orbot on there and everything worked fine. However now that I've replicated everything from my daily on a non-owner profile my spotify is unusable when Orbot is on, ant idea what could cause this?
Any help is appreciated, your video's are a great resource!
Make sure you can access the internet in the browser first, then try Aurora again. It should make no difference the apps are disabled. If you search for an app you have installed and disabled, does Aurora show it's already installed? Orbot in a different profile will not affect Spotify. That second profile can not access that VPN slot.
@@sideofburritos Thanks for the reply! I checked the internet connection beforehand which was working. I even tried connecting to Aurora store with Orbot turned off and the apps still did not show up. When I searched for an app it just said 'install' as if I'd never downloaded it. As soon as I enabled an app it did show up, even with Orbot on. So I enabled all my Aurora apps, updated all in one go and disabled them again (while Orbot was enabled, so that was not the issue). It's a fix but not ideal.
I also use orbot on the second profile. Eventually I found some threads discussing that apparently Spotify is notoriously bad to use with VPN's so not an issue on Orbot's side. Although it is weird as I was running Orbot with Spotify before I made the profile switch with no issues.
@@TipTop-y5b That's interesting. Play Store is able to update them even if they're disabled in the profile. It sounds like Auaora is different. Maybe it's not querying the API correctly for installed apps.
That makes sense about Spotify. Thankfully, I haven't had any issues when I have mullvad running with Spotify. Usually, sites are stricter with TOR IP's, so that makes sense.
I tried installing Orbot from the link provided, but it crashes upon running. I couldn't find any clear information about this online. Has anyone ran into this issue?
So download play services needing apps from your owner profile then install them with the feature onto a secondary profile that also is running google play services? So will the owner and at least 1 other profile have google play services installed?
No, you don't need play services on the other profile (unless the app explicitly requires it). Most apps work without them installed, this is just to obtain them.
Does your 'Calls' profile need to have google play services allowed from the Main user profile? Also, do ALL apps from play store go in this profile?
Hey. Will apps still be updated automatically on user profiles although appstores or Obtanium is disabled on owner profile? Thanks in advance
I don't disable Obtainium or the other app stores in the owner profile. If they aren't running, apps won't be updated. As long as they're running in one profile, they'll be updated in others.
So you downloaded an app from Google Play Store using an anonymous account via Tor.
1.) Does that mean that you'll also need/want to use it via Tor?
2.) Does an app dowloaded from Play Store have any identifier as to whoever downloaded it? Therefore able to tie/identify that you with that supposed anonymous account?
3.) You mentioned that there's only one instance/copy of an app across Graphene. Can an app installed directly from one profile (with dedicated Play Store, for example) be installed to main and/or other profiles through 'Install available option'?
It doesn't appear Accrescent currently does updates. My other play stores have an update for Clipious, but Accrescent does not show the update.
accrescent.app/docs/guide/maintenance/updates.html
accrescent.app/features#unattended-updates
It does. It is possible that the app dev didn't upload the newest version yet. What version does Accrescent show and what version does play store show? It's
I have noticed, that camera, on pixel 9, asks you if you want to share location etc, google app u can kill permissions too. Did they improve on data / security?
You can disable location permissions on a per app basis.
I am surprised that all apps work work without google services or play, how could that be? (pixel 9). Only one I haven't testes are waze (speed cams) and google maps. How is your experience? It seems a good idea to create one burner profile for just 1 or 2 apps which require google service to run because of waze or app I paid for in the past. Then close the profile and keep other apps in the main profile since they don't need google services
What's your audio setup? My @TechHeart6090 channel has horrible audio from my yeti blue mic.
I checked a couple of your videos to see where your mic is, and it's way too far away from where you're speaking. It's picking up a lot of echo and reverberation. I have an Electro-Voice RE20, but even with that in the same way you're using your mic, it would sound terrible.
@@sideofburritos thankyou. The yeti blues stand it notoriously low. I'll look at getting an arm or some other solution. I'm also using GHub to do some dB levels.
wait... so I need to switch user profile to get notification from for example whatsapp and switch it again to make my phone calls and sms working? so during my usage of whatsapp I cannot receive phone calls and when I'm texting sms I won't see any whatsapp notifications? pretty su*ks...
