GrapheneOS Installation Guide: (De-Google Pixel, Apps, Step-by-Step)

By SB •  Updated: 01/25/22 •  12 min read

De-googling your phone means removing all the apps, connections, server call-backs, and integrations with the Google ecosystem.

This is most easily done, ironically, with a semi-recent Google Pixel phone.

GrapheneOS is recommended over LineageOS for its “verified boot” — but LineageOS is still a great option and is compatible with a much larger range of older Android phones.

GrapheneOS supports only a few of the recent Pixels: essentially the 3a and up are actively updated, while the 3 has a legacy version and previous models are no longer updated as of 2022.

For the official install instructions, go to grapheneos.org/install. There is even a web installer which makes a lot of the install relatively hands-off.

For this example, I will show you how to install GrapheneOS on your Pixel (3a to 6 and above) using a Linux computer and some small software tools.

Requirements

Prepare the Pixel Before Installing GrapheneOS

Enable Developer options to unlock your phone before installing GrapheneOS.

First, prepare your computer by installing a few tools.

Open up a Terminal window and type the following, pressing enter after each line, to download and install platform tools:

I included the actual code below but make sure you use two dashes as illustrated above for the last line.

After typing the last command which verifies Fastboot is installed, the display should be of the Fastboot version number currently installed.

Power down your Pixel device.

Next, boot your device into the bootloader interface by holding down the power and volume down buttons simultaneously.

When Fastboot mode menu shows up, connect the device to your computer with the USB cord.

Type the following command in a Terminal window:

fastboot flashing unlock

It should display OKAY after executing.

Press the volume down button on the Pixel device until the Unlock the bootloader is displayed.

Press the power button.

Next, Download and Install the GrapheneOS

For the most up-to-date release, go to grapheneos.org/releases and choose your device from the “Stable Channel” list.

The GrapheneOS files for Pixel 4a as of Jan 25, 2022 on grapheneos.org/releases

Replace the file names below with the most recent version of the file on that list. This is the most recent as of January 25, 2022.

Execute the following, line by line, in a Terminal. The last line will print out a confirmation that the file has integrity and has not been tampered with.

Now extract the files and install your new GrapheneOS to your device:

Now the device will show the option “Do not lock the bootloader”. Press the volume down button until the option “Lock the bootloader” is selected. Press the power button.

Great! Now you may restart your device by pressing the option “Start” or by holding the power button down to shut off the device as usual, disconnect your Pixel device from your computer, then power the device back on.

The splash screen will say there is an error because you are booting into something other than stock Android — that is to be expected. Also do not worry about the momentary Google logo, it does not mean Google Android is still on your phone.

How to Harden GrapheneOS After Installing

Now you are ready to harden a few settings to make your minimal install secure and practical.

Upon the first boot of your shiny new operating system, you’ll want to update some settings. If you have an Ethernet to USB-C adapter, use that to connect your device to the Internet.

Otherwise, press Next until the WiFi screen displays. Connect to WiFi and do the following:

Now your device is running GrapheneOS, is not sending any of your data back to Google servers, and is not revealing your location to any apps.

Now to tighten a few more things:

Downloading Apps for GrapheneOS and Keeping it Secure: F-Droid and Aurora Store

Since we are not utilizing Google for anything, Google Play Store is not going to factor into our new setup. Goodbye, centralized corporate gatekeeper!

Instead, let’s use F-Droid and Aurora Store. Most apps we need will be covered by these two app stores.

To download F-Droid, a Free and Open Source Android App Repository:

Now you’ve got one alternative to Google Play Store, but this repository is limited to free and open source software applications. For a greater range, if you need it, Aurora store is a great and anonymous client to Google’s Play Store.

But Aurora Store does NOT require Google’s proprietary framework to work. In fact, it can spoof your identity, location, language etc. if you use an Anonymous profile (selected when you install Aurora Store).

Secure, Privacy-Respecting Communications Apps in GrapheneOS

Your Pixel device is now superior to any typical stock Android device or iPhone:

Signal App on GrapheneOS

Signal App (signal.org) is gaining in popularity as an end-to-end encrypted, secure communications platform.

The alternative to the compromised Facebook-owned WhatsApp and other surveillance technocratic offerings, Signal App is great except that it requires your phone number in order to create your account.

This may not seem like a big deal, but your phone number is linked to you and reveals more about you than any other social security number or social credit number ever can.

So now let’s download and configure Signal on your GrapheneOS Pixel:

Keeping Your New Phone Secure: Proper Security Practices

Whenever you want to install a new app for a desired purpose, try the F-Droid store first; they have some good privacy-respecting apps that aren’t available anywhere else.

You could also find and install APK packages directly from apkpure.com if you need to find older releases no longer hosted on the usual app stores.

Try to keep your apps to a minimum. The first things I install on a new GrapheneOS device are:

Most of the popular apps are on Aurora store, and most of them will work fine without Google Play Services — even the Google ones — you just cannot login with your personal credentials.

Should you want to log into some Google apps, or should you need an app that you purchased, or an app that absolutely will not run without Google Play Services, GrapheneOS allows you to install sandboxed Google services.

Logging into Google with credentials linked to you, taints all.

Remember that once you sign into a Google Service with your real account — sandboxed or not — Google servers most likely will have recorded your IMEI forever. The same is true for any app that can read your “Phone State and Identity” and which runs under your real identity, since that unveils your phone number and other identifiers to them. In such cases, treat the entire phone as ‘burned’ for any activity you don’t want others to know about.

Transitioning Away from Apple or Google Apps

If you are addicted to certain apps that exist in one ecosystem — Apple, for example — you will do better by transitioning yourself out of it. First switch out all apps to non-Apple apps that exist cross-platform. Doing so makes it as easy to change devices as changing clothes once fully transitioned (hence their try to make their ecosystem as compelling as possible).

Keeping your data synced: The biggest of all transitioning problems for me was syncing my data. I recommend Nextcloud and Syncthing for that. I use Syncthing for bigger sets of data that I just want to move once (books, audiobooks, videos, music, etc.) or such data that I don’t want to touch the internet. And Nextcloud is the key program for my workflow for daily business, and also for my photo collections. I can’t recommend Nextcloud enough (it is an open-source hard fork from Owncloud). You can install and run it locally, or opt for an online install (either on an existing instance, which defeats its purpose partially, or self-hosted on a VPS).

For Windows or Mac Users: Or If You Want to Use the Web Installer to Install GrapheneOS

If you don’t want to attempt the command line install on Linux, or if you have a Windows or Mac machine, there are many videos showing you how to use the web installer for GrapheneOS.

One such is Install GrapheneOS With Web Installer (Degoogle Your Phone In 10 Minutes), hosted by the wonderful youtube alternative, Odysee.com

Screenshot of the web installer in action.

SB

I've been practicing OSINT and utilizing Linux as my daily operating system for over twenty years. The tools are always changing and so I'm always learning, but helping you understand the value of protecting your own data remains at the forefront of everything I do.