I can only speak for Verizon, but curious why enabling Signal's 'Wifi calling compatibility mode' enabled SMS/MMS over Wifi. It will fail in Messaging placeholder app and QKSMS+.

Once WiFi texting is *provisioned? in Signal, I can switch to QKSMS+ and send/receive messages on WiFi only.

anupritaisno1 PixelExperience-Devices/device_xiaomi_sdm845-common ce8cf16

alicebobandeve: no

We can't keep any changes that need manual maintenance

That just makes everything harder

AFAIK these don't change often

Or do they?

Then switching to built-in Messaging app, SMS is stuck in forever-sending.

At that point, WiFi texting is borked for all apps, and to recover I need to:

Turn off airplane mode, send/receive an SMS with Signal, toggle airplane mode again and activate WiFi & then send/receive another SMS in Signal over Wifi, then toggle VPN back on and it works from then on.

Signal has the special sauce. Was similar on Nexus 5x with Verizon, as I indicated earlier today. VPN definitely blocks initial WiFi texting provisioning (Signal). OpenVPN back then, now Wireguard.

larncat: interesting

Hello

hello

Just installed Graphene for first time. Excited to use.

Starting with f droid for apk manager/downloader

Nice! Welcome.

Thanks

I'll try and fix WiFi calling for Pixel 3 if I can anupritaisno1 I'll get in touch if I need help

That was a rather quick exit

<alicebobandeve[m "I'll try and fix WiFi calling fo"> That's appreciated. Thanks

I love the pixel 3.

alicebobandeve: GlassROM-devices/device_google_coral f0e2c3d

alicebobandeve: also 3 commits from github.com/GlassROM-devices/android-prepare-vendor

Oops

Well everything I committed on July 11 except for the preopt commit

Tweaking the 'smallest width' parameter in dev options to '443' seems to makes text sharp and reasonable for my eyes with the default font size.

anupritaisno1: thanks a ton

larncat: I'll try, I love the P3 too

^ maybe I misunderstand that dev setting, but none of the default scalings looked right, nor had a smallest width that matched the native DPI. This seems to sharpen text, which looked a bit blurry on the P3.

The new picture editor in Signal is fun

nickcalyx: very distracting lol

<alicebobandeve[m "larncat: I'll try, I love the P3"> Totally

nickcalyx putting stickers over photos is remarkably amusing

between that and the sticker packs

Moxie is finally getting with the program

also the auto face pixelation is good

strcat would know the specifics but I think there were improvements in the titan M in between 3 and 4 ?

but then they also took away the fingerprint reader

Hello everyone, GrapheneOS on Pixel 3a here. I would like to use my phone in WiFi-only mode with Orbot in VPN-mode. Unfortunately, with Orbot in VPN-mode, captive portals don't load. Any idea which system components I would have to allow to bypass Orbot for that to work?

Anyone know how to bypass this on a pixel3a

alex-resist: To achieve this Alex you can go into Airplane Mode and turn on WiFi.

interceptingfist: Why is Google asking you to verify anything aren't you on GOS or no?

I have a phone with graphene already, but i bought this for a good deal

interceptingfist: Oh so if you press X it just closes everything? You bought a password locked device. Depending how good the password is you can crack it.

Or just ask the prior owner for the password.

Yea it closes out, phone is useless

They don't have it, that's why it was cheap

So for now you bought a brick.

"It's yours if you can crack it"

^

A good password cracker should do the trick.

There is something about,the Titan m chip increasing the delay in between attempts, the more you try

jknsec: love the motivation/wisdom

:P

<defconanon010102 "^"> Any recommendations

jknsec: lmao

I'm not aware of there being anything you can do.. just look up the most common password lists and try those

interceptingfist: Really that is for you to find out. I don't have any at the moment.

The irony is that this is why the Titan M exists and why Graphene likes Pixels

defconanon010102 airplane mode + wifi is a no brainer, the issue is that Orbot even blocks desired connections which are needed to use captive portals. I would like to use Orbot in a "not 100%"-VPN-mode so I can use public WiFis but the rest will be routed through Orbot

<defconanon010102 "interceptingfist: Really that is"> ok I'm not a hacker so its always best to ask, so I don't waste time

nickcalyx[m] is right. Even if they only used a 4-digit pin code, it's going to take you roughly 650 years to completely exhaust the available keying space.

So I would suggest you contact the previous owner.