If you have it in a separate user profile, then yes. If you have the apps all in the same user profile, then they will work all from there. The goal is for separation, so it wouldn't make sense to have high levels of integrations between user profiles as it would negate the purpose.
I so wanted this to work. Just went from pixel 5 to pixel 8a with grapheneos on both. The messaging app is just not working right on the daily profile. Some flow in while others do not. Applies to both sms and mms. Frustrating!
I watched the Google ad to completion for your profit
Good work :). So I also use obtainium but now when I am opening it, I get a warning about the 32 bits.... Is it just for me?
I think what you might be seeing is this - discuss.grapheneos.org/d/14004-phasing-out-32-bit-only-app-support-for-older-devices-too
Off Topic: How well does Android Auto work on GraphenOS? Any First Hand experience?
But will the apps update automatically when you use this method? Or do you have to go manually in the other profile and update through there?
They automatically update without interaction. I still check periodically in case there were any issues updating any apps.
Does Orbot hide your IP ?
Yes, it's a VPN connection using the Tor network. Services will see you connecting from the Tor exit node (IP) which then passes the connection to a further 2 nodes (IP) before connecting to the IP address provided by your ISP.
Ive been meaning to switch to GrapheneOS for a long time. Ive decided now is the time as the privacy erosion appears to be accelerating.
There's always a certain point or event that makes you say “that's enough”. Glad to hear you made the decision! It's likely going to be a bit tough at first (depending on what you're migrating from) but trust me, it's completely worth the effort and time.
Put it on my P9P today.
Nice! The Pixel 9 seems like a nice device, I was tempted to upgrade.
I’ve decided not to use Tor anymore as my exit nodes have been compromised.
All the exit nodes you used were compromised?
How?
@@sideofburritos Yes, wherever I used Tor, the exit nodes appeared as India and Egypt-both countries with notorious records of suppressing free speech.
@User35003 That is not an indication in any way that the exit nodes were compromised. Have you tried manually selecting the exit in Orbot?
Bro meeds a tin foil hat😂
I prefer aluminum foil hat's. Much easier to buy a roll of that in the store 😂
Thanks
You're welcome!
Link newpipe ?
If you search for it, it's the first result. new pipe . net
Nice, but Google soon on later catch us, they aggregate meta data (Snowden case and book), like location, wifi, phone Id, WiFi id, nearby bluetooth connection etc, this method is good only for illusion privacy, but better that nothing.
Where are they getting the location from and nearby BT when it's restricted from accessing it? Also, apps are prohibited from accessing hardware identifiers on GrapheneOS - grapheneos.org/faq#non-hardware-identifiers
Saying this is good for only an illusion of privacy is simply untrue.
shame that the Aurora store stopped working.
yeah, it stops working frequently, but they usually don't take too long to fix it on the backend. Usually a few hours to a few days.
Does the automatic app update feature from the Google Play Store work when I'm on my secondary profile, or do I have to switch to my owner profile for the automatic updates to function?
It does. Since the Owner profile is always running updates will be automatically installed in the background. OS updates will also be installed in the background, you'll just need to reboot like you normally would for it to be applied.
The whole anonymous thing goes out the window when you plaster your face over the internet
Clearly you missed the point. This isn't for him specifically, but for anyone else who might want this. Also having your phone anonymous like this is still good in many other ways for personal security. He's not hiding from the NSA.
Dang, I didn't think about that. Back to an iPhone. /s
Anonymity !== Privacy. It's a choice based on my threat model to share my face. I'm not trying to hide it from the world. It's less of a threat to share it online in a way where I control every frame of the footage, vs. the 29 CCTV cameras your face appeared on when you bought pickles & mayonnaise from the grocery store at 2AM.
@@dubz5149 Exactly. And, even if I was hiding from the NSA, Snowden shows his face and manages to still pull it off 🤣
@@sideofburritos this guy gets it! 🤣
Is there a link between his face and the fake account? I didn't see one and I'm sure he would trash it after the video anyway.
