The major tech companies, such as Google, Samsung, Apple, and Microsoft, collect vast amounts of personal data. Anyone who is concerned about privacy and security is already aware of this issue. The problem arises when users are stuck with insecure operating systems that force them to use pre-installed apps, which cannot be deleted. This situation allows these companies to profit from the data generated by the apps that users are compelled to use.
Apple, Google, and Facebook collect extensive data from their applications, profiling your information and selling it to third-party companies, which may even include government agencies. This issue extends beyond the United States; it also has implications in the European Union. While the General Data Protection Regulation (GDPR) in the EU aims to protect some user data from being sold, companies like Meta have found ways to circumvent these regulations. By transferring the data of EU citizens to servers located in the United States, where the legal framework is less stringent, they can exploit loopholes to sell your data.
Some interesting articles you can read in this regard:
- Facebook Fined €1.2 Billion for Transferring EU User Data to the US
- Who Can We Call On? How Our Phones Are Tracked By Big Tech, Telecom, and Government
- 'Alexa, are you invading my privacy?' – the dark side of our voice assistants
- WikiLeaks dump shows CIA could turn smart TVs into listening devices
- The Stringray: How Law Enforcement Can Track You Every Move
- Edward Snowden: How Your Cell Phone Spies on You
- Police are tracking you and your license plates
- How Police Cameras Recognize and Track Your | WIRED
The Google Pixel phone offers several security advantages compared to other Android devices. Thanks to Google Tensor Security Core and Titan M2 which are designed to securely store your sensitive data such as encryption keys, PINs, and passwords in dedicated physical chips, your information remains protected. Isolated from the main processor, these chips operate on their own minimal and hardened operating system, which makes unauthorized access nearly impossible, even if the Android OS itself is compromised. Additionally, another key advantages of choosing a Pixel Phone over other Android devices is the long-term commitment to security updates. Every recent Pixel model guarantees a minimum of seven years of security updates. For more information about how many years the security update are guarantee by Google on a specific model you can visit this page Google Pixel Phone LifeTime.
The second step is to select an operating system. There are numerous options available, but if you prioritize security and privacy, GrapheneOS is a top choice. It offers a wide range of security and privacy features (e.g. Google Play Services sandboxed). For more information about the features here.
In this guide, I cover only the installation and configuration of the operating system GrapheneOS because it is currently considered the best operating system related to security and privacy. Before you begin the installation process, please verify that your Pixel phone model is supported by checking the list here. The official GrapheneOS website offers a comprehensive guide for installing the operating system on your Pixel phone.
You can choose between using the Web Installer(easy way) or executing CLI commands(hard way):
Important
After the installation of GrapheneOS ensure your bootloader is locked.
|- Settings ➜ System ➜ Developer Options ➜ OEM unlocking ➜ [OFF]
All the settings I cover up are accessible on the app 'Settings' of the GrapheneOS operating system. These settings are based only on my threat model and meet a high security and privacy level, feel free to copy or change them based on your preferences. I don't cover personal aspects such as the theme of the keyboard or night light mode.
-
Internet ➜ Network preferences ➜ Turn on Wi-Fi automatically ➜ [OFF]
-
Internet ➜ Network preferences ➜ Notify for public networks ➜ [OFF]
-
Internet ➜ Network preferences ➜ Allow WEP networks ➜ [OFF]
-
Internet ➜ (Choose your home network) ➜ Privacy ➜ [Use per-connection randomized MAC]
-
SIMs ➜ (Click on your carrier) ➜ 4G Calling ➜ [ON]
-
SIMs ➜ (Click on your carrier) ➜ Preferred network type ➜ [5G (recommended)]
-
SIMs ➜ (Click on your carrier) ➜ 2G network protection ➜ [ON]
-
Data Saver ➜ [ON]
-
Internet connectivity checks ➜ [OFF]
-
Private DNS ➜ Private DNS provider hostname ➜ all.dns.mullvad.net
-
VPN ➜ (Choose your VPN) ➜ Settings ➜ Always-on VPN & Block connections without VPN ➜ [ON]
More information:
Using a Virtual Private Network (VPN) is a good practice nowadays. Virtual Private Networks (VPNs) can reduce some risks (e.g. Man-in-the-middle/eavesdropping) the downside is you need to trust the Virtual Private Network (VPN) provider. Using a Virtual Private Network (VPN) prevents your Internet Service Provider (ISP) reading your traffic. For almost two years, I have continued to use the Mullvad VPN because it meets my security and privacy standards. Obviously, do some research and choose a Virtual Private Networks (VPN) that meets your threat model.