I could give you a tool but I am not going to tell you how to use said tool. Honestly, it is better to look at the array of tools and research.interceptingfist

did you try stuff like 1111 9999 1234 0000

probably :)

It's probably some long alphanumeric code that no one can possibly remember

interceptingfist: probably a stolen phone I would contact the seller and give them a hard time

Ooh true

Factory reset protection.

Yeah it could legit be stolen

that is dishonest to have a device stolen like that

you probably could make a very convincing threat of the authorities to the seller

Yeah.

Not sure if I missed something, but it would be good to have an FAQ regarding Orbot use in public environments. MAC randomization is fine, and having a reliable Orbot on top would make Graphene equivalent (or better) to Tails

interceptingfist where did u buy it from?

<alex-resist "Not sure if I missed something, "> FAQs take a long to write and verify

what tails also has though is a whole toolset of security focused apps

A person who got it but never got junlocked

<nickcalyx[m] "what tails also has though is a "> haha it has generally terrible security

I am not sure what you mean

The idea is to have MAC randomization and Orbot in public settings. So far Orbot is keeping me from using captive portals. I'm somewhat proficient with Tor and Tails, so I could actually help on that part. But I don't know which part of Android is handling the captive portal connect

<defconanon010102 "I could give you a tool but I am"> Its cool no need I'm searchin

Wonderful. ^^

alex-resist: developer.android.com/reference/android/net/CaptivePortall

Connectivity Manager

Won't a obfs4 bridge help for captive portals?

On grapheneOS, where do you get your apps from? F-droid? Aurora? Both?

fdroid

APKMirror confirming signatures with Exodus Privacy

I avoid all the v1 signing

between that and remote attestation I feel quite confident

cn3m what is v1 signing?

<larncat[m] "cn3m what is v1 signing?"> old deprecated signing method F-Droid won't switch off

the full apk is not verified

it is very possible more exploits could be found in it

I don't think anyone is even auditing it anymore as so few people use the method

larncat: from my understanding an exploit in v1 could mean malware could hop across profiles and persist. Imagine you try to install an apk on another profile and it replaces your F-Droid which in turn replaces all your F-Droid apps..

normally I would feel safe installing an app in another profile, but if you could replace an app with such an exploit.. That would be bad

cn3m: has that happened in the past?

john_doe2: yes Janus

it is patched and has been for a while, but there is no reason there couldn't be another and no one would be looking for it beside maybe a government is my guess

F-Droid says it is not an issue, but that is a little misleading due to them only considering installation happening from builds on the F-Droid server. I don't consider that an accurate take at all

Agreed

the most important security feature one could add to GrapheneOS imo is it's own store

seamless background app updates would be nice too

would kill a lot of awkwardness with apps security on AOSP right now imo

What about aurora store?

john_doe2: it has a v1 fallback and he v2/3 fails

so the store app(which is trusted with unknown sources and the user trusts for updates installs) is weak which is a concern definitely

assuming there was a v1 flaw

What does one do then?

<john_doe2[m] "What does one do then?"> if you are worried about it you can do what I do and verify the signatures and download the apks

I use APKMirror and check the signature against the developers on Exodus privacy

Ty

:)

Signal or Conversations progressive

I have about 70% of my contacts on signal, 20% on Conversations and the rest 10% are the idiots on WhatsApp I do not interact with

<progressive[m] "But over the last days everyone "> Not like we have better options suddenly tbh

Let me tell you something about tech, there are always going to be problems and security issues with everything so you must choose what's appropriate for you sometimes

You have to choose the lesser evil

<f8sai[m] "Not like we have better options "> Also this

rover1: see hub.libranet.de/wiki/and-priv-sec/wiki/user-profiles

john_doe2: for apps see

cn3m thanks :)

v1 signatures will no longer be supported in Android 11

No new v1 app installs or updates

<dazinism "v1 signatures will no longer be "> rip fdroid

haha

The folks that work on the Fdroid repo are working on moving from v1 sigs

The izzyondroid Fdroid repo has a fair few apps

They provide the developers builds

Which will almost certainly use v2 or v3 signing

well fdroid is the only good option right now anyway

g65434-2: Fdroid repo is good in many ways.

