Imagine you could set the biometric so you it only recognised a page of a book on that would be more secure

people would catch on quick

Anyone know if there's a way to disable system webview webrtc so no IP leak?

Are there any plans to implement a system where you'd need to use a password and a fingerprint?

Is there not 2FA password and biometric already?

I couldn't find anything on my 3a XL for needing both a fingerprint and a password to login

I could just be missing something, though

<analtenderloin[m "Anyone know if there's a way to "> there should be no issue in general

<aeonsolution[m] "As a fall back, there is nothing"> I've always taken that to mean, "degoogle my life," as in remove the influence/filtration imposed Google from the way you ingest data and experience the world

though I do also appreciate the desire for technical specificity

* I've always taken that to mean, "degoogle my life," as in remove the influence/filtration imposed by Google from the way you ingest data and experience the world

i understand the sentiment but it doesn't apply to AOSP, i hate the semantics of it but its an important distinction we have to make because of how the phrase is being used to describe GrapheneOS

and then users and the community only use that a reference point to all features and apps

yeah that's totally reasonable, language is important

is this or that degoogled, etc without understanding what that means

at least with regards to GrapheneOS

This conversation is just cringe

my elevator pitch for this project is usually just, "Android derivative focused on hardening/security/privacy"

hey you take that back... my own mother is 48% cringe, so you're insulting my people

We don't ship google apps because they literally won't run

You wanna go ahead? Try it. See what happens when everything comes crashing

We also do remove a fair amount of apps that rely on gms

what requires GMS in AOSP?

Also we don't want to ship gms for security reasons

tbf gboard, gcam, gmaps (I think), gphotos all work fine

They are apps that we technically can't sign ourselves

though authentication into a Google account fails, I would presume

I just added a fingerprint and still kept my passcode but I can get in to my phone by just using one

faxing: yes

<faxing[m] "Is it better to use the default "> Signal is for signal messages. Using it for regular sms has no benefit over stock app besides having everything in one place. Signal<>signal communication is much better than sms.

<Iusearchbtw[m] "faxing: yes "> That's what I was asking someone earlier and it sounded like you could have it force both to get it, you can't?

No

Oh yikes

Are there any plans to implement something like that

* Are there any plans to implement something like that?

Firstly faxing let's say your face hardware breaks

using biometric auth requires a pin I think, but you only use one

How do you unlock now?

I don't keep much on my phone so I'd just reset it if my fingerprint scanner broke

But that's not realistic for almost everyone else here

I was just asking for the increased security

Thanks for the answer

There is none

For one you cannot access face data until you decrypt the phone

<snowkeld[m] "Signal is for signal messages. U"> Thanks! I know Signal encrypted messages are better, but sometimes I still need to use SMS, so I was just wondering if one was better than the other to use.

hey folks

<Iusearchbtw[m] "For one you cannot access face d"> This maybe a really stupid question but how does the facial recognition even benefit security if the scanner can’t read the encrypted data

what distros are folks using for graphene building? i just finally got a fairly stable install of mint running on my macbook but figured i would ask here if anyone had any suggestions on any that might be better suited, been a little while since i had a linux box and years back when i worked with zombi guys we mostly ran backbox

the website covers that

"Arch Linux, Debian buster and Ubuntu 20.04 LTS are the officially supported operating systems for building GrapheneOS."

ah fair enough, hmm not a fan of ubuntu really so may look into the other 2 before i go down into preparing my boxes environment

i guess arch may be a learning curve thats worth the time if im going to get back into learning my arse from my elbow again

I've been on Debian for over 10 years.

Highly recommend

not for security, but that is a topic for the other channel

have people had issues building on mint? I would kind of suprised if the instructions for ubuntu were unworkable on mint

don't they share a very similar package base?

