Hi everyone
Writing this on my new (second hand) pixel with grapheneos. Have been watching this project for a few years and stoked to finally be here. I’m getting closer and closer to the online life I want all the time.
I have a few questions:
-
Sourcing apps - is it safer to use f-droid (in my case I like the neo-store) or obtainium?
-
For non open-source apps, Aurora or sandboxed google play?
-
Is it OK to use WiFi at my work? Or at the mall? What are the risks? I’ve got a VPN but using it prevents me from accessing my server via tailscale
-
WhatsApp - I’ve tried to set up whatsapp but I get stuck at retrieving the backup from google drive. I’m seeing conflicting views on weather or not this is possible. It’d be great but its a price I’m willing to pay if it means not using WhatsApp
-
Can any app be sandboxed?
-
What else should I know about operating the phone? I’m effectively an absolute beginner to grapheneos
-
My phone now won’t connect to the internet without the VPN, is this normal?
Any advice appreciated, thank you


7 is not normal
6 read the gos faq it’s good info
5 here sandbox just means not privileged, and all apps except Google apps are used to running without privilage. You have three independent spaces on your main interface: owner, work, private you can put apps with different VPNs, google services into each. You have more with account switch, but it’s more work
3 depends on what you do with your internet and your threat model, if you have a always on vpn wifi anywhere isn’t a threat
2 depends on your threat model: google will give you the most official packages and good chain of custody. You can just use Google play in one account /space copy the app to another space, and let play update it
1 depend on your threat model - reproducible builds where the code is signed by the developer but froid verifies the source used to build the code is the gold standard