But the v1 signing issue isnt great

Also the app tends to be a bit buggy

See hub.libranet.de/wiki/graphene-os/wiki/Apps for some info about getting apps safely

That page doesnt mention the v1 issue

Probably should

<g65434-2[m] "well fdroid is the only good opt"> I dunno I prefer my setup

Its going to be painful for the Fdroid repo to support android 11

They will have to resign all apps

Moving new builds of apps to v2 apparently isnt so difficult. Just resigning old builds will be some trouble

*v2 or v3

well good

I am glad they are being forced too

Given the increased speed of uptake of new versions of Android in recent years I expect they'll have to work pretty quick

Or they'll have ever increasing numbers of folks complaining/getting confused

I mean 10% in a year right?

not fast still

generally it is the last OS doing well

like Pie is very popular

by Android standards

10% of all android users, is a lot of users

Obv not so many using fdroid

And I would imagine probably a higher proportion on older android versions

<dazinism "10% of all android users, is a l"> sure, I guess my developer instincts are kicking in. The 88% on iOS was so nice...

*Higher proportion of Fdroid users on older versions

i feel like they are rushing every major android version

They come yearly

Android 11 will have the longest beta cycle ever

that is anything but rushed

there are not subversions anymore or something , it's odd

less huge chances have to be made since the updates are higher quality

i didn't imply it like so, but in oreo/nougat there was like 9.x.x

* i didn't imply it like so, but in oreo/nougat there was like 8.x.x

I've updated the wiki about user profiles linked above

Okay finally I managed to get a look around the Vanadium source and feeling confident to fix my first issue. The problem is that I cant run it from Android Studio on my Pixel 4 XL, USB Debuging is turned on fingerprint is correct.

Wondering if anyone has tested network on multi users

strcat mentioned that only one user profile has network

I think

And that any user would use foreground user network in background

crueltekk: little more information on what you did?

*And that any user in background would use the foreground users network

<dazinism "Wondering if anyone has tested n"> there's a github issue btw

@cn3m Got the source over git like the homepage says under /build and opened project in Android studio. Error is something with Manifest.xml

cn3m: yeah saw the one about block non vpn connections toggle being reset

crueltekk: grapheneos.org/build#prebuilt-code

this is what you are looking

for

done that already

gotcha

post the error here? I do need to sleep though

Main / work profile i guess are different and can both have their own network (or VPN)active at same time?

Wonder if that all works reliably

Imagine it would

Error running 'Unnamed': AndroidManifest.xml doesn't exist or has incorrect root tag

Seems like there is none.

Will redo the last stes

Okay that confuses me, the website tells to copy ../args.gn content after run gn args out/Default. But I cant safe it, tried with and without sudo

<jneplokh "GOS has an internet permission w"> Thanks Jacob, SchismXL and jknsec for answers yesterday re Netguard.

I just read about Bromite and the built in privacy stuff sounds appealing. Are many others using it?

I've been using bromite over vanadium BC the site based JavaScript settings work better.

Copy source files from SSD to HDD, see you in a Century ;)

cn3m:when the world will end and all is left is the chatlogs left over the air and then the ufo’s come from other planets and read your comments on educating people on reddit, they will scratch their heads with daniels knowledge but still everywhere on reddit you are doing what daniel used to do before. Thank you

<fomijafi[m] "I've been using bromite over van"> Yeah being able to tap on the padlock next to URL and change site settings is nice.

<dazinism "Yeah being able to tap on the pa"> scuse my ignorance, but what do you mean? what site settings can you change, and why would you?

pikey: the other issue with using an app that uses the VPN function is that while it active the app can see and control all you internet connections

If its malicious or compromises it can mess with you pretty bad

*compromised

<dazinism "pikey: the other issue with usin"> sorry, dumb again. not sure what you mean. the app i am using with the VPN can see and control internet connections, or the VPN app can do that? I assumed the latter was true, but the former is scary, if that's what you meam?!

> <@DzzzzzzR:matrix.org> pikey: the other issue with using an app that uses the VPN function is that while it active the app can see and control all you internet connections

* sorry, dumb again. not sure what you mean. the app i am using with the VPN can see and control internet connections, or the VPN app can do that? I assumed the latter was true, but the former is scary, if that's what you mean?!

main thing is bromite sounds good, so will grab that, thanks!

i miss the UBlock stuff running on desktop. Not using to using a browser on smart device at all, i had DDG browser on iphone (and i do like it for the burn function and simplicity), but i want some of those anti fingerprinting and general privacy features which Bromite appears to come preloaded with

Whitelisting may help. Block all javascript, then put it on temporarily

On some sites that you trust, or when you need

aaah, thats really helpful i understand now thanks

I have to confess, I have never blocked javascript

i might start doing that. i know the vulnerability, and I have occsaionally used Tor (with js blocked)

i guess i could start blocking and allow just when needed, makes a lot more sense really. i just have enough niggling problems/tasks that i never seem to get any proper work done!

i am still using Firefox on desktop ffs! I keep hearing how bad that is now thought to be, but never sem to find time for an alternative and learn a whole new browser, extensions, set up BitWarden etc!

