[chiptune music intro with guitar hit] [paper tearing sound] Greetings and welcome to an improvised episode of Veronica Explains! I'm Veronica, and today I'd like to talk about GrapheneOS and installing it on this here Pixel 7 that I just picked up a few days ago! Now by the time you see this video it's possible there's going to be a whole new Pixel and this isn't the new Pixel. This is the one that I was able to actually get a hold of. I should probably mention too that this isn't going to be like a full review of GrapheneOS and what it's like and what my thoughts are on it. If I do a video like that it's going to come later after I've actually used it for a while. This is literally like my first impressions with the whole thing which is why it's improvised. I don't normally show this part to people but I figured it'd be kind of interesting! So this is the website for GrapheneOS and it positions itself as the private and secure mobile operating system with Android app compatibility. Now I've never used anything like GrapheneOS before. The closest I've ever come is with earlier Android phones. I've flashed LineageOS or CyanogenMod back when it used to be called CyanogenMod and I liked that. That was okay. That was an easy process to do. But GrapheneOS seems to offer some different features that I kind of wanted to get into. It looks like it has a web based installer which as far as Android is concerned is kind of novel to me. I've never done that before. The other thing that I really like about what I'm seeing from GrapheneOS is they're focused on privacy and security first. Now I'm not going to say that I'm like a paranoid "not mobile" user because I do use my phone. You know, I work in the modern era and a smartphone's kind of hard to avoid. So this isn't going to be one of those videos that's like, "ditch your smartphone use this instead!" I'm not doing that. What I'm interested in here is just how this supposedly more secure version of Android actually works out from a practical standpoint for my day to day use. So I will be using this as my primary device before I give it an honest and sincere review and I'll probably do a companion blog piece to this video that actually outlines my day to day usage and goes into more of the specifics of how I personally use a smartphone day to day because I know some people use a phone, you know, two, three hours a day. Some people more. I'm typically under an hour a day is my smartphone usage. So that might impact how I feel about this. So let's try installing it and, you know, let's just see how it works. So the phone I'm installing it on is this Pixel 7, which I picked up the other day from a big box retailer. And let's just dive into it and open it up and see how we like it. Again, this is not the new Pixel. They're allegedly putting one out soon. Oh, it's big. I don't like how big it is. I hate big phones. I picked a Pixel not because of my, you know, appreciation for Google or anything. I picked this because I just liked the fact that a lot of projects seem to support hacking on it. I find that to be neat. Just going to do a function test and make sure that it works. I will put this in a case. I'm not one of those people who can use a smartphone without a case. I don't live that dangerous lifestyle the way that some people choose to. It seems like it's functioning. Let's see what I need from GrapheneOS to actually get it installed. Okay, so click on install. Web USB based installer. So the prereqs for the web USB installers, two gigabytes of free memory available, 32 gigabytes of free storage space... won't have a problem there. So I'm using Debian 12 and not 11 because I'm using Debian testing for the moment on this particular machine. So hopefully that works out okay. If it doesn't, I do have a Pop!_OS machine that I'll switch to, which should be compatible with Ubuntu 22.04 and officially supported browsers. Let's see. Oh, geez. Chromium. Van...ad...ium? I don't know what that is. Google Chrome Edge and Brave. It does say you should avoid Flatpak and Snap versions of browsers as they're known to cause issues during the installation process. So I'm going to have to install Chromium. I might have a Chromium on here. Let's see. I've un-googled Chromium. Fine. I've switched to Chromium to make sure the device can be unlocked to install Graphene. Avoid carrier variants of the devices. This is big box version that I bought retail. It's best practice to update the device before installing GrapheneOS. Okay, fine. I do not want to copy apps and data. Let's not copy that floppy. You can kind of see me. Hello! Okay, we're going to skip that. Skip. I don't want to do any of this. No. No. Skipping the PIN. No PIN. I don't want any of those apps. Skip all that. Skip it all. Okay, so here's my new phone. Look at that go. I'm going to update it offline and we will go from there. [big beige computer moving sounds] Oh, this thing? Don't mind that. That's for a future