Mint is Ubuntu or Debian depending on version, though it is highly customized by mint devs. You would likely be fine with anything meant for the corresponding Ubuntu release, if using the Debian version of mint you might have a few more hiccups because it's rolling with Debian testing, or it was last time I looked

if you dont want to have a bad time just use the officially supported operating systems, its not a good use of your time to figure out why your distro doesn't have the packages you need to be productive

i was looking to get a pixel phone with grapheneos to replace my samsung galaxy, but seeing all the problems people report in here, i'm not so sure anymore :(

If you can handle a system with no gapps(disable it on your Samsung to test) go for it

the only i'd want is Google Maps

I guess you could get an iPhone if that doesn't cut it if you want a serious GrapheneOS competitor

i'm not a fan of the iphone's UI

<user937 "the only i'd want is Google Maps"> it works iirc

but i need a google account to use it right?

<cn3m[m] "it works iirc"> Doesnt work on a fully degoogled phone, checked plexus

It does work fine with microG

<user937 "but i need a google account to u"> no

It has worked with fully degoogled phones recenetly iirc

it doesn't need an account

oh nice

or you can use Maps Go

which is Google

no issue

perfect

is there a way to install grapheneos in a virtual environment to test it out?

user937: no

ok thanks

And he's gone lol

faxing: indeed

Sometimes it is better to begone

(This is sarcasm, for all the snowflakes)

i have a systemd-nspawn container if anyone wants

* i have a systemd-nspawn container image if anyone wants

i gave up on docker

it is always broken with ipv6

<renlord[m] "i have a systemd-nspawn containe"> im interested ✋

gotta tidy up a bit before i share

what does fully degoogled mean?

i refered to plexus too, but i guess its wrong

Vappy[m]:

hi which build do i pick for building kernel for 3a ? , blueline ? crosshatch?

aosidaisudh2039u: crosshatch is Pixel 3, blueline is Pixel 3 XL

<louipc "what does fully degoogled mean?"> Uh, degoogled and fully degoogled are technically the same thing, but I was referring to the fact that degoogling your device means you would need to rid yourself off of Google services framework and Google play services, which some apps depend on to make their apps usable. If you remove GSF and GPServices from your device, some apps lose some functionality while other apps

refuse to start.

aosidaisudh2039u: sargo i think

it says invalid codename when i do ./build.sh

with sargo

aosp_sargo?

oh i see

aosidaisudh2039u: grapheneos.org/build#kernel

it crosshatch

lol.. maybe bonito im confused

lol

what's right?

"Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL: crosshatch - separate crosshatch, blueline and bonito builds due to hardening"

i don't get this

i would bet on bonito

because 3 is blueline, and 3a is bonito

2 and 2

aosidaisudh2039u: they use different kernels between device familys for hardening

yea

cool

families*

so crosshatch is for 3, 3 XL, 3a, 3a XL

thx guys

i do recall strcat saying long ago that the new phones between normal and XL variant use the same build

if im not mistaken

the crosshatch kernel sources cover 3, 3 XL, 3a, 3a XL

<louipc "i do recall strcat saying long a"> they are separate builds and even testing

the kernel is shared

the stock OS uses the same kernel for 3 + 3 XL

and then another for 3a + 3a XL

ah

we also use same for 3a + 3a XL

but we have a different kernel for 3 and 3 XL because we disable dynamic kernel modules and build in those modules instead

and the touchscreen driver is different for 3 and 3 XL

that's why we have blueline, crosshatch and bonito as the parameters to the script

docs try to explain this

if we did what the stock OS does, it'd just have crosshatch and bonito parameters

but we split blueline/crosshatch due to different touchscreen driver, which we built in

louipc: 4 and 4xl use the same kernel btw

There was no difference in drivers

cool

<louipc "google maps wont work"> It works but without the sign in functionality.

so far it has been ``./scripts/link-vmlinux.sh: line 93: 69661 Killed ${LD} ${LDFLAGS} -r -o ${1} $(modversions) ${objects}make[1]: *** [/home/shifted/Desktop/grapheneos-QQ3A.200805.001.2020.09.11.14/kernel/google/crosshatch/Makefile:1106: vmlinux] Error 137make[1]: Leaving directory

'/home/shifted/Desktop/grapheneos-QQ3A.200805.001.2020.09.11.14/kernel/google/crosshatch/out'make: *** [Makefile:152: sub-make] Error 2```

i've been unable to build the kernel for 3a

it always stops at vmlinux

LTO vmlinux.o

my laptop has 6gb ram, maybe not enough?

aosidaisudh2039u: grapheneos.org/build#build-dependencies says you need > 16G ram

is this absolutely impossible to build on 6gb ?

aosidaisudh2039u: Some aggressive use of swap might be a workaround, but LTO seems to be quite memory intensive

Can any body give me how much time it takes to build GOS on a decent 4c/4t cpu, 16 gb ram and ssd?