My experience in using fasboot with linux is that it needs to be run with sudo. I see the install.sh script just has fastboot commands. Does the script need to be run under sudo or some other condition?

Install udev rules

<anupritaisno1[m] "Install udev rules"> Not sure I understand ""udev rules"

<crabman[m] "Not sure I understand ""udev rul"> I had same problem/confusion, total linux beginner. JR wrote a great guide for beginners like me. Have you read that? I think it's under "Peter Euston"

crabman: if you are on arch or a derivative udev ruels may be available as a package or already set up

pikey: yeah the app can see and control network connections (its exactly what you can see NetGuard doing )

<dazinism "pikey: yeah the app can see and "> which app?

I am sorry I don't understand. I had no issue flashing my MOTOG3 with Ubuntu. I had no issue with the P3a until I came across the flash-all.sh script. However, I have always run commands one at a time, never a script.

pikey: any app that uses Androids VPN functionality. When you enable that you give it full visibility and control of network

crabman: try looking it up then

It wont be able to read encrypted data, but can see it travelling and block it

Is there a forum where you can get Graphene support? I see Reddit directs people here.

crabman: just look up udev rules for android

<dazinism "pikey: any app that uses Android"> so in this conversation, are you referring to PIA, as that's the only app that "uses Android's VPN functionality"? Surely you don't mean any app which runs *through* the VPN, as that's all apps!! :D

pikey: he means the app that initiated the VPN

thanks, but way over my head by all accounts.

crabman - JR made a few very useful comments for me when I was learning to flash Graphene. I kept notes. These may help? :

"The third last tip I have for it is, if you are running Linux and end up being stuck at "<waiting for device>" or nothing happens at fastboot, you may be be missing udev rules, or your user account may not be added to the adbusers group (you will need to log off, then log back in in order for the group edit to take effect). There should be a guide somewhere on the Arch wiki about udev rules for both Fastboot and ADB.

The second last tip I have for it is, follow Daniel Micay's instructions exactly. He's taken a lot of time to document the whole installation process start to finish and this is the correct way to do it."

if not, sorry but I can't do more as it would be the blind leading the blind :p

<pikey[m] "crabman - JR made a few very use"> pikey - Thanks my issue is “fastboot too old;”, but I am using latest fastboot.

IRT Daniel Micay's instructions, are you referring to grapheneos.org/install

crabman: search for udev on freenode.logbot.info/grapheneos

Is there any possibility that grapheneos can be hacked same way as it happen with EncroChat?

progressive: anything is possible

<dazinism "progressive: anything is possibl"> What would be the consequence of a hacked GrapheneOS' server?

as in, what can a compromised update can do, assuming it bypassed the key checking

<f8sai[m] "as in, what can a compromised up"> think I am right in saying Graphene can't identify a specific phone to a user, so a malicious update couldn't be pushed to a specific person/device. I suppose in theory if GOS servers were compromised then a malicious update could be pushed to all GOS devices at once, and I would think that would be spotted in about a nano second, but I am no expert :D

<f8sai[m] "as in, what can a compromised up"> Install keylogger

<progressive[m] "Install keylogger"> Malicious system app could be?

<progressive[m] "Install keylogger"> But if it used any of those "red-flags" known on Auditor

(I meant the permissions)

We can simply reflash a previous version

I’m not IT guy, sorry I was just asking

Not me either, just telling a solution

So we would know the fact it was hacked and keylogger installed?

Possibly

You can compare system apps

Do auditor checking

Or it may not even boot at all

Because that was happened with Encro i believe encrochat knew it months ago and they worked with police

they would be better off hacking Signal tbh

<progressive[m] "Because that was happened with E"> Encro has its own chat app or something for communication

Are you asking?

I might not be the best person to answer your question, and yes, I'm asking for a written answer by more security-inclined people here

They sold encrypted phones with own OS

To compromise GrapheneOS, someone would need to get hold of Daniel's signing keys and push the update without him noticing. That would be very hard.

