Why You Should Use GrapheneOS

Before we answer the question of what GrapheneOS is, we first need to understand what Android is. Android is widely just viewed as a Google- or Samsung-flavored alternative to iOS, but it's a fair bit more nuanced than that.

Android originally began its life as an open source operating system designed for touchscreen devices such as phones and tablets. It is a modified version of the Linux kernel, a crucial component of the GNU/Linux operating system which, for the purposes of this article, can simply be viewed as a free and privacy-respecting alternative to desktop operating systems such as Windows and macOS. This version of Android still exists and is still open source, but isn't the same Android as the one running on most modern smartphones.

Most modern Android phones are running a highly modified version of Android developed by Google, which is proprietary (i.e. closed-source) and most definitely not privacy-respecting, although we'll get to that bit later. This is why, if you own an Android phone, you will most likely be downloading your apps from the Google Play store even if your phone is manufactured by Samsung, Motorola, LG, or anyone else. Many phones will also typically come pre-packaged with software from the manufacturer in addition to Google's modifications.

This Google-fied version of Android is confusingly just called Android. The original open source Android is officially referred to as the Android Open Source Project, or AOSP for short. In the interest of clearness, I'll be referring to Google's Android as Google/Android. While AOSP remains as the foundational layer of Android, most of the app ecosystem is built on the back of Google/Android. To be more precise, modern apps rely on Google Play services.

Google's software has many issues that I will discuss throughout this article, but the fundamental problem with Google/Android isn't specific to Google/Android. Google/Android's greatest flaw is that it is proprietary. In other words, this means that its source code is not available to the public.

So what's wrong with proprietary software?

Because the source code isn't viewable by the general population, users of proprietary software will have no idea what code the software is actually running. Proprietary programs could be collecting sensitive information about the user, and the user would have no way of knowing this. If an app developer claims to respect the user's privacy and to not collect data about him or her... Well, that's very nice of them and all, but without access to the source code, those promises are empty. Ultimately, you would just have to take them at their word -- a fool's errand, given their track record for harvesting and selling user data.

An open source system, by contrast, is a trust-less system. You don't need to trust the developers of the apps, since you (or somebody more tech-savvy) can audit the code for yourself. Open source applications, by their very nature, don't allow for the same level of mischief as proprietary software.

A real world example

Audacity is a highly popular free and open source audio editing tool. In an update, Audacity's developers implemented telemetry, a form of tracking in which they collect "anonymous" usage statistics for bug reporting. With Audacity being open source, people caught wind of this very quickly. The developers received swift and harsh backlash for this that caused them to dial back the changes. Some people also took it upon themselves to fork Audacity. Forking is a process in which someone takes an existing project, makes a copy, and makes changes to that copy. Changes made to the copy won't directly affect the original project. One could think of Google/Android as being a fork of AOSP. In this way, Audacity led to projects such as Tenacity and the humorously named Sneedacity, both of which have gone on to make additional tweaks to the code, primarily in the interest of performance and a more user-friendly experience.

If Audacity had been closed-source, its users would have been none the wiser -- They simply would have carried on using the software, completely oblivious to the presence of tracking. Users of iOS and Google/Android are similarly oblivious to the code running on their devices.

The data Google collects

Now while we can't audit the source code ourselves, we can take an educated guess, based on the data collection habits we've observed in various studies. One study shows that Google is able to ascertain the user's location with a frightening degree of confidence. Using the device's built-in sensors, Google can reliably predict whether the user is sitting, walking, running, driving a car, taking a train, etc. Google's location services are harvesting all of this data and sending it back to Google's servers, allowing them to do God knows what with it.

Without access to the source code, I'd say that the estimates given by these studies are on the conservative side. We may never know the full extent of Google's data collection capabilities.

And in case this isn't obvious to you, everything I'm saying about Google/Android also applies to iOS, since it too is proprietary.

“I don't care about my privacy.”

There's a chance that some of you, perhaps not wanting to give up the luxury your smartphones have afforded you, have fallen back on this idea. This is a huge cope. Now while I don't think you'll actually have to sacrifice much (if anything) by switching to GrapheneOS, I think it's first more important to dispel this idea.

If you don't care about your privacy, then I suppose you wouldn't mind if I unlocked your phone and snooped around your text messages and images, right? You don't have to answer that question.