video. So the update completed a little bit ago. I mean, some people like default Android. I don't love this. It's so busy. Like, why is this here? I don't want this. I didn't ask for this. So we're in here. I need to enable OEM unlocking. So enable the developer by going to settings about phone and repeatedly pressing the build. Okay, I am repeatedly pressing build. I'm a developer. Next go to settings, system, developer options and toggle on the OEM unlocking setting. Yep, that's okay. All right. So I've enabled OEM unlocking. Now I need to flash as non-root. On Debian and Ubuntu, install the `android-sdk-platform-tools-common`. [Model M clicky greatness] K, we are installing the android-sdk-platform-tools-common. There we go. You need to boot your phone into the bootloader interface. The easiest approach is to reboot the phone and begin holding the volume down button until it boots up the bootloader interface. I don't want to do that. Power off. Just turn off the power. Press the power button. Why do I have to press two buttons? One button, just power button. Oh my God. It's not a power button if it's the talk to Google button. Okay. That's how you... That's two buttons. I don't like it. Nope. I have to hold down a button. Volume down. Okay. Holding down, volume down and then rebooting the phone. Come on, volume down. Is this volume down? It's a safe mode. I didn't ask for safe mode. Holding down the volume down button. Okay. That looks like a bootloader. All right. Connect the phone to the computer. Hopefully, I don't have to manually set udev rules. I'm guessing based on the package that I installed that it should hopefully include it, but I'm not in GNOME, so I don't think I have to do that. Do I literally just click this? Aha. Okay. So that worked. That's neat. Okay. Hit connect. Oops. So it looks like we've got "do not unlock the bootloader" and it says use one of the volume buttons. So I'm guessing unlock the boot. That's neat. Cool. That's really slick. I've never done this from a web browser before. Okay. So then you need to obtain the GrapheneOS factory images for your device to proceed with the installation process. Press the button below. And now why isn't it connecting? Did I actually, I have to hit the power button to confirm. Yep. That was me not reading the instructions all the way. Okay. Okay. Okay. So now we obtain the factory image. This is really cool. I got to say, like I've never seen a, like a, like an Android install this easy. I mean, I haven't installed anything else recently because again, I'm not much of a mobile phone user, but this is really cool. This is just like incredibly simple. Okay. It's downloaded. The initial install will be performed by flashing the factory image. This will replace the existing OS installation and wipe all data. That's great. There's no data on it. Holy cow. This is incredible. It just, it automatically, there, it's doing it all on its own. Like it's, it's incredible. Like, oh my goodness. Like look at this, like, like it's just handling it. I've never seen anything like this before. Holy crap. It's still going. It's still doing this thing. It's handling everything on its own. The phone is just, is reacting to it in real time, which is incredible. Like I don't, I'm, this is, this could spoil somebody because I remember the old way of flashing LineageOS and it was incredibly complicated, at least compared to this. This go to a website and hit a few buttons and then you're good to go. This is fantastic. Wait for the flashing process to complete. It will automatically handle flashing the firmware. It did all of that. Avoid interacting with the device until the flashing script is finished and the device is back to the bootloader interface. Then proceed to locking the bootloader before using the device as locking wipes the device again. So it looks like locking the bootloader is next. In the bootloader interface, set it to locked. Hitting the button. Isn't that nifty? Like right from a website. The command needs to be confirmed on, on the device, yep. So we have to confirm it on the device. Guessing that means I hit the button to say lock the bootloader and then I execute. Okay, I'm guessing it says device state locked. Your device is loading a different operating system. Visit this link on another, I mean I don't want to. I'm fine with this operating system. Okay, that works for me. That works for me. Hide this part. Allow apps that have asked your permission to use your location. Sure. We'll turn it on for now. Okay, fingerprint. Okay, now it's on fingerprint to unlock which is pretty straightforward. Fingerprint images and model are stored securely on your phone. That's good. It's a pretty nice onboarding. Okay, I do not have any apps and data but this is nice that it gives you this option. I'm going to hit skip and I'm going to take a guess and say that's it. Holy cow. That really it? Okay, so it says we have 5G. I'm going to open up a web