I don't have any recent benchmarks handy

but I remember wih a skylake era xeon and 4 (around) 5400 rpm drives in RAID10 it took about ~3 hours I think?

haven't done that in awhile

* aosidaisudh2039u: grapheneos.org/build#build-dependencies says you need >= 16G ram

<JTL "but I remember wih a skylake era"> Nice. I have a skylake cpu as well but consumer. i7 6700K.

it was roughly the same performance as the 6700k

except as a xeon

that good enough for you to start with? :P

Haha yes.

`PS I:\vanadiumtest> adb install TrichromeChrome.apk

Performing Streamed Install

adb: failed to install TrichromeChrome.apk: Failure [INSTALL_FAILED_MISSING_SHARED_LIBRARY: Reconciliation failed...: Reconcile failed: Package org.grapheneos.vanadium requires differently signed static shared library; failing!]`

`PS I:\vanadiumtest> adb install -r TrichromeChrome.apk

Performing Streamed Install

adb: failed to install TrichromeChrome.apk: Failure [INSTALL_FAILED_MISSING_SHARED_LIBRARY: Reconciliation failed...: Reconcile failed: Package org.chromium.chrome requires differently signed static shared library; failing!]`

Problems I encountered as I followed the building instructions in Vanadium and installing it on other stock Android OS phones

Hello, I am trying to figure out which build to run for the pixel 3a, sargo is what is listed for the AOSP, but my options on the kernel are blueline, crosshatch or bonito. None of which are sargo. I've poured over the github and the readmes inside the kernel directory as well as looked at the bash script, but nothing is jumping out at me as "use this one!"

bonito?

bonito

<Lia[m] "Problems I encountered as I foll"> Need help here, I can't test patches without it being able to be installed as user app

mekanation[m]: yea i guess the build instructions could be worded better

Awesome thanks! I was really trying to not ask a stupid question but its a bit of a big build to get wrong

I used the default args.gn, changed it, generated my certdigest

But nothing works

Lia: you're not using the correct cert digest

or you're not signing it

Id love to help out grapheneOS more, but I dont have a ton of experience with android development, just core java and some C. Are there any devs willing to mentor? or maybe some beginner friendly bug fixes?

mekanation: I can recommend some starter issues that you would have no problem with basic knowledge thanks for the interest

do you have the build setup?

Most of the way done. How reliable is a emulator build over a for device build?

* Most of the way done. How reliable is an emulator build over a for device build?

the emulator is reliable, you're just limited in what you can work on since it doesn't have the full functionality of a real device and doesn't have features like verified boot from a root of trust

and GPU performance isn't good

especially on some poor quality drivers

mekanation[m]: you could make cool non-google apps too :D

Is the correct order of operations write some code then buiild, or build so you have a base, write some code then build only difs?

I'm game for anything louipc

i think that depends on the changes youre doing

refactoring gonna need fresh builds usually

very few changes require fresh builds

mekanation: get working builds without any changes first

make changes, do an incremental build, test it

you do not need to do a fresh build except in rare cases or before you're going to send in changes in a PR to make sure it works properly

yea good idea

<strcat[m] "Lia: you're not using the correc"> Made and signed one before, probably because I initially cancelled the ninja with wrong certdigest

Not sure if I should delete the files in vanadium/src/out/ and start over

Lia: did you run gn args again with the new certdigest?

if you change args.gn you need to run gn args again

<strcat[m] "Lia: did you run gn args again w"> Yeah

I would recommend double checking it's the right certdigest and doing a clean build with it

Cancelled and changed it

make sure you matched the case it uses

needs to be same format

Retrying before rebuilding cleanly as it takes a long time

Should the build not be interrupted? Leaving my device the whole day is not an option for now

interrupting it is usually fine but may sometimes cause an issue

I don't think that's the issue

the issue may be that you cannot change that part of the build configuration without a clean build

Just to be clear, it's not only the src/out I should delete?