While this analogy is definitely helpful, it doesn't drive home the sheer creepiness of the privacy-violating behavior that users of Google/Android and iOS are permitting. To that end, I'll borrow an analogy from YouTube user Louis Rossman:

Imagine someone standing outside your window at 2am, peeking through the blinds, and jotting down every little thing you do with a time stamp. “At 2:02am, he got out of bed to have a snack, at 2:07am, he went to the bathroom, at 2:15am, he sat down on the couch, etc.” Most of you would sensibly call the cops on this person.

Now, unfortunately, this person happens to be a multi-billion dollar company with the ability to influence politics and is more powerful than the government, so we can't take him to task for the blatant crimes he is committing. The next best thing you would do to this person is raise your middle finger and close the blinds on him. GrapheneOS is a metaphorical closing of the blinds on big tech.

GrapheneOS is a fork of AOSP with a greater emphasis on privacy-enhancing features, as well as some quality of life fixes and compatibility with Google Play services.

As mentioned previously, most modern Android apps require Google Play services to function. On a typical Google/Android phone, Google Play services run with privileged access. To be more precise, their permissions supersede the user's. That means that Google actually has more control over your device than you do. Unlike normal apps, Google Play services will always have access to your location, camera, microphone, contacts, notifications, etc. even if you turn these features off.

GrapheneOS allows the user to optionally install Google Play services, but with no special privileges. The user can revoke Google's access to his or her location at any time. Same goes for access to contacts, camera, and so on. This is an ingenious solution. It allows users to decide on their terms what kind of data Google is given access to. Compatibility with Google apps is already very strong, well beyond the necessities of most users, and it only continues to improve with updates. If there's an app that you're concerned about, if it already works on Google/Android, chances are very strong that it also works on GrapheneOS. The vast majority of you reading along will have to make no compromises when it comes to your phone habits.

The User Experience

While I think the philosophy behind GrapheneOS and software freedom is important to know, none of it is a prerequisite for actually being able to use GrapheneOS. As a user, you can go on using it as you would any other phone. Nevertheless, there are some little quirks of GrapheneOS that you may want to be aware of.

On GrapheneOS, nothing is assumed. Every app must be given its permissions. In practice, all this means is that you will typically see a pop-up every time you start an app for the first time, asking you to grant it certain permissions. Take Uber for instance:

Upon opening the app for the first time, it will ask for your location access. You can choose to always grant it, grant it on a case-by-case basis, or to never grant it. You can also determine the accuracy of the location data that you share. If you accidentally pick the wrong option, you can easily correct it in the settings for the app. Just go to Settings > Apps > Uber (or the app of your choice) > Permissions.

GrapheneOS does not assume your permission preferences. You decide what data you do or don't share. In addition to the obvious privacy benefits, I also find it to be a much more pleasant user experience.

And that's really why I love GrapheneOS so much. It does more than just meet modern smart phones where they are. It puts control of the device where it belongs: Back in the hands of the user. Since your device isn't running a bunch of extra processes without your consent, you'll likely notice improvements in performance and battery life.

One of the ways in which GrapheneOS improves battery life is giving you greater control over which apps are allowed to run in the background and for how long. By default, apps are allowed to run in the background, but their ability to do so is somewhat limited based on how often you use them. This is referred to as optimized battery usage. It's generally a good idea to leave this setting alone for apps that give you notifications.

By tapping where it says "Allow background usage", you can see some additional settings. Here you can allow apps to have unrestricted access to your battery. If you find that an app isn't giving you notifications, it's a good idea to check this setting.

There's a common misconception (or as common as anything could get when discussing an obscure mobile operating system) that notifications won't work for Google apps on GrapheneOS. This isn't true, but I can see where this is coming from. If you want to get notifications from an app you downloaded from the Google Play store, you must give Google Play services unrestricted access to your battery. Many apps rely on Google Play services to manage notifications, so even if the app has unrestricted battery access, its notifications will fail if Google Play services aren't running in the background. All you need to do is go into Settings > Apps > Google Play services > App battery usage > Allow background usage and then click Unrestricted.

GrapheneOS also provides many quality of life improvements as well. One of my favorite features is the ability to choose between modern iPhone gesture controls, or the three button layout used by older Android phones. This setting can be found in Settings > System Controls > Navigation Mode.

This article has barely scratched the surface. There are all sorts of cool features found in the settings. It's well worth your time to go through them.

