yes some Play store apps are country specific so instead of switching my default country, which stupid Google only allows 1 per year btw, I want to create different profiles with different Google accounts. You cannot do that without showing that these accounts belong to whichever phone number you have

its been 4 months and I am not regret about my switch to GrapheneOS. The only thing that can make this 100% perfect is creating a Google account that does not tie to your phone number.

GOS is great. Funny, I used to rom hop and distro hop a lot; but on GOS, I installed it once and so far so good (5+ months in).

Just some tips for new users: Just install it and dont be afraid to try things out (Google Store, profiles, Aurora…etc). Oh and dont make it tooooo complicate with many profiles and private space. You can test first but dont over do it if you’re not experienced.

And no, I am not a dev from GOS lol. I’m an ordinary user who wants to take control of my phone.

i guess another way is to use those shitty privacy screen protectors that do not work with fingerprints at all. They can try all they want, its not gonna work.

Or grapheneos but compartmentalize sensitive data to a profile where you use no fingerprints, only pins. Duress can be entered anywhere right? So if you’re being compromised , enter the duress pin.

any ideas how to add that engine to Vanadium on GrapheneOS?

Yes it is very much doable and you can get a functional system. But there can be 2 main problems for your case:

1. you would literally install Debian and choose nothing (no DE just a bare minimum). On Arch, this is easy because it came with some packages or you can install during live to get wifi working. On Debian , last I heard you need to do some dhcp wizardry.

2. cross apps compatibility. This is very serious. Even “lightweight” DE like xfce has a lot of hidden stuff that helps to run your notifications , powers and brightness/volume. And that does not count it you want stuff from Gnome or KDE: they even have more special libraries. In your case, the worst scenario would be to have multiple libraries/configs from different DE and they try to do the same thing. This is very hard to debug and maintain.

Point 1) is not as bad, if you use an Ethernet or somehow connects to the internet. It is only for the 1st phase where you install stuff though. After that you can just use the DE’s network manager.

Point 2) should not be a problem IF you are running a window manager. The reason is that in these setups you can choose exactly what you want without messing up…On DE you can too, but you migght break things. For eg, choose dunst for notitication or xfce4-notifyd. On a mixed DE setup? Bad idea imo.

anything that ties to Micro$oft is shady

thanks for the detailed answer. Did you use the battery protection, i.e. charge to 80%?

so most apps have restricted battery with the exception being Google Play Service?

2 months GOS user here on Pixel 9. So far so good. You do have a lot more controls over the traditional Android phones. In fact, you have too much that for average user, i think it can be a bit overwhelmed.

PROFILES

For eg, you can easily install Google apps and use them like a normal phone. Problem is on Graphene, you have many ways to set this up. You can:

a) install in your main profile and be done

b) install Gapps in main the private space within main profile

c) some crazy stuff like install Gapps in the private space of a secondary profile, which you lock using a completely different password.

I spent too much time in this loop lol. Finally i settle on: all daily apps in main profile and sensitive apps live in a separate profile (banks, important docs).

SECURITY

1. Next the security features in GOS are amazing. You can control every single permissions that an app can do. I mean every thing including the system Phone app. I can go 100% paranoid and prevent the Phone app from Phone logs, microphone and Phone. Essentially making the Phone app useless… Very very nice but you need to experiment with your apps and see which permisions you can deny and which you cant. On normal Android? You can deny some apps but the system ones, you cant.

2. I especially like the USB c feature. I leave mine on Charge only. So the port only functions to charge my phone. This cuts off every other connections: plug into PC, plug into car for Android Auto…etc. I like it that way. .

Btw, Android auto works great too if you need it. .

OS is so minimal that you will need to install essential apps on your own. For eg, i use Florisboard for keyboard, MiX for file manager.

3. I really like the screenlock options on GOS. You can set:

a) your usual password, pin, fingerprint

AND

b) a secondary pin that can be scrambled at random. So you unlock with your fingerprint then you need to enter that 2nd pin or password to enter the phone. EVERY single time. And it is scrambled too so you dont have to worry about people tracing your fingers.

AND

c) the Duress pin. This is like the nuke PIN. You set this up and hypothetically you are in a dangerous situations (thieves want you to unlock, local police abuse your phones…etc), you can enter this instead of your normal screen lock pin/password and every data is nuked. I havent tried it yet because i spent too much time set my phone rhe way I like it lol. If somebody tries it out, pls let me know.

INSTALLATIONS

Stupidly easy. On the OG Pixel, if you want to install LineageOS, you have to be very careful. Beside downloading the ROM, you need to flash a custom recovery like TWRP. Then becaude it is a Pixel, you nees to be careful which slot to flash the ROM. Flashing to the wrong one will brick the phone.

