Hi Tony! You're very welcome! The Pixel 6a is a solid device, I think that's a great choice!

Verizon locked phones are a pain.

Glad it was helpful!

Hi Timo, thanks for the compliment! Glad to hear they've been useful!

Haha, thought I would test it out again. Thank you!

"Revoke all permissions" would be great.

I could see a firewall serving a purpose if you had specific URL's you wanted to block, but if it's an "all or nothing" sort of block the toggle is the way to go. For sure, a "Revoke all" option would be a great addition. Maybe someone in the comment section has the skills to code that feature for the project.

Thank you! Glad to hear it worked well! For sure, once they release the stable version I'll be upgrading and testing.

Hi there, hmm I might make one on that topic. Personally I put a SIM card in since I use it as my personal phone device. It's unfortunate that you're at the mercy of the carrier once you use a SIM card, but I'll think about doing a video on the topic if there's anything useful I come across.

and weather, I guess. but we could always just... look outside.

I don't know if you've seen this video yet, but this has all the apps I use - kzbin.info/www/bejne/fHaxkIGsgNiJeMU For the ones you asked about specifically: Chat - Signal Maps - Magic Earth Browser - Vanadium Podcast - AntennaPod Keyboard - OpenBoard (still testing others) Weather - I used to use Geometric Weather, but now I just use my browser to look if up if i need.

On the plus side, the newer models have 5 years of security updates vs 3 years for the old ones which helps extend the useful life of the device considerably.

I cover ReadYou in this video - kzbin.info/www/bejne/fHfdZmqwg7eSg5I The app worked well, but the VOIP numbers they had were getting blocked by the scammers I was trying to call (which is common). Overall though if you need a "burner" number, I liked the app/service.

That's a valid point about the latitude and longitude, I'm truthfully not worried about it though in this scenario. I've shared recordings of my phone screen and all the apps I use + answered about my VPN provider in the past. I agree for most people it's a good idea to not share that info on the internet, but in my case I intentionally share different things to hopefully benefit others. Would I share my home IP? Absolutely not. Same reason I spend a lot of time blurring out IMEI and serials in my install videos.

Yea, that is definitely a downside to it. After a few months I stopped missing android auto. I have a suction cup mount for my windshield for my phone, and it's worked great for navigation.

This explains it in full detail - grapheneos.org/features#sensors-permission-toggle but essentially any sensors not covered by the already exposed sensor permission toggles (microphone, location, camera, etc.) are controlled by the "sensors" toggle. For the example you provided, microphone is an exposed sensor that you can manually control. The accelerometer sensor is not. So you could revoke the microphone permission from an app, but allow "sensors" and that app would not have access to the microphone, but it would have access to the accelerometer.

You're welcome! Yea, convenience is the main part and the second is that someone can't "shoulder surf" a fingerprint. If I ever need to disable the fingerprint (traffic stop or something else), you can hold the power button down and select "Lockdown". I think the other argument for pin/password is that a court can't compel you to divulge your pin/password, but they can get you to use your fingerprint (not completely sure about this though).

I don't know the exact specifics of what it might break, but the GrapheneOS team suggest leaving the network permission as is. I have the same setup as you with a separate user profile for Google services which is a great way to keep things separate and allow Google Play Services networking on the separate profile.

@@sideofburritos Thank you!

I'm not able to answer your question, but I understand the response that you've been given. Consider the two profiles as two computers on the same network. Supposing both apps have been granted network permissions, if app A on the first profile has a server (i.e. listens for incoming connections on some port), app B can communicate with app A by interacting with the server of app B (i.e. starting connections towards port opened by app A). This is because from a user point of view the two profiles act as different computers, but from a network point of view they are the same computer: both profiles are on the same localhost and share the same ports. You can think of the two profiles as two *NIX users whose home directory are readable only by the owner. I cannot answer your question because I don't know which mechanisms are usually employed for cross-app communications, but in the scenario app A and app B have both network permissions they can communicate even if they are installed on different profiles. If you're worried that gplay or other apps in the second profile may read data from the first profile, install in the first profiles only trusted apps that don't do spooky things (i.e. do not install an app A that has a server). For example, if you install an FPT server app in your first profile without configuring authenticated access, theorically gplay/any other app can connect to it and read your files. Are these apps going to do it? probably not, but it would be technically possible. Hope it helps.

The main reason GrapheneOS no longer supporter end of life devices is that they stop receiving full security updates. So for me, I would not trust using an EOL device since they'll be lacking critical security patches.

@@sideofburritos How quickly does that occur and what kind of vulnerabilities exists in what timeframe after EOL? Does it render a device unsecure immediately?

Agreed, I've been testing it for a few weeks, and it's been great.

I like that quote. It's an unfortunate it happens and leads to more confusion in the privacy/security community.

@@sideofburritos Yes, that's exactly the point. But thanks to channels like yours people may understand and give it a try.

I do see this comment 🤓

@@sideofburritos Do you have keywords set up that are blocked? And no, I didn't use any profanities :)

Nope, I don't. That's odd that would happen.

I believe in the future, they're planning for it. GrapheneOS is good about making sure a change like that won't break anything, as they don't want to suddenly impact a large amount of end users. As to what currently requires it, I don't know for sure. I think a review of each system service would be required to see if any call the sensor permission, and then see if it's actually needed by it. I've disabled it for quite a few and have come across any issues yet.