Some tips for using Graphene OS

At the time of writing this, I consider Graphene OS the best choice of mobile operating system for the privacy concerned. In spite of its strong security features, it offers excelelnt compatibility with Android apps, the only thing which did not work for me was electronic wallet with credit cards.

To root, or not to root?

Previously I used a rooted Android, but in Graphene OS, I can do all I need without rooting it. In particular I want a ssh, scp file transfer, VPN, a command line acceess to contacts, calendar and SMS from a linux desktop, and this now all works without rooting. I actually tried the Magisk root and it worked, but the rooting has also negative effects on security, compatibility with banking applications and problems with automatic OTA system updates. So I decided to stick with the standard Graphene OS.

Installation

The Graphene OS CLI install guide gives detailed instructions and everything worked smoothly for me. The fastboot program and other tools were provided in the Gentoo distribution in the packages android-tools android-udev-rules and android-file-transfer-linux.

Local terminal command line and SSH access to the phone

In order to get a local terminal access, I installed the Termux app, and as an ssh server I installed Sshd4a. They have to be give full file access to be useful, for example to transfer the files via scp. When Sshd4a is started, in the setting it is possible to import the authorized_keys file for comfortable use. Then scp can be used as
scp -P 2222 myfile root@vpnpixel:/sdcard/
Note that the 'root' user is just sa formality, you do not get root priviledge. The hostname vpnpixel is defined in my /etc/hosts and is the IP within the VPN network, in this way it works regardless where and how the phone is connected to the internet.

OpenVPN on Graphene OS

Concerning the VPN setup, I installed the app "OpenVPN Connect", which allows to import the VPN client configuration file. I just renamed a standard linux openvpn config file as file.ovpn, installed it together with the private key and certificates in /sdcard/config/ and imported it to the app and all worked.

Syncing of calendar and contacts with a private server and command line access to their database from a linux desktop

To synchronize my contacts and calendar I have installed the radicale webdav server (proxied via nginx) on my webserver. (As I am privacy concerned, it is out of question for me to use any provider's online services for that.) The user account for radicale is in /etc/radicale/users and password can be set by 'htpasswd -5 -c /etc/radicale/users jiri'. On the phone, I installed the DAVx application for synchronization and a calendar application which supports externally synchronized calendars, in particular com.simplemobiletools.calendar.pro. On the linux desktop side, I use the program vdirsyncer to synchronize with the radicale webdav server and I have written scripts for command line acccess to the calendar and contacts. The scripts and sample configuration file (.config/vdirsyncer/config) are scripts.zip.

Sending and reading SMS messages from command line of a linux desktop

For working with SMS I decided to use the program kdeconnect on the desktop. I do not use KDE, but on Gentoo I just compiled the kde-misc/kdeconnect package and its dependencies and kdeconnect works well standalone without the rest of KDE. I decided NOT to connect via bluetoothe, but via TCP/IP over VPN, so I have access to SMS even if I forget the phone at home :-). The configurtation of kdeconnect at the desktop(.config/kdeconnect/) stores certificates to connect without entering a password each time. On the phone side, I installed the app 'KDE Connect' org.kde.kdeconnect_tp and in the settings I added the desktop device manually using its IP address in the VPN. I wrote script smsr and sms for reading and writing the SMS messages scripts.zip.

VoIP on Graphene OS

I run asterisk on my server, however, only with access from the VPN for VOIP inside the family, using standard SIP within the encrypted VPN. The asterisk configuration is beyond the scope of this text. On the phone side, I installed the app Sipdroid org.sipdroid.sipua and configured it to connect to the VPN server

Other Apps that I find useful

Just a brief list of some other useful apps:
Hacker's keyboard
Tor Browser
Calcularisi sci.calculator
APK Extractor
CoMaps ... Offline usable openstreetmap app which respects your privacy
Enroute flight navigation ... free app, free current airspace data from openflightmaps, no subscription needed, adequate for a private VFR-only pilot in Europe
Mobile IBS ... to submit flight plans via Czech air navigation services Windy ... weather
VFR Manual ... database of czech VFR airports and airstrips
AisView ... online information about acrive airspaces and notams


My Electronics page


My hobby page


My main page with e-mail contact


TOP of my family pages