Keep Your Phone Free and Secure With GrapheneOS

Table of Contents

Introduction

I have always been using Google Nexus and Pixel series phones, because they were providing the cleanest and most conveniently hackable experience back in the day where Android was “open”. But as Android is growing increasingly enshittified, earlier this year I ultimately was fed up, felt cornered and decided that it is time to escape.

That was even a few weeks before Google decided that it wanted to kill the open Android ecosystem for good. Apparently, Google finally decided to close the trap1 and seize absolute power by forcing every developer to register, ultimately turning Android into yet another prison.

Luckily, GrapheneOS is around and currently is the perfect solution for all of my issues with Android these days. I won’t explain what it is, how to install it and why you should. I assume you already know, and if not, just check out its website. It is very well-documented and the installation is straight-forward, if you have a supported phone.

The difficult part is not installing it, it is getting used to a (mostly) Google-free phone and work around the undeniably existing limitations. So in this post I want to summarize the key lessons I learned while trying to liberate my mobile digital life from oppression and surveillance.

App Stores

GrapheneOS comes with its own little stores for a bunch of selected apps, but the first must-have you need to install is F-Droid2. Of course I already used F-Droid before, but now it shifted from being a secondary to the primary way to install apps.

By default, F-Droid will only have its own official repository registered, but there are many third-party repositories. Be aware though, that the third-party repositories are not following the F-Droid standards, so use at your own risk and ideally stick to well-known ones.

Unfortunately you probably won’t be able to survive using only open source apps you can install that way. Surely it should be your first stop when looking for apps, but some apps unfortunately do not have a drop-in replacement.

To get your hands on Play Store apps without having the Play Store and Google services installed, apparently the simplest way is to use the Aurora Store. It seems to be a cleaner solution than downloading random APK files from fishy-looking websites, and doing it again every time you want to update that app. That said, I would still avoid using it whenever possible.

The search order to find and install apps for me is now:

  • F-Droid
  • F-Droid third-party repos
  • APKs provided by reputable developers on GitHub
  • Aurora

As installing new apps is a reasonably rare occurrence, this overhead is acceptable to me. You are of course always free to install and use the real Play Store and any app you find there, but then the only thing GrapheneOS gives you over some pre-installed OEM Android is more security and no intrusive anti-features being forced on you.

Exiled Google Services

GrapheneOS comes with no pre-installed Play Store or Google services. Some apps unfortunately require them, for bad or even worse reasons. Luckily, most do not, and GrapheneOS provides compatibility layers and replacements wherever possible so most apps do not spot any difference.

For the few cases where you really need it, mostly for some pseudo-security ceremonial “integrity check” that some apps require, e.g. for online banking apps, there is a great solution: Install the Play Store and all the needed services together with the apps in a separate isolated user profile. For me there was no other case that really forced me to have the full real Play Store and services installed and running to get an app to work.

In general, user profiles are amazing for isolating questionable apps that request various non-optional permissions or are hard-wired to use certain Google services, especially if you do not need them all the time. But that isolation can also be a downside. You cannot easily share a file, the clipboard or in fact anything between two profiles. For example, payment with disposable credit cards via online banking apps becomes cumbersome, or in general if you need to confirm a transaction and need to switch profiles for that.

I have three profiles:

  • the main profile - mostly F-Droid apps and some from Aurora
  • the quarantine profile - with Google services, mostly used for banking apps
  • the garbage sink profile - random apps for household appliances and gadgets3

Curated App Selection

What follows is a set of apps most of which I probably would install on any phone I own. I already have been using many of them long before switching to GrapheneOS, but since then I discovered a bunch more which I now would consider essential or recommended.

Basics

  • Aegis Authenticator - 2-Factor Authentication where you control the backups
  • Markor - The best text editor for Android
  • HeliBoard - an acceptable FOSS keyboard only lacking word swipe input
  • K9 Mail - not the prettiest, but most complete independent Android E-Mail client
  • Öffi - the universal public transport app, only thing it cannot do is buy tickets
  • Flux News - Android client for the MiniFlux RSS reader

Productivity and Organization

  • DAVx5 - sync calendars, contacts and notes (if you need .ics import, check ICSx5)
  • Fossify Calendar - simple calendar app working well with DAVx5
  • jtx Board - CalDAV-based task and note app working well with DAVx5
  • MakeACopy - scan documents with your phone camera
  • Simple Time Tracker what it says it is, supports data export

Must-Haves for Techies

Social

Audio

Drop-In Replacements

  • Fennec - a pretty vanilla Firefox fork
  • Molly - fully FOSS Signal fork

Partial Replacements

Camera App

I ended up using the official Google Pixel Camera app because it is vastly better than any FOSS camera app I tried. It works perfectly for taking photos and videos with just one little auxiliary app: Gcam-Services-Provider.

Unfortunately it glitches out most of the time whenever I try to open the last taken shot or video directly from the camera app, so I manually have to open a gallery app to look at the result. It is annoying, but I can live with it.

CoMaps is a good general-purpose OSM-based navigation app.

The only thing where any Google Maps alternative falls short is answering questions like “where is this store located” and “is the store open right now”, but arguably you can still open Google Maps in a browser tab for such cases or to find the correct address you can use with CoMaps.

Unreplacable Apps

TotalCommander

I never used this classic on a desktop, but on Android I have never used a better file manager and there is no single app I know of that can fully replace it. Yes, it will not win design prizes for aesthetics, but if you are a power-user and expect desktop-level control over your files, there is just no way around it.

Even just the possibility to mark files by wildcard is pure gold, and moving files wirelessly from laptop to phone with the SFTP Plugin, without having to go through SyncThing, is something I am not willing to sacrifice. I also use this to put eBooks on my Kobo Clara BW.

PowerAmp

If you really like music, there is no alternative. I made the mistake to buy it through the Play Store many years ago, but the app is worth every penny for a store-independent license that I bought to continue using it. Yes, this is not FOSS, but it is the best music app, full stop, and I could not find any other app that seamlessly supports AutoEq profiles and recognizes my headphones.

Summary

Switching to an alternative Android-compatible OS is not difficult, the hard part is de-Googling and finding replacements for various apps.

Yes, there are some inconveniences you have to accept, but for me they are well worth it. No annoying AI that I never signed up for, no data collection I did not approve, no hidden user-hostile default settings that you have to find in a labyrinth engineered for you to get lost.

Life is not always easy in the borderlands, but we don’t go there looking for comfort, we go there looking for freedom.

  1. A well-known and somewhat controversial guy saw through the plot more than a decade ago, and it is hard to deny that he was right.

  2. If you prefer, you can get Droid-ify - it is an alternative, supposedly better frontend for F-Droid, but in my experience both apps are sometimes buggy and I do not have a clear preference yet.

  3. I really hate that these days many devices that should not need any connectivity at all now come with no physical interface and force you to install some shitty app to control even the most basic settings. I try to avoid buying these technical-debt time bombs, but sometimes you just have no choice.