GrapheneOS

GrapheneOS is an open-source, privacy- and security-focused Android operating system that runs on selected Google Pixel devices, including smartphones, tablets and foldables.

History

The main developer, Daniel Micay, originally worked on CopperheadOS, until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018. After the incident, Micay continued working on the Android Hardening project, which was renamed as GrapheneOS and announced in April 2019.

In March 2022, two GrapheneOS apps, "Secure Camera" and "Secure PDF Viewer", were released on the Google Play Store.

Also in March 2022, GrapheneOS reportedly released Android 12L for Google Pixel devices before Google did, second to ProtonAOSP.

In May 2023, Micay announced he would step down as lead developer of GrapheneOS and as a GrapheneOS Foundation director. As of September 2024, the GrapheneOS Foundation's Federal Corporation Information lists Micay as one of its directors.

Features

Sandboxed Google Play

By default Google apps are not installed with GrapheneOS, but users can install a sandboxed version of Google Play Services from the pre-installed "App Store". The sandboxed Google Play Services allows access to the Google Play Store and apps dependent on it, along with features including push notifications and in-app payments.

Around January 2024, Android Auto support was added to GrapheneOS, allowing users to install it via the App Store. The Sandboxed Google Play compatibility layer settings adds a new permission menu with 4 toggles for granting the minimal access required for wired Android Auto, wireless Android Auto, audio routing and phone calls.

Security and privacy features

GrapheneOS introduces revocable network access and sensors permission toggles for each installed app. GrapheneOS also introduces a PIN scrambling option for the lock screen.

GrapheneOS randomizes Wi-Fi MAC addresses per connection (to a Wi-Fi network) by default, instead of the Android per-network default.

GrapheneOS includes automatic phone reboot when not in use, automatic WiFi and Bluetooth disabling, and system-level disabling of USB-C port, microphone, camera, and sensors for apps. Additionally, it offers the "Contact Scopes" feature, which allows users to select which contacts an app can access.

A hardened Chromium-based web browser and WebView implementation known as Vanadium, is developed by GrapheneOS and included as the default web browser/WebView. It includes automatic updates, process and site-level sandboxing, and built-in ad and tracker blocking.

Auditor, a hardware-based attestation app, developed by GrapheneOS, which ''"provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device"'' is also included.

Apps like Secure Camera and Secure PDF Viewer offer features such as automatic removal of Exif metadata and protection against malicious code in PDF files.

Installation

GrapheneOS currently is only compatible with Google Pixel devices, due to specific requirements that GrapheneOS has for adding support for a new device, including an unlockable bootloader and proper implementation of verified boot.

The operating system can be installed from various platforms, including Windows, macOS, Linux, and Android devices. Two installation methods are available: a WebUSB-based installer, recommended for most users, and a command-line based installer, intended for more experienced users.

Reception

In 2019, Georg Pichler of ''Der Standard'', and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."

In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.

''Svět Mobilně'' and ''Webtekno'' repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.

In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android systems, while enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be." They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest", but "it can better secure the devices during their remaining life while protecting privacy."

In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS, were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security." However, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said "it might take two full seconds for an app—even if it’s just the Settings app—to fully load."

In March 2022, writing for ''How-To Geek'' Joe Fedewa said that Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.

In 2022, Jonathan Lamont of ''MobileSyrup'' reviewed GrapheneOS installed on a Pixel 3, after one week of use. He called GrapheneOS install process "straightforward" and concluded that he liked GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.

In his initial impressions post a week prior, Lamont said that after an easy install there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."

In July 2022, Charlie Osborne of ZDNET suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.

In January 2023, a Swiss startup company, Apostrophy AG, announced AphyOS, which is a subscription fee-based Android operating system and services "built atop" GrapheneOS.

See also

* Comparison of mobile operating systems
* List of custom Android distributions
* Security-focused operating system

References and notes

External links

*

{{Mobile operating systems

Android (operating system) software
ARM operating systems
Computing platforms
Custom Android firmware
Embedded Linux distributions
Linux distributions
Linux distributions without systemd
Mobile Linux
Operating system families
Mobile operating systems
Software using the Apache license