The phone’s operating system controls how software and hardware work together. Most phones work on either Android or iOS. The former is dominant because users have more control over customization and with that comes more choices – whether it’s hardware or software. It also helps that the core of Android is open source, allowing developers to create custom flavors of the operating system they love. GrapheneOS is one such flavor.
So what is it? How does it work? And is it better for privacy and security?
What exactly is GrapheneOS?
GrapheneOS is an open source, albeit customized version of Android that prioritizes privacy and security. It started as an Android hardening project to eliminate the security and privacy issues inherent in Google’s Android. Today, it’s one of the alternative operating systems you can install to opt out of pervasive tracking and data collection.
What makes GrapheneOS private and secure?
Really, there’s no escaping Google’s data collection and monetization as an Android user, even with anonymous user accounts and ad settings turned off. According to the developers, GrapheneOS differentiates Google from the Android experience while offering better security.
Sandboxing to prevent data collection
The first thing you’ll notice when you install GrapheneOS is the absence of the Google experience. That’s because the operating system unbound Google Mobile Services (GMS). On the surface, that means Google apps like the Play Store, Search, Chrome, Maps and Photos are absent. This breakdown also extends to the Google APIs responsible for niche features such as passwordless logins and push notifications.
You can still use GMS on GrapheneOS, but the apps and APIs will be sandboxed. This way, app developers don’t gain special access or exploit app privileges to collect your user data.
AES encryption for files and metadata
GrapheneOS does this mainly through file-based disk encryption and metadata encryption. Its file-based encryption uses unique, random keys that are generated when you turn on the device and destroyed after each session. Likewise, GrapheneOS uses metadata encryption to protect sensitive data stored in user profiles. Both encryptions are based on AES-256, arguably the most secure form of encryption available.
Verified startup to defend against malicious attacks
Verified boot is one of the first layers of defense in GrapheneOS. The idea is to detect and prevent malicious changes to the operating system if your phone is hacked.
Your device will only boot if the operating system certifies the integrity of the operating system. If the system detects changes during boot, such as compromised hardware or corrupt data, it will attempt to obtain the original data. Otherwise, the device will not boot.
Strict app permissions
Apps on Android collect and store data locally and transfer this data to the developers’ servers when you connect to the Internet. GrapheneOS limits how apps can collect and send your data via the network and sensor permission. The network permission switch prevents an app from directly or indirectly accessing available networks without your express consent. You can set this restriction by default for all apps or on an app-by-app basis during installations.
The same applies to the sensors on your device, i.e. camera, microphone, accelerometer and gyroscope. Of course, many apps have legitimate reasons to access some of these sensors, such as the fitness tracker or QR code scanner. But some apps regularly abuse permissions to collect data—you’ve probably raised an eyebrow when a flashlight app asks to access your location and contacts. The sensor permission switch prevents such apps from accessing sensors beyond what is necessary for functional user experience.
Open source Anyone can revise
GrapheneOS is based on the original Android Open Source Project (AOSP) and continues to be open source. The source code is publicly available to anyone who can help with development and revision. The main advantages of open source projects over closed source is that developers and users with the skill set can flag bugs or vulnerabilities.
Furthermore, anyone can contribute corrections and confirm that problems have been fixed. It is not decentralized because GrapheneOS developers must review and approve contributions. Nevertheless, this open model ensures that the project is held to the highest standards of privacy and security.
And there’s a full feature page if you want to know more.
But GrapheneOS isn’t perfect
Google spiced up the Android Open Source Project (AOSP) when it took over. GrapheneOS is Android in the pure, private, secure form it was meant to be. As such, dropping GMS and Google’s custom Android shell from the operating system means a drop in aesthetics. Still, considering the privacy and security benefit, this trade-off is arguably worth it. There are also other things to get used to…
You will miss push notifications
Notifications still work on GrapheneOS. The problem comes when an app relies heavily on GMS to retrieve and sync data for instant push notifications. With GMS absent, such apps are stuck syncing data. So you may need to open an app manually to get notifications. GrapheneOS developers say:
“Most apps that are able to run without Google Play Services will have working notifications when they are in the foreground. Unfortunately, not many apps implement a service to continue receiving events from their [sic] server in the background. On standard OS, they rely on receiving events through Google servers via Firebase Cloud Messaging (FCM) in the background and sometimes even in the foreground, although it does not have good reliability/latency.”
The bottom line is that, on the one hand, you’re not constantly bothered by notifications, and your phone isn’t buzzing every two minutes. This is great if you’re on a digital detox or taking control of your online activities. But on the other hand, you might miss important emails – like 2FA confirmations or password resets.
No syncing across devices
GMS syncs your devices and account activity. This cross-device sync makes it easy for you to pick up where you left off across multiple devices, such as browser and location history, game/app data, and passwords. Removing SMS from your phone means you no longer enjoy cross sync. However, it also means that apps can no longer track you across boards.
You have to get apps from other stores
Even though GMS is absent, you can still download Google and third-party apps through the Google Play sandbox feature. It’s actually comforting to be familiar with apps from the Google Play Store. But if you want the best privacy and security on GrapheneOS, you’ll need to get your apps from F-Droid or the Aurora Store.
These stores have smaller app libraries, but you’ll see most of the mainstream apps you use here. Unlike the Play Store, you don’t need to create a user account before you can download apps. This already limits how much Google can track your app usage.
Should you use GrapheneOS?
It depends on. You should consider installing GrapheneOS if privacy and security are important to you. If you decide to switch, however, there is an issue with device compatibility. GrapheneOS is only stable on Pixel devices. Given the history so far, it’s understandable if you think this compatibility issue sounds counterintuitive. GrapheneOS is more stable on Pixels than other phones because Pixel devices offer superior hardware features, especially the security chipsets.
GrapheneOS developers also have official production support for the Pixel series. This way you get the latest software updates as soon as they become available. You can still use the OS on other phone brands, but you have to rely on other developers for updates and bug fixes.
GrapheneOS: A blue pill, red pill decision
GrapheneOS is a lightweight version of Android, but also a submarine in the digital ocean of phone protection and security. Choosing this operating system over the phone maker’s custom Android shell means trading off aesthetics and convenience for security and privacy. In a world of constant surveillance and data collection, this trade-off is not a bad idea.
Weigh your options before jumping on this ship. You can start by joining the GrapheneOS community to read about current users’ experiences. There is a discussion forum, a Reddit community (defunct, but the chats are still there), and the Matrix chat room.