browser and just let's test it by going to a website. Vanadium notifications make things easier. You'll be able to easily manage media controls incognito. I don't know what this is. What's Vanadium? Continue. I guess I'll allow it. Let's go to a website. That looks like it works. Okay, so I got mobile data. Says it's 5G. Feels 5G-ish. So they have to install some apps. So Vanadium must be Google Chrome but Vanadium, I don't know, this must be their like special Google Chrome thing. It's nice how simple it is but now I'm wondering how do I install an app? So I'm noticing right away Google Play server is Google Mirror. So it looks like Google Play is sandboxed here which looks really cool. What I don't know is how to install an app. [Final Fantasy IV "using a tent" theme] Okay, it's a new day. This just arrived. Let's get this installed on the phone and try to install some apps. I like this. It says it's 5G-compatible. Can a case change the 5G? Leave me a comment if the case can change the 5G. I've never heard of that before. Let's get this jammed in there, right there. To set the profile, I think I need to get into the settings app and then, what's that, at the bottom, what was it, system? Multiple users. Okay, here we go. So I'm going to allow a user, I'm going to set up a user known as Google Crap. Okay, so we're calling it Google Crap. Okay, so screen recording doesn't seem to have worked here. We'll just select this and... [obnoxious bebopping] ...start the gallery. So it looks like the gallery is separated between the two devices, which is kind of neat, or at least the two users, which is kind of cool. It does look like isolation, which is pretty nifty. I don't know if stock Android usually does that or not. I haven't ever played around with it, so I guess we'll see. Okay, there we go. I apparently, if I swipe from the all the way bottom, it's given me the multitasker. That's a technical term. Okay, I click on apps, and here's what I'm given the option for. I don't know what app store I want to use. I think I might just try Google Play Store right now, just to see what that looks like. But I know I need to dig into this a little bit more and kind of learn a little bit more about what's going to work for me. I tend to be somewhat Google averse, as you can imagine, but I mean, here I am on YouTube. So what are you going to do? I'm guessing I have to install the framework and the services, and then the Play Store. So we're going to try that. This might cancel out everything good about this operating system, but I want to try it. I want to see how it works. Then I'll do some digging into alternative app stores, because I know that's coming. All right, now that that's done, let's install services, and yes, give it network permission. That's fine. And now it's asking me right away about the Play Store. I'm going to say sure. The case is nice. I like it better with the case. I mean, it's not too heavy. It's still big. I want to phone half the size. I mean, if somebody can do that for me. Okay, so now I have the Google Play Store. I can open it. Can I do it without signing in? Okay, this is neat. It's a sandbox. Google Play is running. That's pretty cool. Okay, this is neat. It's alerting me about permissions. Push notifications will be delayed, because Play Services app is not allowed to always run in the background, tap to resolve. This is neat. I like this. Okay, I'm going to let it because I'm testing. I don't want a Google account. I'm not. I'm going to have to set up a Google account for this, aren't I? Forget it. I don't want to do that. What's the other store that people use? I'm going to uninstall. I'm going to uninstall the Google Play Store, because I can. That was terrible. I can't believe Google Play requires you to have an account just to use the store. That feels weird to me. Maybe it's not. I don't know. Leave a comment if you don't think it's that weird. I can't say I'm surprised, but I would have sworn they gave you an option to do this without being signed in, but apparently not. Okay, we are going to open up a browser. And on here, no, not right now. Okay, I think it's the Aurora, right? That sounds familiar to me. The Aurora browser, if I'm remembering correctly, this is the project... can't type... you can tell I don't do this very often, or Aurora, maybe it's in a browser. Is it not a browser? I'm going to just say Aurora Play Store, App Store, I don't remember. I cannot type. AuroraOSS.com. [mispronouncing "nightly"], uh-oh. Now I'm scared. I wish this had a first run wizard that explained how to get, like, an app store of some kind on here, because, you know, I'm Googling and I'm not finding great information. I'm finding lots of information. Tons of opinions. But I'm not finding a really solid run through of here's how to add an app store. And I think for some, for as easy as they made the installer, they ought to then include a, would you like to add an app store, like the Aurora