Upon booting up GrapheneOS for the first time, you will be greeted by a nearly naked device. The only thing that's installed is GrapheneOS's app suite, which only covers the absolute bare essentials: Phone, text messaging, camera, web browser, etc. If you want to download more apps, you're not limited to the Google Play store.

F-Droid

Honestly, I'm kinda surprised it took me this long to mention F-Droid.

F-Droid is an app store focused around free, open source software (often abbreviated as just FOSS). Unlike most other Android apps, F-Droid apps don't require Google Play services to function. If, for whatever reason, your phone was unable to run Google apps, you would still be able to download apps from F-Droid. To start using F-Droid, just download and run the .apk from their official site here.

When attempting to run F-Droid, you'll likely come across a message that looks like this:

Just tap "Settings" and then select "Allow from this source".

If you need to get back to these settings, just go to Settings > Apps > [Name of the app] > Install unknown apps.

This will need to be done for any app you want to install other apps from, including the Google Play store since, as I already explained, it has the same pleb permissions as any other normal app on GrapheneOS. Speaking of which...

Google Play store

F-Droid is absolutely amazing, and I strongly encourage anyone with an Android phone to start using it. Sadly, there are just some instances where F-Droid doesn't quite cut it. In those moments, you can just install your apps via Google Play.

Setting up Google Play couldn't be easier on GrapheneOS. All you have to do is go into the "Apps" app and click on Google Play services. Then, just install all 3 items listed at the bottom of the page.

Yes, that's it. Seriously.

I won't go over specific apps that I recommend, as I think that could potentially be its own article. For the moment, I would just recommend looking for apps on F-Droid first, then falling back on the Google Play store if you can't find what you're looking for.

So far, I've said nothing but positive things in support of GrapheneOS. Some of you reading along might be thinking “If GrapheneOS is so great, how come I haven't heard of it until right now?” It's not that GrapheneOS is particularly difficult to use -- As I've demonstrated, you can use this phone as if it were any old Android device with just a little bit of tweaking. So why haven't more people heard of it?

Well, big tech certainly doesn't appreciate having the blinds closed on them. And with GrapheneOS being a free, non-profit project, there isn't a whole lot of marketing going into it. Still, I don't think these things alone have prevented GrapheneOS from becoming a quintessential product. GrapheneOS itself is very accessible, but actually getting your hands on a device running the OS is a bit more complicated.

Hardware Requirements

For starters, GrapheneOS is only officially supported on a limited number of devices. In fact, let's take a look at all the devices they list as officially supported on their website (as of the writing of this article):

• Google Pixel 8 Pro
• Google Pixel 8
• Google Pixel Fold
• Google Pixel Tablet
• Google Pixel 7a
• Google Pixel 7 Pro
• Google Pixel 7
• Google Pixel 6a
• Google Pixel 6 Pro
• Google Pixel 6
• Google Pixel 5a

Notice a pattern?

Rather ironic that the project only supports the Google Pixel line of phones, seeing as a large focus of the project is to mitigate Google's influence over the user. Well, this is because the Google Pixel is one of the only phones that has a lot of the hardware security features that GrapheneOS's developers are looking for. Also, as I understand it, the team behind the project is relatively small, and making GrapheneOS compatible with other devices is not so easy.

So when I said that the user experience required no compromises, that was somewhat of a lie. Well, really, it depends on your point of view. At a software level that is certainly the case, but not much can really be done at the hardware level. Upon switching to GrapheneOS, I had to forego the headphone jack and the microSD card slot, which pained me to do after having been so accustomed to them for years. I think the compromise is well worth it, but in an ideal world, I wouldn't have to sacrifice anything. All that being said, if you've been using an iPhone for the last couple of years, those are sacrifices that you've already made, so you won't be missing anything by switching to GrapheneOS.

When buying the phone, you'll also need to make sure that it's not carrier locked -- This is so that you will be able to unlock the bootloader, which is a required step of the install process. That leads nicely into the second reason GrapheneOS isn't more popular...

Installation

When I first started using GrapheneOS a few years ago, I found its installation to be an incredibly daunting task. It involved entering lots of commands in the terminal, which I wasn't nearly as comfortable with at the time. Since then, the project has become much more popular, and its installation has been simplified somewhat. I think anyone that has ever built a gaming PC can figure it out, but that is still well above the pay grade of the average smartphone user.