Look

International investigators were also going after the team who ran Encrochat, who they said led ‘luxury lifestyles’, although the technology itself is not legal

<cyborgninjaneer[ "To compromise GrapheneOS, someon"> Well, the key bypassing or stealing is the hard and secure part -wink-

<cyborgninjaneer[ "To compromise GrapheneOS, someon"> Well, somebody did attempt once and it didn't end up successful

The police are claiming that os/phones like grapheneos is ilegal, I thing slowly but we are loosing privacy and freedom

<progressive[m] "The police are claiming that os/"> Nobody can tell you are running GrapheneOS until you restart/show settings thougj

It just looks like stocj

stock*

<progressive[m] "The police are claiming that os/"> not sure which police are claiming that, but it's false

I understand that but they can knock on Daniels doorstep and offer him life sentence :)

Just a thinking

Well, he can also just destroy the keys

<progressive[m] "I understand that but they can k"> that's why nothing is ever 100% guaranteed, and Daniel would be the first to say so, which is why he can be trusted imo

No secure OS will protect you from poor opsec

They could not give him a chance, you know how it works, sometimes you dont have 2 spare seconds when police catch you

<f8sai[m] "No secure OS will protect you fr"> nor a $5 wrench ;)

LOL

No AFU exploit if you always restart your phone

life = risk. we do what we can. at least we in here ARE doing what we can. Most morons aren't, can't be bothered. I wold rather die trying than live in wilful ignorance!

Good luck unlocking a phone before AFU

<f8sai[m] "No AFU exploit if you always res"> AFU?

Android Fone Unlock?

:p

After first unlock

<f8sai[m] "Good luck unlocking a phone befo"> 0000 is my pw

no shit? you copied mine!

Living life on or edge

damn i better change it forthwith :D

the*

:p

at the end of the day, in the UK (and most of EU I imagine).. the police can just say "please unlock your device for me", or "please give me your encryption keys for xyz". You say "no" - you are now guilty of an offence and liable for 4 or 5 years in prison IIRC.

but it's not a reason not to use encryption.

<pikey[m] "at the end of the day, in the U"> Reformat your phone, save backup on (encrypted) storages ^^

Can't see anything that's not there

<f8sai[m] "Reformat your phone, save backup"> the point I am making is that by doing ANYTHING to prevent handing over eveyrthing to the stasi, you go to prison if caught (or suspected and found guilty beyond reasonable doubt, from a judge on side with thegovt in probably what woul dbe a closed court!) - so I dont bother mitigating, I just know where i stand in this piece of shit country.

well, I mean

It depends on what they ask for

<pikey[m] "at the end of the day, in the U"> This is one reason I am happy living on the east

Or central

<f8sai[m] "It depends on what they ask for"> no it doesn't. the new law (newish anyway) is simple. They want the keys to unlock your device, files, servers, ANYTHING. IF they ask, and you do NOT hand over, you CAN go to prison. That for me is all I need to know. With that, and some creative thinking by the boys in blue, yo're fucked every which way if they want you to be. Of course, you just comply. There's a good boy.

Assuming it passed, but this is getting off-topic

anyway, off topic

haha

laters

Also, there are some mitigation, not necessarily a foolproof plan

Think we need a GOS off-topic channel lol

Yeah lol

<pikey[m] "no it doesn't. the new law (newi"> The is soft with few password option for pc’s i don’t remenber the name. You type your password you boot up in your private os and if you type other password you boot into clean os, would be nice to have something simmilar on graphene

There is* sorry for my english

<progressive[m] "The is soft with few password op"> Mutiple user exists

Nice to hear!

But then, as usual precautionary measures, wipe your phones when crossing borders

(Maybe they will look on other profiles so yeah)

<f8sai[m] "Mutiple user exists"> You can just show a user with clean OS if that's what you mean

progressive: GrapheneOS users have to trust that Daniel knows what he's doing and that he has the signing keys well secured.

I know. We always have to believe in something but hard part is to choose in what to believe :)

Of course there are ways it could be compromised, but that is true of pretty much any device.

<dazinism "Of course there are ways it coul"> Not even iOS is safe from this

choose the lesser evil or something, choose which to trust/compromise a little more than others

If you look back at Daniels previous work its pretty clear they know what they are doing and have a very good understanding of computer security issues

It all boils down to threat and trust model

We always have to think that someone car read our chats and do not disclose sensitive info, I think that would be the right thinking

<progressive[m] "We always have to think that som"> some of the statements posted are referenced on the grapheneos.org though, nothing sensitive at all

<progressive[m] "We always have to think that som"> But in general I would agree

Well guys thanks for your answers, I’m glad to be here

Technically iPhones & pixels give whats has to be the most secure/private (somewhat) general purpose computer operating systems ever

I think that if you are careful you can have reasonable confidence that they provide security/privacy of data and communications

But nothing is foolproof if a target is valuable enough to an attacker, and the attacker has enough resources, they can probably break it.