- Connection preferences ➜ Bluetooth ➜ Pair new device ➜ Device name ➜ [localhost]
- Sandboxed Google Play ➜ Google Settings ➜ (Disable all settings you can)
- Sandboxed Google Play ➜ Google Location Accurarcy ➜ [OFF]
- Contacts storage ➜ [Device Only]
- Special app access ➜ Special access to hardware accelerators for Google Apps ➜ [OFF]
- Notifications on lock screen ➜ [OFF]
- Enhanced notifications ➜ [OFF]
- Screen timeout ➜ [15 seconds]
- Smooth Display ➜ [ON]
- Device unlock ➜ Screen lock ➜ [PIN]
Important
Remember that a biometric unlock isn't protected under the 5th amendment in the same way that a passphrase is. If your device is confiscated, you may be compelled to unlock it via biometrics fingerprint. For more information.
-
Device unlock ➜ Screen lock ➜ Auto-confirm unlock ➜ [OFF]
-
Device unlock ➜ Screen lock ➜ Scramble PIN input layout ➜ [OFF]
-
Device unlock ➜ Screen lock ➜ Enhanced PIN privacy ➜ [ON]
-
Device unlock ➜ Screen lock ➜ Allow camera access when locked ➜ [OFF]
-
Device unlock ➜ Screen lock ➜ Lock after screen timeout ➜ [Immediately after timeout]
-
Device unlock ➜ Screen lock ➜ Power button instantly locks ➜ [ON]
-
Device unlock ➜ Duress password ➜ [SET YOUR PIN]
More information:
If you intend to use the 'Duress PIN' in the United States you can be charged for Destruction of Evidence.
-
Privacy controls ➜ Camera access ➜ [OFF]
-
Privacy controls ➜ Microphone access ➜ [OFF]
-
Privacy controls ➜ Show clipboard access ➜ [ON]
-
Exploit protection ➜ Auto reboot ➜ [4 hours]
-
Exploit protection ➜ USB-C port ➜ [Charging-only]
-
Exploit protection ➜ Turn off Wi-Fi automatically ➜ [15 seconds]
-
Exploit protection ➜ Turn off Bluetooth automatically ➜ [15 seconds]
-
Exploit protection ➜ Memory tagging ➜ Enable by default ➜ [ON]
-
Exploit protection ➜ Native code debugging ➜ Block for third-party apps by default ➜ [ON]
-
Exploit protection ➜ WebView JIT ➜ Disable for third-party apps by default ➜ [ON]
-
Exploit protection ➜ Dynamic code loading via memory ➜ Restrict for third-party apps by default ➜ [ON]
-
Exploit protection ➜ Dynamic code loading via storage ➜ Restrict for third-party apps by default ➜ [ON]
-
Exploit protection ➜ Secure app spawning ➜ Use secure app spawning ➜ [ON]
-
More security & privacy ➜ Allow Sensors permission to apps by default ➜ [OFF]
The most useful feature of GrapheneOS is the user profile feature (multiple users). Each user profile have its own unique key that is utilized for encrypting and decrypting the data associated with that user profile. The filesystem-based encryption is designed to allow the user profile to be deleted without requiring the keys, enabling the owner profile to delete other profiles even when they are not active. Additionally, GrapheneOS has introduced the 'end session' feature for user profiles, accessible through the menu power, this feature enables users to put the data of a specific profile at rest. In contrast, on Android 16 AOSP, the user are not be able to put the data in a rest state until the device is shut down or rebooted. For more information here.