Is his real name anywhere on this or other pages of his?
Rob Braxman makes security and privacy videos and that is not his real name.
Too much effort. I'll just live without the paid apps.
-Sure would like to find a free GPS tracker detector though. Anyone know of one?
The Play Store has more than just paid apps. Some users have banking apps on their devices, and those are only on the Play Store.
@@sideofburritos TBH the tech is getting to be a bit much for me. I would go back to a landline if I could. Very happy with Graphene though. You made installation very easy with your video. Thanks.
I would love to know more about the "Molly" App if you are looking for video ideas.
I use AirGuard which is available in the F-droid store
@pinoygal6232 I entirely understand that. The only reason I keep testing, experimenting, and sharing, is that I genuinely enjoy the challenge. I do appreciate how simple GrapheneOS is out of the box, it really helps cut down on the normal bloat and BS that stock OS's typically ship with.
Thanks for the video suggestion!
What about Neo Store? I would love to see a video of you and another security and privacy creator (like Digital Independent) so you can compare methods and share pros and cons of each.
Sure, becuse whats more suspicios a playstore log from a tor network, or a playstore log drom your local network. Sure use use the tor as is NOT suspicious.
So everyone using TOR for anonymity should just use their local network instead because it's less “suspicious”? We should stop using TOR and VPNs, I suppose.
I am surprised you install gapps. :(
Why? There are apps in the Play Store that I need, and I don't like the anonymous accounts Aurora uses. There's nothing special about using Aurora to install an app, you still get the same thing whether you use Play Store or Aurora.
"How to degoogle yourself" first thing he installs is google playstore :D
Next week's video is “How to escape Microsoft” and I'll be demoing how to install Windows 11! /s
Bad joke aside, I really didn't want to use “de-googled” in my title. Annoyingly, the SEO juice for "de-googled" is just too good. That's not my goal (nor the goal of GrapheneOS - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle). Using it in a way that, I think, is anonymous and still getting the benefits was my goal.
gosh, the intro was 4 mnts long, just get to the point already mannn...
Nice try. But you could have saved some time by typing the correct abbreviation for the word minutes, which is min not mnts.
It was 54 seconds + 24 second for an announcement. I'm sorry that you would have to hover your mouse over the progress bar to see where to skip to in the video, that must have been excruciating.
@@sideofburritos yeah minor excruciating, but it was excruciating nonetheless
The whole thing about using graphene os is to degoogle your device. Using playstore simply ruins the idea behind the OS.
That's simply not an accurate statement about the project - discuss.grapheneos.org/d/1420-google-play-store-and-degoogle
Problem is, there are so many apps that don't work well without Play Store or Google Play Service. If you go full degoogled Android, you will face more inconvenience to the point you will be better off with a flip phone
No, most apps work perfectly fine without them. The thing that doesn't work is if the app developer uses firebase for notifications, then you need Play Services installed for that. My daily profile has apps installed from the Play Store and I use them daily without Play Services installed on that profile.
@@Redwan777I would argue that you're still better served with graphene than a flip phone because flip phones have series of security and privacy issues.
@roflchopter11 💯
How he installed playstore so easily a hughe red flag. Yeah go ahead install PS, your so fool thinking PS will work witouth some gms framework you are insane.
Should I take Play Store off my dating profile since it's a red flag? When you install Play Store on GrapheneOS it also installs Google Services Framework. You can read more about it here if you're genuinely curious to learn - grapheneos.org/usage#sandboxed-google-play
Was it worth trading your privacy for RUclips views by flashing your mug all over the world? It's biometric.
Every video management software these days has neural networks built in.
For the honor of interacting with beautiful people, such as yourself, absolutely
Where F-Droid ? 🦧🦧
I'm not a fan of it from a security perspective. They made some questionable decisions in the past that I don't agree with, and prefer to use Obtainium and get it from the source directly. Of course, everyone should do their research and make the choice that's best for them.
F-Droid is pointless if you're already using Obtanium....
I use Obtainium instead of F-Droid and get the apps directly from the source.