One more option would be never use what most people are using like signal, because sooner or later it will be the target (my opinion)

Blackberry hacked

Encrochat hacked

Yeah its kind of a weird balance. More people using something gives more of a chance that people who know how will be checking for vulnerabilities.

Also if something is actually good and secure more and more folks are likely to adopt it.

Even enigma cose was cracked :)

Code*

I got an unlocked Pixel 3a yesterday but when I check Developer options, OEM unlocking is disabled. What should I do to unlock it?

lqdl66oi62 maybe the bootloader is unlocked? There should be a note to OEM Unlock if it is unlocked. If not you maybe got a Verizon one which is not unlocked.

And to my knowledge it Verizon ones can't be unlocked.

* And to my knowledge Verizon ones can't be unlocked.

How can I know if I got a Verizon one or not?

<lqdl66oi62[m] "How can I know if I got a Verizo"> Check your Buildnumber

My buildnumber starts with QQ2A and it's not on the list, am I looking at the wrong page?

Regulatory Lables

labels*

<lqdl66oi62[m] "How can I know if I got a Verizo"> Does a Pixel 4 have this Verizon model too?

Ok mine's North America and not Verizon, nice to verify that

If it ends in E, though lufk

luck*

But if not, try to update it

Connect it to the internet, update it, then flash GOS

I looked around all menus in settings but don't see an update button

System, updates

There's no updates in System on my screen

Maybe cause I went through the app list and disabled every single app that has "Google" in its name?

<lqdl66oi62[m] "Maybe cause I went through the a"> Probably

Ok so which one do I need to restore to do an update?

Just Google Play?

Who knows

If you dont have irreplacable data just do a factory reset

Or... Get a factory image

From Google itself for the latest sargo factory image

If you are already comfortable flashing on fastbooy

fastbooy

fastboot*

If you are already comfortable flashing on fastboot

(Oh wait... I forgot the oem unlock not yet toggle-able)

crueltekk have you seen any update regarding the P4XL green refresh at low brightness? Saw your issue on github (GrapheneOS/os_issue_tracker #239). Got the same thing happening here. I think anupritaisno1 is maintaining that.

Nvm

Wont he need to unlock to flash the factory image

<nickcalyx[m] "Wont he need to unlock to flash "> Oh yeah, my apologies

<nickcalyx[m] "Wont he need to unlock to flash "> Well, if they can connect to internet and untoggle it maybe it would help

Unless the 3a is refurbished to disable OEM unlock

<nickcalyx[m] "If you dont have irreplacable da"> Well, this is the best option for now

<SchismXL[m] "crueltekk have you seen any upda"> No sorry, don't have any updates to that. Still the same problem. And maintainer of Pixel 4XL is paintedman I guess.

Ah okay, my mistake!

Next time add am @ in front of the nickname so the person can't miss it :)

* Next time add an @ in front of the nickname so the person can't miss it :)

Danke <3

At least another German :D

Haha, nah. Brit here. Just after our convo the other day, I remembered you are :p

Ah okay :D names are not my strength :D

Having a look at the issue, its definitely the gamma calibration at 90hz for the device. Battery saving mode puts the display to 60hz, which has a different calibration. If there were a toggle in settings to change the screen refresh rate (which may be an idea to save battery life without "battery saving" mode), it would be a temporary fix. Just noticed on github that Daniel made a comment actually

This issue was from always on display, but links to 239, crueltekk's bug:

"Each device needs to have their resource configuration ported over properly from the stock OS. There are already other issues like #238 and likely #239 tied to the same thing. Device maintainers need to extract the resource overlays from the stock OS and port them to GrapheneOS."

I'm in system updates now but it keeps saying waiting for wifi although I'm connected to one.

Battery over 80%?

Yes, it's full

Hmm try to start the update over mobile data (you can abort it, just turn off data) or open up a hotspot and try again.

lqdl66oi62: think you have to have an internet connection to throw the OEM unlock toggle

ok finally update is starting

so I update, toggle OEM unlock then go to recovery mode?

lqdl66oi62: fastboot mode. Follow the instructions at grapheneos.org - they get regularly updated

<lqdl66oi62[m] "so I update, toggle OEM unlock t"> fastboot

looks like android finished downloading the update but takes long to install it

I no longer need any Internet connection until I finish installing GrapheneOS do I?