Tested one last time and it failed

* Just to be clear, it's not only the src/out I should delete for a clean build? Like from the start

Also, my alarm sometimes does not work.

I was told it might be due to battery life, however last time it did not work, the power was on 39%.

Are there other settings I need to play around with?

Are you using default sms?

yes

is DND on or off if you swipe down from the tray?

dnd turned off

Lia: out is the only relevant directory to remove

if you did a clean build with what you think is the correct certdigest and you think you signed it, the problem is you didn't actually do one of those things

you made a mistake somewhere

Put your build number and model in here for someone more experienced to respond. anonymous821

I dont know any more than what I told you.

Lia: maybe the certdigest is incorrect

Lia: sha256 in lowercase iirc

<strcat[m] "Lia: maybe the certdigest is inc"> Will redo the certdigest. I just copy-pasted it which is odd

Lia: make sure it has no :

you could also try getting it from keytool itself

instead of piping to sha256sum

just to double check that's working right

<mekanation[m] "Put your build number and model "> pixel 3a QQ3A.200805.001.2020.09.11.14

keytool has a way to list keys and you can pass -v and maybe -sha256 to get it to show that

forget the exact keytool commands

I redo the command

But now I have no build.ninja

`ninja: error: loading 'build.ninja': No such file or directorh

* `ninja: error: loading 'build.ninja': No such file or directory'

* `ninja: error: loading 'build.ninja': No such file or directory`

Is it fine to do gn gen out/Default?

* Is it fine to do `gn gen out/Default?`

* Is it fine to do `gn gen out/Default`?

If I were to donate $500 AUD to the project could you guys implement an imei changer of sorts 😱

no, $500 doesn't cover developing custom hardware with that kind of feature

<lickidyspl1t[m] "If I were to donate $500 AUD to "> Changing imei is illegal

what if theres no imei to start with

louipc: yeah I use VoIP for everything

good idea

<cn3m[m] "louipc: yeah I use VoIP for ever"> But your device can be still traced via the IMEI, right?

<louipc "what if theres no imei to start "> What about the imsi?

Wi-Fi doesn't have an IMEI

prefer Wi-Fi

What do they mean when your location can be traced by wifi?

By the way, rebuilding is in progress (will take days probably)

WiFi triangulation is built into iPhones and android

Them google street view vans scanned WiFi data also

bypassbob[m]: same

Any case where wifi > ethernet?

bypassbob: not sure what the relevance is

In GrapheneOS

<Lia[m] "Any case where wifi > ethernet?"> None. Ethernet wins in every scenario except mobility.

bypassbob: Wi-Fi supports anonymity, suggest reading the usage guide

Since there is full randomization on MAC on GOS.

no wires to trip over with wifi

strcat: you said prefer WiFi. It’s relevant to you.

it's not relevant

read the usage guide

WiFi triangulation isn’t relevant to WiFi?

don't post misleading / false information here

How’s it false

explained above

Wi-Fi supports anonymity, which is the default

it doesn't use unique / persistent identifiers

bypassbob: not relevant

we're talking about phone privacy

bypassbob[m]: grapheneos.org/usage#wifi-privacy

not a STATIONARY Wi-Fi AP

using nearby Wi-Fi networks as a way to detect location has no relevance to the topic

Wi-Fi and Bluetooth scanning for improving location detection are disabled by default, unlike the stock OS. These can be toggled in Settings ➔ Location ➔ Wi-Fi and Bluetooth scanning. These features enable scanning even when Wi-Fi or Bluetooth is disabled, so these need to be kept disabled to fully disable the radios when Wi-Fi and Bluetooth are disabled. GrapheneOS doesn't yet have an implementation of a coar

location service to supplement GPS location, so enabling these options doesn't actually do anything at the moment. Implementing a supplementary location service is planning but we need a robust, secure and private implementation via a local database. The initial focus will likely be a cell phone tower database, so these features still wouldn't be relevant.

> of a coarse location service to supplement GPS location, so enabling these options doesn't actually do anything at the moment.

