GrapheneOS: Phone Privacy Protection
I'm always looking for ways to improve my privacy. Phone privacy is exceptionally complicated because it's essentially a surveillance device you carry in your pocket. I can't really afford to give up having a mobile phone because I need to be in regular communication with family, friends, and colleagues. As I stated in my privacy protection post a year ago, I'm keeping an eye on the Purism Librem 5, but I feel it's still too early to switch to full time, mainly due to the lack of supporting a variety of communication applications I need. So I started looking into Android alternatives.
GrapheneOS is a hardened fork of the Android Open Source Project that has all of the Google software stripped out. No more Google Calendar / Docs / Drive / News / Maps / Photos / etc. Even Google Chrome gets replaced with Vanadium, a privacy and security enhanced release of Chromium.
It's been many years since I messed around with flashing custom images on phones and I was wary of doing so because it used to be quite difficult and prone to failure. I was pleasantly surprised by how smoothly the process went!
At time of writing, the recommended hardware for this OS is any of the Pixel 3 variants. It's probably not worth paying double the price for a Pixel 4 because this OS isn't able to take full advantage of all the hardware improvements. The tricky part about buying the right phone is that you need to buy a fully unlocked Google Pixel, not a phone that was originally manufactured for a specific carrier. The easy way to ensure that is to buy a phone directly from the Google Store. Unfortunately, if you want to make this purchase anonymously you're going to have a bad time. Google is one of the most restrictive payment processors I've come across and I've yet to find any privacy protecting payment methods that get accepted by their credit card processor. Even my corporate credit card gets rejected!
If you start looking at other online retailers it gets tricky because online stores will rarely differentiate between "carrier unlocked" and "bootloader unlocked" phones. After several hours of research and realizing from negative reviews that many of the "carrier unlocked" Pixels on Amazon were former Verizon phones, I ended up taking a chance and buying from another online electronics store with the full intention of returning the phone if it wouldn't let me unlock the bootloader.
Update: after going through the above headache multiple times over the years, it's clear that buying used / refurbished Pixels is a crap shoot and you're highly likely to receive a phone issued by a carrier that has been "carrier unlocked" but has the bootloader permanently locked. I highly advise buying "factory unlocked" new phones if you don't want to have to roll the dice and return a bunch of phones that you can't unlock.
Once you receive the phone, turn it on and charge it while skipping through all of the account and personalization details of the setup. You just want to get far enough that you can ensure all of the software updates are applied before wiping the phone.
I went into the developer options as described on the install page and was slightly alarmed that the unlock button was greyed out. However, after then configuring the phone to use my Wi-Fi, the button became clickable. There's clearly a hardware registration database being checked somewhere out there on the 'net...
You'll need to install the "fastboot" tool onto a computer to which you connect the phone with a USB cable. Just follow the instructions on the install page.
Update: several years after publishing this article, GrapheneOS has rolled out a web installer that makes the process far more user friendly. I suggest using it so that you can avoid having to mess around on the command line.
The instructions don't mention that you need to enable USB debugging in order for the bootloader tool to actually communicate with your phone. There are other OS-specific instructions on this link for how to enable USB communication with the phone. Since I run Linux I had to install the "adb" package.
On the device, open the Settings app, select Developer options, and then enable USB debugging.
Now you should be able to follow the rest of the instructions on the install guide to unlock the bootloader and flash the Graphene OS image. It should only take 5 minutes or so to transfer all of the files to flash the image.
Hooray, now the phone boots Graphene OS!
Before actually configuring anything with the OS, turn it off and boot into the bootloader interface and run the "fastboot flashing lock" command on your laptop to lock the bootloader.
One thing to note is that from now on when your phone boots, it will first display a scary looking message about loading a different operating system. This is normal.
Now that you have a nice, clean, privacy focused mobile OS, you need some applications to run! You may be confused at first because all of the Google software you're used to is not on this OS - even the Play Store is missing! So how are we to install anything?
First, head to the F-Droid web site and install the F-Droid app, which is a store full of Free Open Source Software. You should prefer to install apps from this software manager if possible. But, you'll once again notice that many of your favorite apps are missing!
What we want is to access the Google Play store without having to actually authenticate with any Google services. Thankfully, there's a solution - search for "Aurora" in F-Droid and install this secondary application manager. You can use the "anonymous login" option though in my experience this will often break - it's more reliable if you create a throwaway Google account that you don't use for anything else.
Mobile Data & Voice Service
Pixel phones tend to support a variety of mobile phone carriers so you should be able to buy any number of sim cards that you can pop into your phone. If you want an anonymous carrier that isn't registered to your identity, I recommend buying a sim online with a prepaid debit card or virtual credit card such as privacy.com, inputting a fake name or anonymous LLC, and having it shipped to a private mailbox / remailer / friend. Some options are:
- TracFone for US
- OneSimCard or WorldSim for global coverage.
The downside to taking the road less traveled for improved privacy is that you're now going to be a part of a much smaller community, so if something goes wrong it will probably be more difficult to get help.
I have noticed a few glitches with Graphene OS such as times when applications will say they can't access the camera, though most of these are temporary. Thus far I've only come across one permanent failure with an application that simply won't run - it crashes immediately. I'll have to report this to the app developer, though I won't expect them to fix it given that they probably don't have many users running Graphene OS.
The adventure continues...