app store? They should have done that. And I feel like that's missing from this. I think I have to install F-Droid first. F-Droid.org. Downloading F-Droid. Okay, so now when it prompts me to download the file, they open it and it says I can't do it. I hit the settings app and now I say allow from Vanadium and go ahead and install. All right, I think it's supposed to yell at you about this older version business. Sure, I want notifications. I install F-Droid and it says there's an F-Droid update. That's hilarious. Did it, did it fail? I'm guessing, yeah, it needed to uninstall and reinstall itself. That makes sense. Okay, so now at this point, I'm going to try that Aurora store because I think this is the way I would want to do it if I want to get like Google Maps and that's going to be my sample app for this. There are other map apps, that's hard to say. There are other map apps out there that I could use and will use eventually and I'm going to try out things, but Google Maps is one of those things where I'm kind of curious to see if it works in this system in that sandboxed user that I set up. So let's try it, see if we can get it working. Hit Aurora store. This app has features you may not like, thanks, sure it does. So now we're in the Aurora store. Do I accept the terms? Sure, I'm going to accept the terms. Everything I've ever wanted to do in life is accept the terms. Accept a suitable installer. I have no idea. I'm just going to go with session installer. We'll see how it works. System that's fine. I don't care. I don't care about accents. Aurora store requires the following permissions. Installer permission. Okay, so grant that. External storage. Notifications. Okay, so now I think I'm ready. Let's try anonymous. This is creepy. I don't like this Facebook thing. I don't think that's going to take off. Google, that says Goo-hell, Google Maps. Oops, this account is rate limited. What? [possibly less obnoxious beebopping] Can I change accounts? I mean, is that spoof manager? What is this? Let's pick, like, any phone. I have to re-login. Okay. Okay, stuff's actually happening now. Maybe now I can try to search for it. Let's see, it's rate. What does this mean? Just to be clear, I've done absolutely no reading about this, like, other than a couple of Reddit posts about this process, that's about all I've done. So I'm making this up as I go. Try anonymous again. Maybe this account won't be rate limited. Okay, this looks like a different account. Now it says Aurora OSS 12, Maps. Okay, I think I'm going to call this here for now. Overall, my first impressions of GrapheneOS installation process, incredible. It's a fantastic installation process. It's stellar. It's wonderful. I'm really wishing that it had a first run wizard or something that explained some of this stuff to people who've never used it before, because it's so incredibly easy to install that the bar is not high for, like, technical users who would be otherwise knowing how to do this. I don't know how to do Android stuff very much at all. It's just not my fandom. It's not my thing. And so for me, I'm totally making this up as I go, and I'm just stumbling over and over again. That first run wizard would be an excellent thing to help me figure this out. Beyond that, the Aurora store, it looks like it's got its challenges, but again, I don't have a whole lot of firsthand experience with it. So I'll be playing around with it, and I'm going to see if it turns out better, or if I'm going to have to go log into the Google Play Store and do it that way. I think the only thing left to test is to try to get Google Play Store installed, signed in, but, like, sectioned off, and then see if I can navigate around the world, and see if I can go somewhere and do something. I mean, we can always hope, right? [Final Fantasy VI "wind" sound] All right, so I'm in my basement now. Don't worry about it. So I was able to get Google Maps installed, and it was super slick. I was able to go to Free Geek, and I even was able to buy a 486, which is going to feature in a future video. [me, offscreen] "Oooooo" In order to get Google Maps to work, I ended up using a dummy account. So I made a burner Google Play account, and I just installed the Google Play Store using the way you saw in the earlier part of the video, and it worked fine with the burner account. I, at this point, am not giving them my official account, and I don't know. That might be good enough privacy when it comes to how this whole thing works. I don't have enough experience yet with it to actually know if I'm going to have any sort of issues, but if you have any opinions on that, go ahead and leave a comment below. The big reason why I struggled with wrapping my head around the Aurora Store was mainly because I'm not sure I see the point if you need a Google account in order to get it to work. All those anonymous accounts are, it looks like, is just accounts that they set up through Gmail. And