If you're concerned about your privacy and shopping for a new smartphone, you don't have many options. Many of us tolerate google's data collecting in exchange for the convenience and AI-assisted capabilities that android provides, yet some people purchase an iphone only reluctantly due to apple's great privacy commitment and track record. What if, though, an Android phone could be transformed into a fortress of privacy? This is precisely the goal of GrapheneOS, an aftermarket custom ROM I discovered recently.
GrapheneOS has a straightforward selling point: it provides a private and secure Android experience without hindering the usage of your smartphone. You can download apps through the play store, receive push alerts from Google's servers, and sync your data as you normally would. All while blocking Google from collecting information via your smartphone. But how does this all work, and is it worthwhile to use GrapheneOS? To determine this, I tested it on a Google pixel 6 smartphone.
Why use GrapheneOS: More than a smartphone without Google
Before discussing my installation and use of GrapheneOS, I'll answer the question you're undoubtedly asking: what is a “privacy-hardened” custom ROM? How does GrapheneOS accomplish its privacy-focused objective with Google services installed?
Simply said, GrapheneOS does not take the same approach to Android's privacy and security that we have seen in the past. Instead of completely eliminating Google services, it provides a mechanism to sandbox them.
GrapheneOS does not destroy Google applications in the name of privacy; rather, it modifies their behavior.
Now, sandboxing is not a novel idea. As a security measure, all user-installed programs on Android are purposely sandboxed or separated. This prohibits them from communicating with one another or executing malicious malware that affects the entire system. But, Google apps receive particular consideration. Most Android phones ship with Google services pre-installed as privileged programs on the system partition, thereby granting them unfettered access prior to device setup.
To circumvent this mandate, privacy-conscious customers generally install a custom operating system such as LineageOS and refuse to install any Google applications. While GrapheneOS does not have Google services by default, it is possible to perform the same actions. So what if you wish to use Google services without being tracked? This is where GrapheneOS excels, and where its parallels to other custom ROMs end.
Unlike most other ROMs, GrapheneOS does not require you to add Google apps to the system disk. It permits the installation of the Google Play Store and Play Services as user applications, requiring them to adhere to Android's sandbox. You can also revoke crucial app permissions such as location and file access. The blocking of permissions is as effective as it would be for the twitter app, for instance.
GrapheneOS does not favor Google's applications and services in any way.
Effectively, GrapheneOS enables you to use Google services on your Android device without compromising your privacy. Nevertheless, this is simply the top of the iceberg. During my time with GrapheneOS, I discovered a number of capabilities that I can only hope would eventually make their way to Android.
Which devices are supported by GrapheneOS?
The only supported devices for GrapheneOS are Google Pixel smartphones. You may install GrapheneOS on the Pixel 7 Pro, Pixel 7, Pixel 6a, Pixel 6 Pro, Pixel 6, Pixel 5a, Pixel 5, Pixel 4a 5G, and Pixel 4a.
Google released a new photo picker with android 13 that allows you to share only specific photographs and videos with an app. This implies you are no longer required to grant complete access to your storage or media assets. It's a cool privacy feature, however Google has not yet implemented the new photo selector.
GrapheneOS goes a step further with its alternate permission scheme, Storage Scopes. Upon activation, GrapheneOS will trick the app into believing it has access to all of the requested storage permissions. However, the software will only be capable of creating files. On the App Info > Storage page, I can specify individual files and folders when I want to share a photo or document with the app
What if you could restrict access to specific files and folders via the Storage permission?
Even if Google implements its new photo picker with Android 14 later this year, non-media files will not be supported. In reality, Storage Scopes appears to be superior and, in my experience, works exceptionally well to prevent less reliable apps from accessing my storage.
A reason for using multiple user profiles
Android permits the creation of several user profiles, each with its own collection of applications, accounts, and data. You might also use the feature to share a tablet across numerous users. Applications cannot “see” outside of the current profile, making it another privacy-enhancing feature.
GrapheneOS enables the usage of several user profiles to further isolate applications. As GrapheneOS installs Google services as regular programs, we may move them to a secondary profile along with other background-running apps.
GrapheneOS also allows me to forward notifications from a different profile to the one I'm now utilizing. With other Android devices, I was required to log in to each user profile in order to check for missed alerts, which was inconvenient.
Have you ever questioned why a flashlight app requires internet connectivity?
With GrapheneOS, I can easily prevent applications from connecting to the internet. Whenever I install a new app, a window appears asking whether I want to permit network access.