In this chapter, I describe the two most used threat models.
This threat model is designed to utilize a single user profile known as the 'Owner' profile. The 'Owner' profile is automatically created during the initial setup of the phone, requiring no additional actions from the user. As illustrated in the image below, this model involves installing and using all applications within the 'Owner' profile, while leveraging the sandboxed environment of Google Play Services provided by the GrapheneOS.
This threat model is designed to operate with multiple user profiles, which must be created through [Settings -> System -> Multiple users -> Add user]. As shown in the image below, the 'Owner' profile is designated solely for installing and updating applications from the Google Play Store or other app stores. After installing the desired applications, you should disable the application in the 'Owner' profile and utilize the 'Install available apps' feature located in [Settings -> System -> Multiple users -> (Select the desired profile) -> Install available apps] to push the applications to the other profiles. This approach minimizes the attack vector for the 'Owner' profile, as it will not be used by the user, with the main applications residing in other profiles(e.g. 'Personal'). Consequently, if one of the user profiles is compromised, malware will not be able to spread to the other profiles.
If you want to reduce the attack surface and data collection, you should install only the applications you really needs it. Reduce the permissions of applications to the minimum of necessary. Here are some valuable features that can help minimize the attack surface and limit data collection:
Note
The list of apps below is ranked from most recommended to least recommended. While some of these apps are not FOSS and may raise privacy concerns (e.g., Google Play Store), they are placed at the top due to the alternative privacy-focused options (e.g., Aurora Store) having known security issues that discourage their use.
Mullvad VPN | [Site] [Google Play Store] [F-Droid]
Orbot | [Site] [Google Play Store] [Github] [F-Droid]
Proton VPN | [Site] [Google Play Store] [Github] [F-Droid]
IVPN | [Site] [Google Play Store] [F-Droid]
Google Play Store
Accrescent | [Site] [F-Droid]
Obtainium | [Github] [F-Droid]
Aurora Store | [Site] [Gitlab] [Github]
Vanadium | [Github]
Brave | [Site] [Google Play Store]
Firefox focus | [Site] [Google Play Store]
AntennaPodcast | [Site] [Google Play Store] [F-Droid]
SimpleX | [Site] [Google Play Store] [F-Droid]
Molly | [Site] [F-Droid] [Accrescent]
Session | [Site] [Google Play Store] [F-Droid]
KeePass | [Site] [Google Play Store] [F-Droid]
ProtonPass | [Site]
Aegis | [Site] [Google Play Store] [Github]
Ente Auth | [Site] [Google Play Store] [F-Droid]
Yubikey |
Cryptomator | [Site] [Google Play Store] [Github]
Protonmail | [Site] [Google Play Store]
Tuta | [Site] [Google Play Store]
Fairmail | [Site] [Google Play Store] [Github] [F-Droid]
K-9 Mail | [Site] [Google Play Store] [Github] [F-Droid]
Thunderbird | [Site] [Google Play Store]
Simplelogin | [Site] [Google Play Store] [Github]
Addy.io | [Site] [Google Play Store] [Github]
Syncthing | [Site] [F-Droid]
OnionShare | [Site] [Google Play Store] [F-Droid]
Proton Drive | [Site] [Google Play Store]
Proton Calendar | [Site] [Google Play Store]
OSMAnd~ | [Site] [Google Play Store] [F-Droid]
Organic Maps | [Site] [Google Play Store] [F-Droid]
Joplin | [Site] [Google Play Store] [Github]
Obsidian | [Site] [Google Play Store]
Mastodon | [Site] [Google Play Store]
Bluesky | [Site] [Google Play Store]
Cash
Gift cards
Privacy.com [US] | [Site] [Google Play Store]
Revolut [EU] | [Site] [Google Play Store]
Monero | [Site] [Download]
Cake Wallet | [Site] [Google Play Store] [Github]
The privacy world is continuously changing, with new applications, new features, and some downgrades. It's fundamental to stay updated, here are some of my suggestions for YouTube channels, news sources, and forums to help you stay updated.