🤔 confusing lol. So they're useless features at the moment ?

what are you asking specifically?

I don't see anything confusing

it says there that we do not provide an implementation of those features, and regardless, that has no relevance to the topic

Do you think 2FA will be implemented in Graphene soon?

as explained there, Wi-Fi scanning is anonymous on these devices (without GrapheneOS too)

bypassbob: 2FA works fine on GrapheneOS, what exactly do you mean?

you mean 2FA to unlock?

Yes and power on

I haven’t got GrapheneOS yet just going off what I’ve read

bypassbob: there is only an unlock method (which decrypts), not a boot password, not how it works

<bypassbob[m] "Yes and power on "> that won't happen

there is per-profile encryption

Here to learn more and ask questions

bypassbob: we aren't going to be implementing a 2nd factor for the main passphrase, it would result in people losing their data and a strong encryption is already more than enough

the plan is to extend how secondary unlock works

recommend reading the planned feature on the tracker about having fingerprint + PIN 2 factor unlock

* recommend reading the planned feature on the tracker about having fingerprint + PIN 2 factor secondary unlock

does not impact primary unlock which should be a strong passphrase

How does it work on boot? I’ve had some expensive encrypted phones. That you have to press a certain button combination to boot the device if you don’t it boots a dummy os. After booting it requires password

it takes 650 years to break a Titan M with a 4 digit random PIN

bypassbob: as I said, there are per-profile encryption keys based on the unlock method

it isn't tied to booting, it's per-profile

so your question isn't applicable to GrapheneOS

there is no boot passphrase, and there won't be one, each profile has a separate encryption key derived from the profile's primary unlock method (as with AOSP)

So it’s like turning on windows then logging into a user?

just go by what I said

> there is no boot passphrase, and there won't be one, each profile has a separate encryption key derived from the profile's primary unlock method (as with AOSP)

and of course that primary unlock method is super strong since the Titan M

it's super strong if you use a strong passphrase regardless since it uses scrypt combined with hardware-accelerated, hardware-bound encryption with the Titan M protection added on top of that

the Titan M protection added on top is what makes it so that even a 6 digit PIN will take a ridiculous amount of time to brute force unless they can exploit the tiny attack surface of the Titan M

so even a profile protected by a weak unlock method has that

if it's a strong passphrase then it doesn't really matter, but of course it benefits that too

the strong key derivation + hardware accelerated portion of it helps make passphrases inherently stronger

it does scrypt in software and then the hardware portion of key derivation is delegated to the TEE implementation so that's device specific

TEE ideally uses something like HKDF via a hardware accelerated implementation (Qualcomm SoC has hardware-accelerated HMAC for that with a hardware-bound key as an option)

anyway encryption is per-profile, and could be made more granular than that

So a very long passphrase would take a lot longer than 650 years

it's not just 1 encryption key for everything with a passphrase entered on boot

bypassbob: far longer than that

and if the Titan M is not exploited successfully, then even a crappy PIN unlock lasts that long

and Titan M firmware cannot be updated until authentication of the owner account is done successfully so you'd actually need to exploit it, can't do something like bribing insiders millions to steal the keys to sign firmware

it's a nice approach

would like to see other companies deploy OpenTitan chips with a comparable implementation of the APIs supported by AOSP in their devices

this is just 1 of several features it offers (this is called Weaver)

basically Weaver is a table of slots, 1 for each profile

Yeah Google and GrapheneOS could both work together and still couldn't break open your locked phone with malicious firmware it is super cool

when you set the unlock method for a profile, it derives an auth token which is passed to Weaver

Weaver generates a random token, passes that back to the OS

That’s usually the method to breaking security as well blackmail or bribing workers

and the OS uses that as one of the inputs to derive the encryption key (along with the other inputs like a token derived from the auth method, etc.)

and Weaver enforces a rate limit that's exponentially increasing quickly going up to 1 day per attempt

What type of encryption is used?

so - if you use a strong passphrase this is a nice extra layer, but you don't really depend on it

bypassbob: depends on device

4 XL

4 XL Is AES-256-XTS for data blocks, AES-256-CTS for file names

with file names rounded to 32 byte lengths on GrapheneOS

it depends on the device though

In your opinion is the 4 the most secure to date?