<lqdl66oi62[m] "I no longer need any Internet co"> Provided that you downloaded the necessary stuffs before flashing then yes

If you've downloaded everything already, then no.

(fastboot and factory images)

ok so my phone's in fastboot mode

now I type fastboot flashing unlock on command line and just wait?

Just follow the instructions on the website. Nothing should go wrong

ok I typed the command but I see no confirmation screen on phone and command line says waiting for any device

nothing seems to be happening

Go on

Check fastboot --device

command line says unknown option

Oh

You may want to read it fully before doing it again

(The installation instructions)

You need the platform tools files

I'm sure I got the necessary files

adb reboot bootloader works fine

fastboot --version returns the version correctly

Good luck

Anyone here who can help me extracting vendor files for pixel 4xl?

platform tools doesn't recognize my device while it is in fastboot

when I type adb devices while my phone running it returns my device

while it is in fastboot it doesn't return anything

You use you are in fastboot?

Or the cables

Are connected properly

yes

<crueltekk[m] "Anyone here who can help me extr"> vendor/android-prepare-vendor/execute-all.sh -d coral -b qq3A.200705.002.2020.07.06.20 -o vendor/android-prepare-vendor

the latest factory image build number for coral is just `QQ3A.200705.002`

-_- thanks

<pikey[m] "Thanks Jacob, SchismXL and jknse"> Happy to help!

still can't find a way around it

As soon as adb reboot bootloader command is executed PC no longer recognizes my device

u need to use fastboot then instead of adb

read this site and follow instructions

wait I got it in my 6th try

not sure what changed but whatever

is the Pixel 3a the only supported phone with a headphone jack?

I believe so. maybe 3a XL has one too?

is there any plan to support another one?

It seems like Graphene is pixel-only for the forseeable future, so the question is will there be another pixel with a headphone jack

<passstab "is there any plan to support ano"> Newer ones didn't have a headphonejack

I wouild say 3a is last chance for a 3.5mm jack. Such a shame. Damn 'progress'!

gotta love the fingerprint on back too, so tactile and logical.

does anyone know how to delete an account on attestation.app?

The 4a won't have a 3.5 mm jack?

:( my current phone is a moto x4 and it arguably is better then the 3a.

IIUC there will not be a 4a

4a status unknown, delayed many times

<passstab ":( my current phone is a moto x4"> motos are awesome. i keep grabbing them for $20-30 on ebay already running lineageos. I know I know! I just use each one for one specific thing, like connecting to dashcam in car or wifi management app etc, often chinese apps and i like to give them a device all to themselves ;)

I thought it was very recently scheduled for august 3

I like it, but it isn't connecting to the computer to get updated and is stuck on lineage 15.1

it is starting to do weird things, I need a new phone.

Is it true what he says that android is locking down same as ios

<spaceinfinite[m] "Is it true what he says that and"> Kinda

Mostly apps that use Google services

And that custom roms will dissapear

Which is a ton of them

<spaceinfinite[m] "And that custom roms will dissap"> They won't, but they are getting actively worse look at the stock apps even for a sign for that

Chromium, Calendar, Email

More concerned if they lock down prevent different os like graphene etc being installed

<spaceinfinite[m] "More concerned if they lock down"> That won't happen at least entirely

Thats what he says anyway

It's becoming harder

Yea ... globalisation in everything

It's not the end of the world especially for GrapheneOS which doesn't even have safety net

If that made any sense

GrapheneOS is not effected by this specific issue

As there is no Google compatibility in the first place

Not now

But if google going the apple way then who knows

So android is not google?

Dont they control android aosp?

spaceinfinite: I wish Google would copy the privacy and security of Apple.. alas

<spaceinfinite[m] "So android is not google?"> It kinda is mostly is

Android 11 is closed source right now and fully developed behind closed doors

It will become open source after release

Hmmm

It is made by Google but there is AOSP (the Android Open Source Project) that is also by Google that you can make to respect user privacy

Google is in total control. Chromium is actually open development

Maybe his fears are baseless then

it's what Graphene, Lineage, OmniROM, GlassROM, and all of that other stuff is based on at a core level

Yea i know that

<spaceinfinite[m] "Maybe his fears are baseless the"> They absolutely aren't

they technically control the project, but that still doesn't change that it is a fully open source project

AOSP at least

Android is really not as open as it should be and it's getting much much worse

The closed source parts are becoming more and more important to apps and basic functionality

<geritol[m] "Android is really not as open as"> Which is why there are companies and people out there working on other hardware and software variants.