On Graphene? It is literally plug your phone in and open the browser where the install notes are. The ONLy technical thing I need to do during the process waa enable bootloader unlock. Everything else was like “GOS finishes this, GOS finishes that, can you press this button, GOS is rebooting…”. .Very very simple.

**SOME HELPFUL POINTS (i hope) **

1. dont treat this as a Degoogle phone. .You can but the strong point of GOS is security.

2. some features are not available compare to like.Samsung’s ONE UI . For eg, only allows an app to connect to 5G and not wifi.

3. dont create a super complicate setup. The backup process will a pain.

I’m allowed my own laptop cuz most of my work is ssh to a server and fix shit. You have to register your laptop on the network first though.

Office, Team: these can work via the browser if your company/organizations pay for the subscription. In fact, the web versions run much better than the standalone desktop ones for me.

Code editor, terminal, programing in general: These work much much better in linux. You open a terminal and you write commands to install stuff. Editors are even easier, i.e. nano, vim, vscode, emacs… etc. just pick your poisons…

Email: now I login to my exchange email using the browser. That works for 100% of the stuff I need to do: basic emails stuff, accept/decline meetings…etc. Unless you absolutely need to use Outlook, there should be no problems.

Now… the real problem lies in specialized software like CAD, CAE tools. I like Linux but there isnt a free CAD / CAE tool that is comparable to what the industries are using. In academic? absolutely you can use for research.

yeh and if i remember correct, there are no options in Samsunf Keyboard to control the clipboard history length. It still remembers what you copied 3 weeks ago…

My recommendation is to use another keyboard. SimpleKeyboard, FlorisBoard…etc.

Fedora then? Just choose the default Workstation. Easy to setup. Easy to do stuff too.

Keepass. I need to figure out a way to securely sync between Android <-> PC.

GNUpass should be very secure too but I need a way to view it on Android.

arch linux was what forced me to use LUKS on all of my installs regardless of distros, btw.

i used the standard layout:/boot, /, /home, swap. So when the installs break, the best way to fix is to use the archiso and remount and re arch-chroot.

Well… i found out that without LUKS, anybody can use any distros live cd and mount my stuff.

At first, I used LUKs only on the main partitions: so / and /home, or just / if no separate /home. Swap remains unencrypted. Boot is also unencrypted.

You could encrypt those too but need more work and hackery stuff:

• encrypted boot: can be slow if you boot the compututer from cold. There’s also this thing where you need to enter the password twice => think Fedora has an article to get around this. Iirc, it involves storing the boot’s encrypted password as a key deep within the root directory.

• encrypted swap: the tricky thing is to use this with hibernation. I managed to get it to work once but with Zram stuff, I dont use hibernation anymore. It involved writing the correct arguments in the /boot/grub/grub.cfg. Basically tells the bootloader to hibernate and resume from hibernation with the correct UUID.

could just replace it, no? Unless your keyboard is weird, the size of window key is pretty standard right?

depends what you do, tbh. If you try to get a 3D program (that works well in Windows) to work on Linux, or try to get a game running as smooth as it is on Windows, then you are in for a lot of work.

But if your usage involves: simple web browser / email, codes, file operations. Then Linux is just plug and play, even much simpler than Windows. No ads, no constant updates nagging.

Linux just leaves you alone, if you mess some thing up it is you fault. On my Win 11 laptop, I got logged off by the damn OS just for it to display a popup with something bullshit like “Sign in to OneDrive to protect your PC”

OP, I am in the same boat. The features shown in GrapheneOS are very nice and I want to buy Pixel just to put it on. Is there a reason you go for the 9, beside price? I’m really keen on the 9a due to its flat camera and low price. I dont like phones with bumped camera. However, recent JerryRig video shows that the 9a is very very difficult to replace the battery, so not sure if it is good in the long run lol.

i’d recommend trying things out first. You are still in the beginning phrase, so try different distros. When you do, look for stuff like

• forum support. Is it popular ? Ubuntu Studio may not be as popular as vanilla Ubuntu and even when theyre from the same family, you can expect minor differences.

• i know this is not Windows. But say your OS is corrupted, how fast and easy it is for you to reinstall?

Example: Pop OS has a dedicated partition to reinstall the OS right in the grub menu - you dont need a separate USB drive for this. On the other hand, Archlinux requires you to mount the partitions correctly (yout home, root…etc), then you can go and fix your systems.

• do you like how the package manager work? I dont like Ubuntu because it has these different sources that can get convoluted. Arch’s AUR can be very messy. Fedora for me is the way because I like DNF. Plus, its syntax is easy to remember.