A practical first-week setup checklist for a Privacy Devices Pixel running GrapheneOS — written for buyers in Australia, with the steps in the order you will actually do them.
If you bought your device from us, the following are already done for you: GrapheneOS installed, verified boot relocked, Threema activated, Mullvad VPN keyed, global eSIM provisioned, Phantom Protocol armed, and update channels confirmed. You can skip past the install steps and start at Day 1.
If you flashed GrapheneOS yourself, do the device install first using grapheneos.org/install/web, then come back here.
8 digits minimum, not the same as any bank or unlock PIN you use elsewhere. The PIN protects encryption keys at rest. If you forget it, the device cannot be recovered.
Avoid public Wi-Fi for setup. Use a known home or office network until Mullvad VPN is connected.
Settings → System → System update. Apply any pending update. Reboot when prompted.
Your device ships with Threema activated and Mullvad VPN keyed. Sign in using the printed credentials sheet that came with the device. Verify your Threema ID matches the one we sent you (Settings → My ID inside Threema).
For deeper background see our Signal vs Threema on GrapheneOS comparison.
GrapheneOS supports up to 32 user profiles. Treat them like separate phones: each has its own apps, encryption keys, notifications, and storage.
To add a profile: Settings → System → Users → Add user.
Open the secondary profile. Install Aurora Store from F-Droid. Install your banking apps from Aurora Store. Most Australian banks work on GrapheneOS — we test compatibility before dispatch. If yours does not, contact us first — do not switch device or rooting state.
For a complete app compatibility list see our app compatibility guide.
Confirm the duress PIN, remote-wipe trusted contact, and rapid-lockdown gesture. We pre-configure all three. To verify: contact us via Threema and we will walk through a live test (simulated — no actual wipe). See Phantom Protocol overview.
Boot the phone, set a strong device PIN (8+ digits, not your bank PIN), connect to trusted Wi-Fi, run Settings → System → System update to confirm you have the latest GrapheneOS build, then sign into Threema and Mullvad VPN using the credentials we provided.
No. GrapheneOS is fully usable without any Google account. If a specific app you need requires Google services, you can install Sandboxed Google Play in a separate Owner profile or work profile — never in your primary profile.
Use the pre-installed App Store (GrapheneOS), F-Droid for open-source apps, and Aurora Store for Play Store apps without a Google account. Avoid sideloading APKs from unknown sources.
Yes — most Australian banks (CBA, ANZ, Westpac, NAB, Macquarie, Up, ING, Bendigo) work on GrapheneOS via Sandboxed Google Play in a secondary profile. We test compatibility before dispatch and document known issues. See our banking apps guide.
GrapheneOS supports up to 32 isolated user profiles, each with separate apps, accounts, and storage. We recommend keeping the Owner profile for sensitive use only, and a secondary profile for banking, social, and Google-ish apps. Profiles are cryptographically isolated.
Settings → Security → Auto-reboot and Duress password. Enter a separate PIN that, when used, silently wipes the device. We pre-configure this as part of Phantom Protocol — verify the trigger PIN with us via Threema after dispatch.
GrapheneOS pushes monthly Android security patches plus its own privacy and security features. Updates install automatically when the device is idle and charging. You do not need to do anything.
Skip the setup. Every Privacy Devices phone ships with this entire checklist already complete — configured, hardened, and tested before dispatch.
Browse Secure Devices → Talk to a Specialist