Pixel 6 and GrapheneOS



This document is WIP, mostly a dump of notes, but over time may turn to something coherent.

Steps:
Installed GrapheneOS. flashall scripts reboots multiple times into fastboot (as they say also say). So device is not bricked, relax.
Created second profile (play profile)
Installed sandboxed google services:
https://grapheneos.org/usage#sandboxed-play-services
split apks using SAI.
Close OEM device unlock

Interesting detail: No signify signature for the apks there... alright, close both eyes I guess.
Update: https://apps.grapheneos.org/ has metadata hashes and signatures. Only problem is apps.0.pub,
which has to be trusted... however this is only temporary, till grapheneos ships its own repo client.

Copied old apks, saved from stock google android, and installed those. Some others
installed from play store in play profile. Starting out that may be more trustworthy than
trusting aurora store. If aurora store messes with packages now, this should get caught
by Android (as key is different then).

Connect via adb to main profile, copy apks using helper shellfunctions:
function justgrep()
{
pm list package --user 10 | grep -i "$1" | sed -e 's/^package://g'
}

function migrator()
{
mkdir -p /sdcard/apks/"$1"
pm path --user 10 "$1" | while read line ; do cp $(echo "$line" | cut -d":" -f2) /sdcard/apks/"$1"/ ; done
}

Before running migrator, perform web search on sha* hashes of apks.

Also: https://developer.android.com/studio/command-line/apksigner#usage-verify also useful,with -v --print-certs.

TODO: maybe install with pm too, but error message said service had no permission to read files, oh well...

Install apks in main profile, split apks again using SAI.

Pro apps also work this way, if the pro app is separate. Some in-app purchase apps don't recognize it in the main profile that they were paid for (makes sense), however I can cope.

Working


Nova launcher prime (copied apk from play profile), all Simple Mobile tools, like calendar,galery,contacts. Element, Signal (wants no battery optimiziation, you get a message saying that much), Discord, WhatsApp (to be retired). Many other open source apps.

Kind of working



Google Maps (irony, but curiosity), complains about missing play services, but nevertheless allows to continue.

ING banking somehow does not verify from other app instance on other phone on LineageOS. Could activate with iTAN list though.

DKB tan2go requires playservices => so far running in playservices profile.

Not working


eSim:
https://github.com/GrapheneOS/os-issue-tracker/issues/159
Maybe the preexisting can be activated. To be tried.

Location services
Irrelevant, device found location quite quckly without them once I stepped outside.

Agressive energy saving mode. Did not find it. Pixel specific it seems, not AOSP? Didn't use it, so I don't care.
Not found: Adaptive connectvity
Not found: Adaptive charging

To be tried



PIN scrambling, but you lose muscle memory advantage.
Low prio: Auditor app.
Low prio: Official google pixel camera app, may make better photos due to software optimziation
...