Privacy setup: Graphene OS & Banana phone

This privacy setup guide's aim is to support those interested in getting started with digital privacy practices, but might also provide something new to those who are more experienced. It is important to remember that even if personal privacy is paramount, one of the main reasons for compromised privacy is that those we communicate with are not thinking about privacy. That's why it is important to share existing resources with each other as well as understanding how to use them. Check out Privacy resources for more projects.

Secure Android phone

What is needed

Google Pixel 4 or higher (less than 4 is no longer maintained. Check specifics for 6a on Graphene OS web page if considering getting this one specifically)
Google Pixel phones can be purchased from ProxyStore in a private manner. Some of the Google Pixel phones are carrier locked (OEM locked) and there is no way to know until opening the phone and viewing if the OEM unlock option is disabled. This OEM is an option in the developer options section which need to be unlocked in order to install Graphene OS. Check with the seller when buying the phone if it is possible to unlock OEM.

Graphene OS

Here are some of the features of Graphene OS, check their website for more:

  • Graphene OS is not based on Google and can be run completely without any Google apps, emails etcetera, but it is possible to use these applications if wanted. Rather, it is the choice of the user and not a default.
  • Every time the phone connects to internet, the MAC address is changed (randomly).
  • No sensitive metadata in screenshots and pictures (it only includes the orientation). Note that metadata stripping for videos is not implemented.
  • There is an option for PIN scrambling, which means that the numbers on the display change place every time the user enters the PIN, so nobody can figure out the PIN from watching the user input their code.
  • If the phone has been inactive for a certain period of time (from 10 min as the shortest time to 72h as longest) it will autoreboot.
  • Sensor permission can be disallowed (ie. camera, microphone, body sensor, activity recognition). When access is disabled, apps receive zeroed data when they check for sensor values.
  • It's possible to create multiple users on one phone. The separate users are isolated from each other. More on this in section 'User profiles on Graphene OS' below.

Here is some information about the lack of privacy with Google and the benefits with Graphene OS. Check out GrapheneOS; the greatest mobile OS of all time, which also include links (in descriptions) to more reading on 'Privacy violations of stock android' and Samsung and Facebook data collection.

If there are any difficulties with the installation, it is possible to ask for support in our forum. Graphene OS also has a support chat (Element).

Steps for installation of applications

  • When starting the process of installing applications, the recommendation is to first download Tor browser for android. On Graphene, Vanadium is the pre-installed default browser, using duckduckgo.com as search engine.
  • Install Tor browser via Vanadium and then open the application.
  • Go to F-Droid and download the F-Droid app.
  • With F-Droid, download and install Aurora store(to be able to install apps with security issues preferrably on an island (using ie.insular) or apps which is not existing in f-droid).
  • Download Geph (from Aurora store), ProtonVPN or Bitmask from f-droid and directly set up a VPN. Check Privacy tools for more options.

VPN:

An IP address is a digital address. Every device connected to the internet has one, and someone who looks up your IP address can see your location. The VPN, such as the ones mentioned above, are used to protect the IP address. When using a VPN it appears as if ths user is somewhere else in the world.

  • After the VPN is installed, go to Settings --> Networks & internet --> VPN. The installed VPN has a settings option there. Select 'Always-on VPN' to be sure that the IP address is always protected. The VPN can also be switched off and on manually.
  • Go to the downloaded VPN app to check that it's on. In the free versions there only a few options for IP address (it's possible to select by country in protonVPN, and by city in Bitmask).
  • Go to What is my IP to see if it correlates with the selected VPN.
  • When this setup is completed, install other applications.

The VPN solutions that exist today route traffic through proxies. Any adversary that surveils the traffic can view the size of data packets entering and leaving the VPN service. With internet traffic surveillance, an adversary can see who, when, and how often you communicate with someone. The paid ProtonVPN option provides the possibility of secure core which means two hops. There is also the option of Orbot which is developed by Tor project. To ensure network privacy VPNs are incomplete as a solution and something to keep in mind.

Applications for your Graphene OS phone

App store:

Both function like any app store. F-Droid will mark apps with Anti-features if, for example, they contain ads or not open source or not free.

Messaging app:

  • Simplex chat is an end-to-end encrypted messaging for chat, audio and video with no identifiers assigned to the users. The username can be changed, random names can be generated for new chats and subaccount can be created for different communication needs.

  • Many still use Signal, which unfortunately requires a phone number. If using signal, a phone number can be acquired via jmp.chat or Crypton.

Signal is widely used and well known, but it isn't the only messaging app that focuses on privacy. Also check Privacy tools for more options.

How to get a number from jmp.chat:

  1. Go to mov.im and sign up a new account. Make sure to use a VPN when you create an account, so that IP address is not leaked.
  2. Make a new account based on the guided steps as it gets you to movim.eu or jappix.com.
  3. Sign in.
  4. Go jmp.chat and select a number.
  5. Add your mov.im account to the prompt.
  6. Continue with the bot in your mov.im chat based on instructions + pay.