my concern is, if that's violating the terms of service, because we're sharing accounts or whatever reason there is, I don't want to suddenly find my device completely locked out of all of my apps. So if I'm going to be giving them a real account, I don't see why I wouldn't just use the Google Play Store instead of the Aurora Store. But again, if you've got an opinion on it, go ahead and let me know. I'm actually kind of interested in hearing. One thing that's really nice about the Google Play services and its sandboxing is I was able to only give it network permissions instead of, like, all of the permissions that it normally seems to want. And so I'm thinking that that's a pretty good exchange of privacy versus convenience. And at least for me, it feels like it's good enough. I've only had a few weeks with the phone though, so if anything comes up with it, you know, I'll make sure to let you all know in some sort of future video. It's going to be great. Another thing that I've seen come up in some of the commentary about GrapheneOS and how we go about using it is that it only works on Pixel devices. You know, it doesn't, it's not supported on every single device that's out there. And reading what the developer has to say, I think I'm okay with the logic behind why it works on Pixel and not other phones. If other manufacturers had good hardware support for years and years and years, then I could imagine porting this would make some sense. But as it is, you know, we all know so many phones by so many brands, they only offer support for a couple of years, and then the manufacturer kind of drops it off. If I were leading an operating system development project like GrapheneOS, I know I certainly would want to make sure that I can support the devices that I claim it's going to support. And if they're sticking with devices that have a five year guarantee from the vendor, I guess to me that makes sense. Now speaking of the developer, I would be remiss if I didn't mention some of the drama around GrapheneOS and the developer and some of the other folks in the privacy community or just some of the other folks in the tech community who've had issues with the developer, the head developer, and just some of the back and forth that we've seen with famous YouTubers calling out the developer for being rude and other people with receipts about the rudeness. And I'm trying to maintain a positive channel here, so I really don't want to get too into the specifics. Plus, I'm not terribly familiar with all of these individuals who are out there talking about the project and the project lead and the developer and what they're saying and who they're saying it to, I'm just not super familiar with it. So I'm afraid to weigh in too terribly on it. That being said, threats and intimidation in any sort of open source community is certainly a cause for concern. And to be perfectly frank, that might be a deal breaker. It remains to be seen exactly what's happening and I haven't fleshed that out yet and I'm sure I'll get tons of comments about that in this video. So after I publish the video, if I make a decision, I'll make sure to let everybody know. If you're in the market for an operating system that doesn't have drama, I don't know that GrapheneOS is going to be right for you because if the developer is getting angry with personalities and there's conflict and there's issues coming here, I could imagine that disrupting the flow of development and that's the last thing you want in a cell phone. I know for me, that's the last thing I want and something that I have to rely on day to day, which leads to the next question, which is, will I stick with GrapheneOS? Now it's been a few weeks since I started it and I like the way that it works. The sandboxing all seems to work as expected. Having a separate account for Google crap and a separate account for everything else has felt really good. It makes me feel better knowing that I've separated the concerns a little bit. Now ultimately, if I'm concerned about the health of the development team itself, and I should be, it leads me to wonder if there are better alternatives out there and I believe CalyxOS is one that I'm definitely going to be having a look at and I might do a video at some point about LineageOS because I've used it in the past and it'd be nice to revisit it. But ultimately, at the end of the day, am I happy with GrapheneOS? And I can say right now, yeah, I'm happy with it. I'm using it every day and I think it's pretty great. If there's drama in the future with this project and the team behind it, I would certainly just swap to something else if I had to. But do I like what I see? Yeah. Ultimately, at the end of the day, I just want my phone to be a phone. And it would be nice if the phone has some privacy respecting features built in. Right now, GrapheneOS is a great option for me. Maybe it is for you too. [kid shouting] "1, 2, 3, 4!" [punk music outro] [paper tear]