I have a question regarding trojans on graphene os. How safe can someone be?

devices without hardware accelerated AES will use en.wikipedia.org/wiki/Adiantum_(cipher)

* In your opinion is the 4 the most secure device to date?

For example, swedish government has now a new law that gives the police right to secretly monitor your phone/pc etc if they "suspect" you of some sort of crime that can give 2 years of prison time...

<aln124[m] "For example, swedish government "> A lot of countries are doing this.

Adiantum is probably a lot nicer than using AES-256-XTS really

but when you have hardware accelerated AES it's hard to justify using a software implementation

it exists for devices without hardware accelerated AES

aln124: don't install malware and grant it a bunch of permissions particularly quite powerful ones - about all that can be said

<aln124[m] "For example, swedish government "> Key Disclosure Law is there in many countries. None of the protection will work out there as you will need to reveal the key.

to the government ofcourse.

aln124: I don't think malware that you installed yourself and granted permissions is really an interesting topic beyond mentioning that Auditor is a great way to detect that there's an accessibility service, etc. (not really the core purpose of it, but it's a nice way to do that)

Ultron: this is why using profiles is important

if you are worried about malware use another profile to install sketchy stuff you are going to grant permissions too

how can you decrypt a profile on your device made for your friend in another country? you don't have the passphrase

there are per-profile encryption keys

the owner account can't decrypt secondary profiles

I'm excited for the VPN profiles fix in Android 11

Yeah, I name my profiles after people

Lia: inthewaves implemented it, our next release will be Android 11 though so that's why we have it there

Android 10 GrapheneOS branch is EOL now

<strcat[m] "how can you decrypt a profile on"> Hehe. Seems like a decent excuse to go with.

GrapheneOS development team is working on porting everything over, I'm mostly reviewing / correcting their work

<strcat[m] "Lia: inthewaves implemented it, "> Skipping the current release and waiting for Android 11 due to beta reasoms

> <@strcat:matrix.org> Lia: inthewaves implemented it, our next release will be Android 11 though so that's why we have it there

* Skipping the current release and waiting for Android 11 due to beta reasons

Ultron: you can legitimately have a friend in another country who you made that profile for

Lia: yeah there won't be another Android 10 based release afaict (can't see a reason to) so might as well wait to handle that

we just still had to do that release for everyone not beta testing

and ofc it had to be beta tested itself

and we couldn't release the problematic one we had to cancel

not ideal for beta testers on 3a / 3a XL but yeah

Is it possible to sideload the OTA skipping a release? asking for a beta tester friend

Is anyone able to actually get nextcloud to install during a seedvault restore?

That is not supported at the moment

Next cloud backups didn't work so well, but a lot of improvements have been made in that area

Fair enough

Also is there a way to trigger a restore at a point after initial setup

not via the supported UI

technically you can via adb shell to run the activity but that's not really supported

What would be the adb command or can you point me in the direction of the instructions?

Hugh: adb restore

This will trigger seedvault?

Remember that adb backup/restore is deprecated

No

Ah I meant the seedvault adb activity strcat mentioned

I meant that it is technically possible to launch the same restore activity as SetupWizard but this is unsupported by Seedvault

ok, no worries. Thanks anyway

I am thinking of getting an unlocked Pixel 3XL to install Graphene. I saw a used unlocked phone that seems reasonable but it has android 11 already installed on it. Would that be a problem? Thanks!

iirc it’s not too difficult to downgrade?

