GrapheneOS is a privacy-focused operating system for mobile devices. I’ve been a user for several months and am a huge fan, though it’s important to acknowledge that no OS is perfect, and GrapheneOS has a few nuances users should be aware of.
Things Of Note
Currently, GrapheneOS can only be installed on Google Pixel devices. This requirement stems from Google’s previous practice of releasing source code and bootloader information, which allowed the GrapheneOS team to easily load the OS and provide full driver updates. This strong security foundation contributes heavily to the OS’s privacy.
Recently, Google has begun locking down some Pixel device source code, making it more challenging for the GrapheneOS team to release updates. Despite this, updates are still being provided, showing the team’s commitment. There is also news that GrapheneOS has partnered with a non-Google cell phone manufacturer, hinting at the potential release of official GrapheneOS devices. For now, tablet support is also limited to Pixel tablets.
GrapheneOS is an offshoot of Android, based on the open-source Android Open Source Project. A key feature is the ability to run without Google Play Services, which many consider spyware (because it is). Users can instead choose alternative app sources like the anonymous Aurora Store, F-Droid, or the built-in GrapheneOS App Store. I have a article detailing the installation process on a Pixel device, which is quite simple due to a web-based installer that automates the setup.
GrapheneOS Overview
When GrapheneOS first boots up, the home screen is extremely minimal with very few apps, as this is central to the OS’s purpose. I installed some apps from privacy-focused stores such as the anonymous Aurora Store and F-Droid. I keep my apps minimal because having more apps increases the risk of being tracked by app providers and Google. Many services also require Google Play Services, which is essentially spyware. The minimalist setup also reduces my overall phone usage. For services like Uber Eats, I use the website instead of an app, preventing constant location tracking.
GrapheneOS has no Google services by default, meaning no YouTube or Google Maps apps, though workarounds exist. Some apps, like my Ring video doorbell, display a quick warning about missing Google Play Services, but functions normally.
The first major limitation I encountered was the default camera app, which only records video at 30 frames per second (fps), while my Pixel 8 Pro hardware is capable of 60 fps. To fix this, I installed the third-party “Open Camera” app, which is privacy-focused, open source, does not require Google Play Services, and allows for 60 fps recording.
Another nuance involves navigation. I avoid Google Maps and use “Magic Earth”, which is heavily privacy-based and doesn’t require a Google account. The challenge I faced was that Magic Earth, and even Google Maps on a separate profile, sometimes failed to determine my location accurately. This was a difficult caveat to overcome; there was no documentation on the GrapheneOS site, so I had to use my technical skills to find the fix through experimentation.
To fix the location issue, I went into the main system settings and searched for “GPS.” Under Location, I found and enabled Secure User Plane Location, which was off by default. Critically, I switched the server option from standard to the GrapheneOS proxy to mask my data. I also changed the Predicted Satellite Data Services from off to the GrapheneOS server. After applying these changes, both Magic Earth and Google Maps on my third profile worked flawlessly for navigation.
Profiles
GrapheneOS supports multiple user profiles, which is crucial for privacy. The key reason for profiles is that apps can scan your device to see what other applications are installed, which is particularly common with banking apps. The solution is to keep your main profile as secure and minimal as possible, installing only necessities like Open Camera and Signal, which I use for calls and encrypted messaging since standard SMS and phone calls can be sold by telecom providers.
When switching to a secondary profile, you can use a security feature called lock screen scrambling. If my passcode is, for example, 2400, a shoulder surfer could easily learn it. However, GrapheneOS scrambles the number pad layout every time, making it impossible to predict the pattern or know what number is being pressed.
Loading a new profile takes about 15 seconds to sync up. I install ProtonVPN on every profile, and once the VPN connects, the profile is ready. In my secondary profile, you’ll see many more apps, as this is where I install services that require Google Play Services, such as food tracking apps like Uber Eats, which can be privacy-invading. The important distinction is that GrapheneOS sandboxes Google Play Services, making them different from a traditional installation.
The GrapheneOS team implemented a clever system for Google Play Services. Within a secondary profile, a notification indicates that the sandboxed Google Play is running. This is a minimized version of the services, granted just enough permissions to allow necessary apps to function, but restricted from extensively tracking your data. To activate it, you use the official GrapheneOS App Store, which lists Google Play Services, Google Play Store, and Android Auto as app services to install. You must install Google Play Services first to enable the others.
When not on my main profile I can receive alerts from my main profile notifications like Signal messages, but the preview is hidden for privacy. To shut down any profile other then the main one and all its associated apps, I swipe down twice, tap the power icon, and select End Session. This terminates the secondary profile, effectively stopping all tracking from any apps within it, such as Google Maps. This functionality makes each profile act like a separate virtual phone within the physical device, providing robust privacy.
I want to emphasize that GrapheneOS is not flawless, despite what other videos ad articles suggest; there are trade offs. For example, I had to set up my fingerprint lock screen separately on every profile. Since the profiles act like virtual phones, this meant setting up the fingerprint three different times. While this is slightly inconvenient initially, the peace of mind that comes from not being constantly tracked makes the process worthwhile.
Another annoyance is my MP3 songs I have on my main profile. At times for long trips I’ll use Android Auto in my newer car which is only active on my third profile, except the MP3s from my main profile aren’t available on any other profile. This is good and bad. It’s good because privacy invading services you might have like Gemini (or other AI that constantly scan your screen) can’t view private data like pictures taken on your mail profile. However, it’s annoying because I have to copy all the MP3 songs from my main profile, to my third profile that has Android Auto.
Not only is this process annoying but it means doubling the data usage because I have my songs on my main profile and again in my third profile. Again, it’s the cost of extreme privacy.
That concludes my overview of GrapheneOS. If you are interested in installing it, I have a separate, step-by-step guide available.
