I’ve been using GrapheneOS for about 5 years.

Google pay won’t work, but everything else should. I’ve never experienced any of the issues the other commenter had, and I’ve installed Graphene on 4 devices (not dismissing you BTW, just saying I think your experience is quite uncommon).

I don’t think third-party launchers are a good idea (you’re giving full device permission to an unneeded app) but it should work.

Almost every app I wanted to use worked with Graphene before they introduced their sandboxed google services, and now everything I’ve tested works with Google push notifications. The only exception is Google pay, and there are upstream reasons for that. Keep in mind, on a very rare occasion the hardened memory allocator breaks compatibility (again this is very rare), but there is an app-specific setting toggle to turn this off so it’s kind of a non-issue.

Removed by mod

deleted by creator

deleted by creator

deleted by creator

Not tiktok music?

Can I ask why?

LineageOS supports a custom avb (android verified boot) key and a locked boot loader on a very limited number of devices, and surely not a galaxy s4. Which is to say if malware was installed on your device it could be persistent through boot/reboot cycles. There will be no verifying OS integrity. Also on a device that’s been unsupported for that many years, the firmware and software that you’ll have access to is dramatically less secure. And this just can’t improved by also not having a locked bootloader.

Lineage can only do so much to support devices after they’ve reached EOL, which while I agree sucks, it’s a problem that’s at the hardware level (Qualcomm and Samsung make it impossible to continue meaningful support).

I understand if you’re trying to keep a device alive that you already have, but buying a phone for this purpose is probably not a good call. Or do you live in an area with limited access to newer tech?

If you can at all, the cheapest and best move would be to buy something like a Pixel 6a or 7a (or even a 5a) and run GrapheneOS.

I set up 2FA via a hardware security key (a yubikey) for login, sudo etc. I then tried to switch security keys, removing the old pam files and adding a new one. But I didn’t tidy the pam files up before logging in, and there was effectively no way to log in, since editing the pam files required sudo access to edit in the first place. So basically the whole system required access to a pluggable authentication module that it no longer had any ability to recognize. It was honestly pretty funny. I did manage to recover my data by booting from a live system and decrypting my drive from there.

I’ve also accidentally removed my desktop environment twice while trying to update Python versions and then cleaning up old packages, but that’s kinda not that big deal and is just a facepalm moment.