Make sure to stay anonymous when paying for the new number with Bitcoin. One option is to anonymize ETH and then swap to BTC:

  • Add Metamask extension/add-on to Tor Browser (it will say it's for Firefox, but it will work anyway).
  • Create a new Metamask account.
  • Only use this account with Tor browser which means setting up the add-on every time as Tor browser don't save any data (which is the privacy consideration we are looking for).
  • Change RPC.
  • Check this guide on how to anonymize assets.
  • Use Sideshift to swap from ETH to BTC.
  • One can for example use Electrum wallet to for BTC. Make sure to use tor or VPN.

To exchange from fiat money (paper money) to crypto assets, see Fiat to crypto guide.

Email:

  • Tutanota
    Is end-to-end encrypted mail (between Tutanota email addresses). Tutanota also encrypts the entire mailbox and also offer encrypted address book and calendar.

  • Protonmail
    The Protonmail mobile app can be downloaded in the Aurora Store. It is possible to set up a free email. To create the email anonymously, be sure to use a VPN when signing up. It is end-to-end encrypted between protonmail accounts.

To email other addresses securely, create an encryption key with:

  • OpenKeychain. With this application it is possible to create or import an encryption key. To set up, write a nick and an email and a key will be generated. To share the Public key, select the entry that was just made --> click on the three dots in the upper right corner --> choose Advanced --> Share --> Share with and share icon --> the application to use in order to send the key --> Send. The format will be .asc. You can import this .asc file into your Protonmail account.

Browser:

  • Tor browser. Tor has built in protection of IP address.

  • Fennec is based on the latest Firefox release. This browser blocks trackers and also has a private mode. The private mode means that when selecting the mask in the upper right corner of the browser, a tab with enhanced privacy properties will open, from which history is cleared when closing the tab or app.

Video app (Youtube front-end):

  • PipePipe is an ad free YouTube alternative.

Notes:

  • Markor for writing Markdown docs, and because its also compatible with any other plaintext software on any platfrom, it is compatible with usage on computer.

Isolation of non-privacy apps:

  • Insular, which creates an island and isolates this space from the rest of your phone. On the island it is possible to keep apps which have security issues. Such apps can be downloaded in the island via Aurora store.

In Insular there is Mainland and Island. These two are separated from each other. Certain applications can cause security problems, such as Google apps which gather a lot of user data.

On the main screen there will be two options, Personal and Work. All applications on the Island exists on the Work screen. They are visible with a lock on the logo and through this they can be distinguished from other applications. These icons can be moved from somewhere else if this is wanted.

In Insular: In the Mainland section, click on an application, ie. Aurora store. There is a plus (+) in the lower right corner. When clicking on the plus (+), it's possible to clone the app from Mainland to the Island.

If Aurora store is opened on the Island, all downloaded applications from Aurora store will be directly stored on the Island.

Also see the option of User profiles on Graphene OS below.

Remove metadata from pictures:

To use Scrambled Exif, there is no need to open the application. Instead, go directly to the Gallery, select the picture to share, click on the share icon, and select Scrambled Exif. Then choose the app to use in order to send the picture, choose contact and send.

Navigation:

Both of these applications can be used as offline maps. maps.me asks for a lot of permissions. It is possible to deny all of them for privacy considerations (the request for permissions appear two times). After having denied the requests, go to Settings --> Apps --> All apps --> maps.me/OsmAnd --> Permissions. Disallow sensors and allow folder and media (so the two allowed are Network and Folder and media for internet and storage). Both of these apps have anti-features, but offline maps can be handy to have.

Crypto wallet:

  • Monerujo is a Monero wallet, which allows usage of tor onion nodes when connecting the wallet.

  • Cake wallet. Send, receive and exchange Monero, Bitcoin, Litecoin and Haven with Cake Wallet. It's good to utilize Monero as it is private by default, but there might be occasions when other currencies are needed. If the device has been set up in a secure way (using VPN or tor), then other transactions are not connected to a IP address which is also connected to the real address.

User profiles on Graphene OS

Graphene OS User profiles are isolated workspaces that has it's own set of encryption keys. It functions as setting up a completely new phone and each profile have their own instances of apps, app data and profile data (contacts, media store, home directory and so on). Apps can't see the apps running on other user profiles and can only communicate with apps within the same profile. The profiles have separate passwords. It is possible to have 31 (+1 guest) profiles.

If holding the power button (as if wanting to reboot phone), select End session and everything that was running on the profile has been terminated (not deleted, just shut down). This avoid leakage of metadata when not actively using that profile and also ensures no apps running in the background.

To set up a new User profile, go to:

  • Settings --> System --> Multiple users.
  • Toggle Allow Multiple users
  • Select Add user, chose name etcetera. Note: Everything need to be set up from scratch.

Sources:

Banana phone as hotspot

  • Read SIM card data collection to have a background for the suggestion to not use a SIM card in this set up.
  • Read Nokia "Banana" jailbreak on how to set up a Nokia 8110, to use as a hotspot for the Graphene phone, and be able to randomize IMEI number.