With any other Android device, you can utilize a firewall such as Netguard to accomplish the same goal. Nonetheless, it may be more easy and beneficial to prevent internet connection before installing a new application. In addition, firewall applications such as Netguard construct a VPN on the device to filter network traffic. This method prohibits users from connecting to a VPN.
With GrapheneOS, you may block network access to specific applications and connect to a VPN simultaneously. I bring this up since most individuals who are concerned about their device's security utilize a VPN.
Further security and privacy benefits
If that wasn't enough, GrapheneOS also has additional security and privacy-focused features. Here are few instances:
Each time I unlock my phone, the lock screen on GrapheneOS rearranges the PIN input configuration (pictured above). This prevents anyone from deducing my PIN based solely on my hand movements. This feature was available in third-party gallery vault apps nearly a decade ago, but it has yet to arrive on Android.
Toggle access to sensors such as the compass, gyroscope, and barometer. This is an app permission that, when disabled, prevents the app from getting any sensor data.
A number of Android OEMs offer the ability to plan nightly or weekly automatic reboots, but Google does not. Why would you choose to allow it? Rebooting a device clears the encryption keys from memory and requires the device owner to enter a PIN, making it more secure.
Despite the fact that installation is still a multi-step process, the most of it takes occur within a web browser. Even better, I didn't have to worry about downloading the incorrect zip file or flashing something that might have bricked my phone. The documentation for GrapheneOS provides an excellent step-by-step instruction. Yet even that is largely reduced to pressing a few buttons on a computer and accepting the prompts that appeared on my connected phone.
Installing GrapheneOS requires very little work, and the majority of the process may be completed through a web browser.
Using Google's web-based flashing tool is all that is required to revert to the stock ROM. Overall, it is a significant improvement over the hitherto arduous and hazardous method.
GrapheneOS can also be installed using the command line, but the WebUSB way should work just as well. And once GrapheneOS is booted, installing sandboxed Play Services requires minimal effort. The “Apps” app contains all essential Google applications.
How do I install the Graphene operating system?
To install GrapheneOS on your Pixel smartphone, you must enable OEM Unlocking from the Developer Settings menu. Next, connect the device to a computer via USB-C and navigate to the GrapheneOS web installation. The installer will walk you through unlocking the bootloader of your phone, flashing the custom ROM, and relocking the bootloader.
The disadvantages of GrapheneOS: What does not function?
I have primarily lauded the benefits of GrapheneOS without expanding on its drawbacks. There are, however, a few exceptions, some of which are more significant than others.
GrapheneOS can initially only be installed on newer Pixel smartphones. This may seem counterintuitive, given that you must purchase a Google-branded phone in order to start from scratch. Nonetheless, there are other legitimate reasons for this juxtaposition, including the fact that Google does not prohibit the installation of alternative operating systems. Also, the firm frequently updates its kernel source code, device tree, and factory images.
Even if you can tolerate the Pixel-only requirement, GrapheneOS only supports devices as long as they continue to receive Android security upgrades. This implies that, for example, the Pixel 3 series will no longer receive updates from Google or the GrapheneOS project. After “firmware, kernel, and vendor code are no longer actively maintained,” according to the developers, it is impossible to keep older devices secure.
GrapheneOS is only compatible with contemporary Pixel phones that continue to receive security upgrades.
The elephant in the room is then app compatibility. Even while the vast majority of Google apps function without issue, some, such as Android Auto, are incompatible with the sandbox concept of GrapheneOS. Yet, GrapheneOS is more compatible than a smartphone without Google services. Even third-party apps such as Uber that rely on Google Maps operate flawlessly.
Without Google's certification, GrapheneOS cannot pass all SafetyNet compatibility tests. This implies that Google Pay and a tiny number of third-party apps do not support NFC payments. You may be able to conduct contactless payments through your bank's app instead of Google Pay. The majority of applications do not check for the maximum level of SafetyNet, therefore problems are uncommon. GrapheneOS also supports AOSP's hardware attestation feature, although app developers are responsible for adopting it.
If you are ready to accept these two trade-offs, however, I can safely declare that you can use GrapheneOS as your primary smartphone operating system. Throughout my use of it, I never experienced any inconvenience. In contrast, the phone appeared and performed identically to any other Pixel 6. Given that modified ROMs have a reputation for being problematic at best and unreliable at worst, this is great praise.