(If you have to)

OdwoRyn: that's not a problem

the install guide suggests updating the stock OS before flashing anyway

Hi, when do you expect first beta release for 4a?

no one is working on that

devices require a device maintenance team to step up and work on them, and commit to long-term support

so far no one has done that

if that's the case in 6 months, it will be no closer to having support for it then either

if no one steps up to do that we won't support it

same goes for the Pixel 5

if there aren't device maintainers for future Pixels, we won'

* if there aren't device maintainers for future Pixels, we won't support them

<vpsvrm[m] "Hi, when do you expect first bet"> Calyxos for pixel4a is coming out soon in the meantime if you wanna check that out

<strcat[m] "if there aren't device maintaine"> Thx for info

Is it good option to get 3a? I thinking about long-time support.

vpsvrm[m]: If you can find one, Google stopped production - I believe

the newest supported device is a Pixel 4

and the 4 / 4 XL are the only devices with a dedicated maintainer right now which is required for all future devices too

we support 8 devices, 6/8 lack maintainers

<strcat[m] "we support 8 devices, 6/8 lack m"> ok 4 is probably the best for GrapheneOS for me right now

Which Messaging Apps are running on GrapheneOS? Signal, Telegram, WhatsApp, Viber ... ?

<vpsvrm[m] "Which Messaging Apps are running"> Whatsapp works with no issues

Whatsapp works great.

Dont know the others, check the log

<vpsvrm[m] "Which Messaging Apps are running"> Signal, Telegram, Whatsapp work

<Lia[m] "Signal, Telegram, Whatsapp work"> Great - Any experience with Viber?

No

<aeonsolution[m] "Your monetary donations support "> I am new in GOS channel and willing to jump from LineageOS to GOS for privacy&security matter. I will donate to this project for sure. I want know which phone I should buy first 3a or 4a (with some small patience) from my preference list. I need phone with audio-jack. If development guys have this Pixel4a in target I prefer wait for and buy it.

anonymous821: Hey didnt see anyone get to your question. I would try using signal as your default messaging system and see if that works. If it doesnt, consider a reflash of an older build that worked.

> <@8383n550n:matrix.org> I am new in GOS channel and willing to jump from LineageOS to GOS for privacy&security matter. I will donate to this project for sure. I want know which phone I should buy first 3a or 4a (with some small patience) from my preference list. I need phone with audio-jack. If development guys have this Pixel4a in target I prefer wait for and buy it.

> Thank you for reply.

The 4a will be supported for longer, once it has a build.

CalyxOS almost has a build ready for the 4a, so you could give that a go?

I say supported for longer because it is newer. Google could pull the plug any time for any device, though. Just remember that!

So i have a pixel 3 and i was wondering who else here has it. how much screen time battery life do you normally get on it. Because it seems to me like it's burning through battery.

The question is, what apps do you have installed, what are you using the phone for etc? Haven't seen many reports of draining battery life.

<Autopsy[m] "I say supported for longer becau"> Thank you very much, clear. I will consider your advice. Hope will be supported long time.

No guarantees, but you'd have CalyxOS while you wait

<vpsvrm[m] "Great - Any experience with Vibe"> Works even better than Signal and WhatsApp

<Autopsy[m] "The question is, what apps do yo"> Nothing out of the ordinary. I'm just wondering if someone can give me there average battery life under heavy video consumption for example.

I don't use WhatsApp but I tried it for few days. Notification don't arrive until I open the app

hey there

thinking about buying a pixel 3a tomorrow, is it worth it? How long will the support last?

1 year and 6-7 months

* 1 year and 8 months at least

k thx thats long enough for me

(The guaranteed by Google updates)

google updates?

Reword: The guaranteed OS/security updates by Google

Pixel 4a is cheaper probably and has 34-35 months support left

is graphene supportet on 4a yet

Not yet

Waiting for a maintainer for it

also what do you mean with google updates. Does graphene always support the same time span as google?

Yeah

I advise reading the FAQ

ok ill look into it, last question: i heard you cant unlock the bootloader on verizon models. Verizon models = pixel with verizon contract, right?

Yeah, the one you buy from them, carrier variants

Their models are a search away

ok thanks for your help, I think I'll buy a 4a and use android 11 until graphene is supportet

auditor attestations failing for everyone on android 11 or just me? (pixel 3 xl / stock android)

Is it the latest version?

auditor version 18. think it is the latest from play store

Use 19

Not yet in play store I guess

Got it. will install

arouzing: I've found Signal can drain a lot of battery sometimes. I think possibly when network connection isnt great

ahh

i mean this was before install

* i mean this was before install of that

* i mean this was before the install of that

arouzing: search in settings for 'battery usage'

Can see which apps are using power

PIA VPN may use a lot. Think VPNs that use wireguard give best battery performance

do yall need any help writing more hand holdy guides?

