GrapheneOS: first steps
after receiving your phone
Your Norypt phone is already fully configured. This guide covers the six things you do yourself — starting with the most important: your passwords.
Already done for you
What Norypt configured before dispatch
You do not need to verify these settings — they are applied before the device leaves. The steps below are the ones only you can complete, because they involve your personal passwords and preferences.
Your first steps
Six things to do when your phone arrives
Set your PIN or passphrase
Settings → Security → Screen lock
Your phone arrives with a temporary lock screen. The first thing to do is set your own strong passphrase — at least 8 characters with a mix of letters and numbers. Avoid short PINs. This passphrase encrypts the device at rest: the longer and more random, the better.
Set your duress password
Settings → Security → Screen lock → Duress password
A duress password is a secondary passphrase that, when entered at the lock screen, silently triggers a full device wipe — indistinguishable from a normal unlock to anyone watching. Choose something that looks like a real password but is clearly distinct from your actual one. Write it down somewhere safe until you have it memorised.
The device will wipe immediately when the duress password is entered. Test it mentally — not on the device.
Review auto-reboot settings
Settings → Security → Auto reboot
Your phone is configured to automatically reboot after a set period of inactivity. After a reboot, the device returns to its encrypted-at-rest state and requires your full passphrase to unlock. Confirm the timer is set to a value that suits your usage. The default is already configured before dispatch.
Connect and activate
Wi-Fi, SIM, or eSIM
Insert your SIM card or connect to Wi-Fi. If your order included a Norypt eSIM, the activation profile is pre-loaded — follow the enclosed instructions to activate it. Mullvad VPN is pre-installed and ready to activate; open the Mullvad app and redeem the included voucher code.
Open Signal and Telegram
Already installed and linked to a burner number
Signal and Telegram are already installed and configured with a virtual burner number — your real phone number is never associated with these accounts. You can send and receive messages immediately. To add your own contact number, open the app settings and link a second account.
Review app permissions
Settings → Apps → [App name] → Permissions
Every app on the device was granted only the permissions it needs. Before installing new apps, review what permissions they request. GrapheneOS lets you grant permissions on a per-session basis rather than permanently — use this for any app that requests camera or microphone access.
Questions about your setup?
Message us directly on Signal or Telegram. You will be talking to the same person who configured your device.
Learn more
Understand what's on your phone
What is GrapheneOS?
What makes it different from stock Android and why it matters.
ReadApp compatibility
What works on GrapheneOS, what needs a workaround, what to replace.
ReadZero-trust configuration
Going further: per-app firewall, profiles, and hardware attestation.
ReadNorypt Protect (free app)
Local-only Android security: lock or wipe instantly. No internet permission, no telemetry.
ReadRemote wipe without Google
Three open-source ways to lock or wipe an Android phone without a Google account.
Read