Well I just replaced my aging LG G6 with a new Google Pixel 8a running GrapheneOS. The G6 was based on Android 9 which was initially released in August 2018, and my last update was January 2019. The big issue, after 6 years since OS initial release, apps are starting to not support Android 9. Add to that, my USB-C plug was getting questionable in terms of retaining charging cables and my fingerprint reader has not worked for years.

So how to replace the G6? Well I choose a new Google Pixel 8a and GrapheneOS. The Google Pixel is one of the better supported hardware devices in the after market ROM landscape and GrapheneOS seems to be one of the most popular ROMs.

It took me about a week to do the transition. Lot of that was just normal when moving everything to a new phone and not using the vendors automatic tools. The actual initial setup and flashing though was pretty straight forward. It was a bit emotionally difficult to take new $400 hardware and then just simply re-flash it risking say bricking. This turned out to be a non-issue.

Benefits I see from doing this:

  • Lack of Cruft. The lack of all the vendor loaded cruft was very nice. My old G6 has about 17 apps that I could never really delete because they were flashed into the ROM. Many of them fairly large Google suite apps.
  • Profiles. The new phone can fully use user and work profiles, plus with Android 15 it has the Private Space feature. GrapheneOS also supports up to 31 user profiles, not the 4 supported by most distributions. I actually use the Private Space to contain my Google Play Services and Google Play Apps and otherwise just the owner profile. Might have been better to look at some of the other options, not sure.
  • Storage Scopes are really useful. One can restrict App access to only certain folders. I have already used that a few times, probably more in the future.
  • Backup. GrapheneOS allows one to do App backups to your own media or cloud storage. For stock systems normally only Google Drive is allowed, which I would never use.
  • Sandboxed Google Play. I like the idea of sandboxing Google play. Presumably it should be more compatible then MicroG and some Apps require Google play. Interestingly the number that do seems fairly small. I actually further placed all my Play Services related stuff in a Private Space so I know what apps can actually use it.
  • Device Integrity Check. Verified boot and some other device integrity checks are properly supported and so many apps that required them should run, though not all. This is not always the case with third party ROMs.
  • Wifi Calling and Messaging seems more stable then my old G6. Maybe just the difference between Android 9 and 15.
  • Updates should be supported for a full 7 years from initial device release which as of late 2024 is about another 6.5 years. My original G6 had about 1 year of updates.
  • Hardening. Graphene has a bunch of hardening features not in typical distributions. Storage Scopes and really good Profile support are a couple I’ve mentioned, but there are many others.

One question that took me a while to consider is where to get Apps from. There are pros and cons and a lot of discussions about this. In the end, I used the GrapheneOS App Store, F-Droid, Accrescent, Obtanium, and the Aurora Store in that order for my owner profile, then installed sandboxed Google Play Services and the Google Play app in my Private Space.

As of now my limited experience with GrapheneOS has all been positive. The one App that I have had issues with is the UPS app for some reason. For that I’ll just use their website for now. Not sure if the UPS app can be made to run or not. My understanding too is that Google Wallet may not fully function though I have not tried it and have never used it before anyway.

If your interested in GraphneneOS and have any specific questions, feel free to ask. All the best.

  • limerod@reddthat.com
    link
    fedilink
    arrow-up
    1
    ·
    22 days ago

    basic common sense security features are such a huge improvement.

    Can you list some common sense security features?

    • Zorsith@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      22 days ago

      Disabling wireless when not in use

      storage scope limitations for apps (random games don’t need full drive access)

      fine control over USB-C port behavior (data and/or power while locked vs unlocked)

      using passcode/password for device unlock while still being able to use fingerprint for individual apps.