Your phone’s operating system manages how software and hardware work together. Most phones work on either Android or iOS. The former is dominant because users have more control over customization and with that comes more choices—whether it be hardware or software. It also helps that the core of Android is open-source, allowing developers to create custom flavors of the operating system they love. GrapheneOS is one such flavor.

So what is it? How does it work? And is it better for your privacy and security?

What Is GrapheneOS Exactly?

GrapheneOS is an open-source, albeit custom version of Android that prioritizes privacy and security. It started as an Android hardening project to eliminate the security and privacy issues inherent in Google’s Android. Today, it is one of the alternative operating systems you can install to disconnect from pervasive tracking and data collection.

What Makes GrapheneOS Private and Secure?

Photo of a Sign Saying Privacy Please

Really, there’s no escaping Google’s data collection and monetization as an Android user, even with anonymous user accounts and ad preferences turned off. According to its developers, GrapheneOS unbundles Google from the Android experience while also offering better security.

Sandboxing to Prevent Data Collection

The first thing you’ll notice when you install GrapheneOS is the absence of the Google experience. That’s because the OS unbundled Google Mobile Services (GMS). On the surface, that means Google apps like Play Store, Search, Chrome, Maps, and Photos are absent. This unbundling also extends to the Google APIs responsible for niche features like passwordless sign-ins and push notifications.

You can still use GMS on GrapheneOS, but the apps and APIs will be sandboxed. This way, app developers do not get special access or exploit app privileges to collect your user data.

AES Encryption for Files and Metadata

GrapheneOS mainly does this through file-based disk encryption and metadata encryption. Its file-based encryption uses unique, random keys generated when you turn on your device and destroyed after each session. Likewise, GrapheneOS applies metadata encryption to protect sensitive data stored in user profiles. Both encryptions are based on AES-256, arguably the most secure form of encryption out there.

Verified Boot to Defend Against Malicious Attacks

a flow chart of verified boot
Image Credit: Android.

Verified boot is one of the first layers of defense in GrapheneOS. The idea is to detect and prevent malicious modifications to the operating system if your phone is hacked.

Your device will only boot if the operating system certifies the integrity of the operating system. If the system detects changes during boot, such as compromised hardware or corrupt data, it will attempt to obtain the original data. Otherwise, the device will not boot.

Strict App Permissions

Apps on Android collect and store data locally and transfer that data to the developers’ servers when you connect to the internet. GrapheneOS restricts how apps can collect and send your data through the network and sensors permission toggle. The network permission toggle prevents an app from directly or indirectly accessing available networks without your explicit consent. You can set this restriction by default for all apps or on an app-by-app basis during installations.

The same goes for the sensors on your device, i.e. camera, microphone, accelerometer, and gyroscope. Of course, many apps have legit reasons to access some of these sensors, like your fitness tracker or QR code scanner. But some apps regularly abuse permissions to collect data—you’ve probably raised an eyebrow when a flashlight app asks to access your location and contacts. The sensors permission toggle prevents such apps from accessing sensors beyond those needed for functional user experience.

Open Source Code Anyone Can Audit

GrapheneOS is based on the original Android Open Source Project (AOSP) and continues to be open-source. The source code is publicly available for anyone to help develop and audit. The main merits of open-source projects over closed-source is that developers and users with the skillset can flag bugs or vulnerabilities.

Furthermore, anyone can contribute fixes and confirm that issues have been fixed. It’s not decentralized because GrapheneOS developers have to review and approve contributions. Nevertheless, this open model ensures that the project is held to the highest standards of privacy and security.

And there’s a full features page if you want to know more.

But GrapheneOS Is Not Perfect

Man Wearing Red Crew-neck Sweater

Google spiced up the Android Open Source Project (AOSP) when it took over. GrapheneOS is Android in the clean, private, secure form it was meant to be. As such, dropping GMS and Google’s customized Android skin from the OS means a drop in aesthetics. Still, considering the privacy and security benefit, this trade-off is arguably worth it. There are also other things to get used to...

You Will Miss Push Notifications

Notifications still work on GrapheneOS. The problem comes when an app mostly depends on GMS to fetch and sync data for instant push notifications. With GMS absent, such apps lag in syncing data. So, you may have to manually open an app to get notifications. GrapheneOS developers say:

“Most apps that are able to run without Google Play services will have working notifications when they're in the foreground. Unfortunately, many apps don't implement a service to continue receiving events from their [sic] server in the background. On the stock OS, they rely on receiving events through Google servers via Firebase Cloud Messaging (FCM) in the background and sometimes even in the foreground, although it doesn't have good reliability/latency.”

The gist is that, on the one hand, you are not constantly plagued by notifications, and your phone does not buzz every other minute. This is great if you’re on a digital detox or taking control of your online activities. But on the other hand, you may miss important emails—for example, 2FA confirmations or password resets.

No Cross-Device Sync

GMS syncs your devices and accounts activity. This cross-device sync makes it easy for you to pick up where you left off on multiple devices, e.g. browser and location history, game/app data, and passwords. Unbundling GMS from your phone means you no longer enjoy cross-sync. However, it also means apps can no longer track you across boards.

You Have to Get Apps From Other Stores

Although GMS is absent, you can still download Google apps and third-party apps through the sandboxed Google Play feature. Indeed, there is comfort in the familiarity of getting apps from the Google Play Store. However, if you want the best privacy and security on GrapheneOS, you will need to get your apps from F-Droid or Aurora Store.

These stores have smaller app libraries, but you will see most mainstream apps you use here. Unlike Play Store, you don’t need to create a user account before you can download apps. This already limits how much Google can track your app usage.

Should You Use GrapheneOS?

Doctor offering choice to patient in office

It depends. You should consider installing GrapheneOS if privacy and security are important to you. If you decide to switch, though, there is the issue of device compatibility. GrapheneOS is only stable on Pixel devices. Given the story so far, it’s understandable if you think this compatibility issue sounds counterintuitive. GrapheneOS is more stable on Pixels than other phones because Pixel devices offer superior hardware capabilities, particularly their security chipsets.

Also, GrapheneOS developers have official production support for the Pixel series. This way, you get the latest software updates as soon as they become available. You can still use the operating system on other phone brands, but you will have to rely on other developers for updates and bug fixes.

GrapheneOS: A Blue Pill, Red Pill Decision

GrapheneOS is a lightweight version of Android but also a submarine in the digital ocean of phone privacy and security. Choosing this operating system over your phone manufacturer’s custom Android skin means trading aesthetics and convenience for security and privacy. In a world of constant surveillance and data collection, that trade-off is not a bad idea.

Weigh up your options before jumping on this ship. You can start by joining GrapheneOS communities to read about current users’ experiences. There is a discussion forum, a Reddit community (discontinued, but the chats are still there), and Matrix chat rooms.