Something not being baseless does not necessarily mean likely or reasonable

Very few people can fully degoogle and now it is getting much much harder

but Graphene is

Hopefully wont happen

People on GrapheneOS already this shouldn't hurt much. People who haven't switched and need things that don't work would struggle more

Degoogling isn't as hard as people make out. It is just their reliance on the ecosystems that are already in place. If people reevaluated their expectations of what it is to leave the big corps behind, then perhaps things would be easier.

<SchismXL[m] "Degoogling isn't as hard as peop"> Many people need certain apps for work or their lifestyle

Also I don't think people realize that there are good alternatives out there

We are lucky we can

Google Maps seems to be the main one. People say "oh, but the navigation isn't as good on X, and you can never find Y" etc. But, if there was worldwide contributions from even 1% of users, many alternatives would be much, much better. OsmAnd is quality

But, OsmAnd does have caveats.

OsmAnd still isn't that good

Google Maps can track so many people. You just can't match it

The question is how CalyxOS will deal with those changes. They have somewhat promoted microG as a viable alternative

It can't do adresses really

Magic Earth is equivalent

<faxing[m] "It can't do adresses really "> Depends where you are in the world. Currently, in the UK, it is difficult to search with postcodes; however, with a user defined postcode add-on, it makes it perfect.

lqdl66oi62: what install guide did you use?

@lqdl

<SchismXL[m] "Depends where you are in the wor"> In the US, it is next to impossible to get anything more specific that a city or if you're really lucky a section of a city

at least where i am

I've been following the official guide the entire time

and in the bordering states

lqdl66oi62: Do you added fastboot to your path or enviorment?

Yeah I've struggled a lot in the US with alternatives I live with it

If my job relied on it that would suck

mhm

I don't think so

I had to ask someone who had an iPhone who I was with to use Apple Maps for it

How do I do that

lqdl66oi62: Linux or Windows?

Win10

Cause OsmAnd was just not near precise enough

lqdl66oi62: xda-developers.com/adb-fastboot-any-directory-windows-linux

@faxing:matrix.org: we're getting pretty off topic for this channel. We can discuss it more in the PrivacyTools Privacy Discussion group, if you'd like?

Thanks now flashing does work

So now all I need to do is stay calm and don't touch anything until the process is over?

<lqdl66oi62[m] "So now all I need to do is stay "> Lol :)

Osmand can get you in the general location of anything you can find on DuckDuckGo's map tab, faxing

lqdl66oi62: After flashing is done you will see "Press any key to exit..." in your commandline. The Phone gets back to bootloader, just lock the bootloader again and start bootup

You can get OpenStreetMap directions from DDG, then copy the coordinates to OsmAnd if desired. It usually works well enough.

Or just run your navigation in Vanadium...

Either way.

Duckduckgo searches Apple maps, which are privacy respecting and quite good these daya

Days*

If you want to avoid F-Droid for highest possible security, just use DDG and navigate with your browser.

Specifically Vanadium.

yes it boots

Is Google logo showing up for a few seconds normal behavior during boot?

Yes

Google hardware running GrapheneOS will show both logos during boot

As well as a warning screen about modified software

how does it automatically recognize my time zone though

feels like magic

I don't remember exactly, but Daniel was careful to do it in the most private way possible

Read up on the FAQ

Be sure to read FAQ and Usage sections before asking questions

it's kinda spooky that it's possible in the first place without any kind of internet connection

> it's kinda spooky that it's possible in the first place without any kind of internet connection

Not really. I mean, GPS is a completely passive sensor.

oh so gps is always turned on?

that's not what they said

lqdl66oi62: it recognizes your time zone because you're connected to a cellular network

there is no time zone detection based on location or based on internet access (not sure how that would work)

what? I have no sim inserted though

Anyways thank you so much guys for helping me throughout the entire installation process :)

gotta spread the word now

<rover1[m] "switching profiles end processes"> Same question

<rover1[m] "switching profiles end processes"> No

WiFi calling works fine for me on GrapheneOS

<madaidan[m]1 "No"> reboot after switching does?

<rover1[m] "reboot after switching does?"> It logs off the profile

<spaceinfinite[m] "It logs off the profile"> So it wont connect in the background

If using Graphene in a corporate environment how much of an attack surface does MDM open up?

Would a better solution be a fork of Graphene with the ability to install unapproved apks, use a web browser or external email restricted at that level?

I'm thinking that an MDM opens the potential for a lot of exploits should the MDM itself become compromised

That being said I'm not even sure that something like Blackberry UEM would function with Play Services