<mekanation[m] "do yall need any help writing mo"> What for, hombre?

<dazinism "PIA VPN may use a lot. Think VPN"> Mullvad barely sips battery

Think I'd use the Wireguard app with a VPN that supports that rather than the VPN services own app

Theres some cleanup in some sections that can be done if people dont know how to google. But i dont know if you really want users that dont know how to google cuz then theyd ask how do I install my google play apps which is bleh

Fair enough, dazinism. Mullvad app is alright, though. After 8 hours and 44 minutes (since last charge) it has used 1% battery.

<mekanation[m] "Theres some cleanup in some sect"> All well and good, but some people need to fail and learn from their mistakes before they come running for help.

mekanation: I dont think documentation changes would get much attention right now, because Daniel likes to oversee/give the final edit/rewrite, and all his attention is on porting to android 11

makes sense.

I wanted to make a "GrapheneOS for Dummies" installation guide, but I haven't had time yet. The documentation is fine as it is, but some people get stuck on certain parts or just like pictures to follow

Yea thats what I was thinking. Like if you do platform tools via linux you have to add your user to the right group to run fastboot commands, but you also have to log out and back in for the changes to take effect. Easy to google and fix, but if something like that was just as a warning in the guide it might make the install process easier for people.

But at the same time what is the mission of GrapheneOS? Power users who wont be annoying about things, or get everyone on it for more privacy focus everywhere

* But at the same time what is the mission of GrapheneOS? Power users who wont be annoying about things, or get everyone on it for more privacy focus everywhere?

<mekanation[m] "Yea thats what I was thinking. L"> I take the lazy (unrecommended) way of using root or admin most of the time. Having to explain what to do to not use root or admin would take longer than just downloading the files and getting them to run the script

<mekanation[m] "But at the same time what is the"> The latter, imho.

Can't talk for the project, but the latter for me.

Could write something in the community wiki

Dan could use it if he likes the look of it

Anyone could add/edit/improve

Linky plsnxoxo

Oh, you did!

Sounds good, do we have a bug/features/sprint/whatever people call it these days board?

I set that up had a couple of folks other than me do some stuff there

No, but could just start a list in a wiki page

I'm just looking to help however I can, but I havent found a good work on this spot.

mekanation: if you think the documentation is missing anything and want to write stuff. Probably not terrible idea to write in the wiki. Others can edit/improve and it can be submitted, or picked from for the main site if appropriate

strcat how come theres so few maintainers? I wouldve thought there were more interest in keeping this great project running 🙃 in any case, what *requirements* would one need to be a device maintainer? Know C langauges?

sad_plan: tbh way more than just knowing how to code

Like you should somewhat have a picture of what you have to do and how you're going to do it before you can write the code for it

Past experience may make things easier but won't guarantee a result

Can anyone point me to where I can find more information on how GrapheenOs handles backups ?

What is included in backups, limitations, etc.

adeus: github.com/stevesoltys/seedvault

this is the backup provider used in Graphene OS.

all applications that implement the backup API can be back-up

* all applications that implement the backup API can be backup-ed

limitations: GrapheneOS/os_issue_tracker #257

mekanation: i might repost at a different time. I avoid Signal as it requires a phone no. Doesn't it also have access to contacts too?

<anonymous821[m] "mekanation: i might repost at a "> Just use a virtual number and set a strong 2FA. It does not require access to contacts.

Anyone that has used the backup and restore process in GrapheneOS can you tell me when you restore does Signal require re-registration ? Or is the app restored exactly how it was at snapshot?

adeus: how do I setup a virtual number? is it free?

anonymous821: just get a virtual number from any of the million services you can buy them for as cheap as 99c

adeus: ok. I can potentially be doxxed via the payment though.

Also, will I still be needing the vitual number for future verification purposes on Signal?

> <@anonymous821:matrix.org> adeus: ok. I can potentially be doxxed via the payment though.

> Also, will I still be needing the vitual number for future verification purposes on Signal?

Use bitcoin

No, it won’t ask you to verify the number again.

lol, pseudonymous