I don't really have a solid answer to this. I managed to figure it out, but I understand someone not wanting to take risks with a potentially $700+ device. That is why I will be providing this service to friends and family for free: You provide the phone, I'll provide the OS. If enough people reading along want me to install the OS for them, I wouldn't mind doing it for a small fee. Send me an E-mail if you're interested!

I hope that this article, so far, has successfully piqued your interest. My goal was to demonstrate the fundamental flaw with modern smartphones, why you should care about that flaw, and to offer a convenient solution via GrapheneOS. You should now be armed with the knowledge and, more importantly, the motivation you need to investigate the project further. If even one person decides to give GrapheneOS a shot because of this article, I'll consider this article a success.

Even so, there are some lingering questions and concerns some of you may have that I'd like to take the time to answer. This section will be less organized, and will address topics ranging from the most surface level to the most basement dwelling.

Is GrapheneOS illegal?

This is something I hadn't even thought to address until a coworker asked me this.

No, it's not. One could think of installing GrapheneOS (or other FOSS Android variants) as being similar to jailbreaking iPhones, which is also legal. It is, however, a violation of Google's terms of service, so you will void the device's warranty, as you would when jailbreaking an iPhone.

I would advise against installing GrapheneOS on a device that hasn't been fully paid off, and I'm not sure how the trade-in process would work. I've never bothered with trading my phones in, and I always buy my phones used.

Just how private is GrapheneOS?

GrapheneOS has many great features that will enhance your privacy, but I think it's important that we understand just how private it is. It will greatly mitigate Google's influence over you and limit their access to your data, but it will not magically take you off their grid.

For starters, any time you are using Google services, you are exposing yourself to Google. GrapheneOS helps you lower your exposure by only giving Google access to your data when it is strictly necessary for an app to function. This is why I suggest first checking F-Droid for apps before using the Google Play store, as that's the only way to truly isolate yourself from Google. Also, it should be noted that cell phone service is itself inherently a form of tracking. Any kind of phone, even an old flip phone, is capable of tracking you. Phone records are frequently used by law enforcement to track down criminals, and in some instances, they can be the smoking gun that leads to a guilty verdict.

I only mention this as a warning for the people expecting to be taken completely off the grid. If that's what you're looking to do, you just shouldn't have a phone period.

Having said all that, I hope people don't respond with an "all or nothing" attitude to this information. “If it doesn't completely protect me from Google, what's the point? I'll just go back to Google/Android.” I'll freely admit that I've been guilty of this line of thinking in the past. It is yet another cope. Think about it: A locked door will not prevent you from being robbed with 100% certainty, does that then mean that you should just leave the door wide open? Of course not.

This actually raises another important question:

Why GrapheneOS?

There's actually a few ways to answer this question.

Why do you recommend GrapheneOS specifically?

There are other FOSS Android variants out there, such as Calyx and LineageOS. GrapheneOS just happens to be the one I'm most familiar with. I couldn't tell you of any particular edge GrapheneOS has over those other two as I'm not familiar with their features. If you happen to have more luck with either of those projects, more power to you. I have heard that LineageOS supports a wider range of devices, so that may be worth looking into in the future.

Why do you recommend FOSS Android variants over open-source hardware, such as the PinePhone?

There's a really cool project known as the PinePhone that has been making waves in the FOSS enthusiast space. Unlike GrapheneOS, the PinePhone is not a piece of software being installed on top of an existing mobile platform -- The PinePhone is itself a piece of open source hardware. It has lots of really cool features, such as a headphone jack and removable microSD card, but also some more niche features like a removable battery and physical switches inside the phone to disable Wi-Fi, Bluetooth, and other wireless communication features. The PinePhone actually isn't running Android at all; it's running GNU/Linux, the project Android was originally based on.

The project is still a work in progress right now, so it isn't really usable as a "daily driver". But putting that aside, I think the fact that it's running Linux is a detriment. Don't get me wrong, I love Linux; it is the only desktop operating system that I actively use, and I'm using it to write the very article you're reading. It's just that I think that a Linux phone is going to be a really hard sell for the average smartphone user. They'll essentially have to relearn the operating system from scratch. I think that prospect is more likely to just scare them away, back into the safe haven of iOS and Google/Android.

In the long term, I think open source hardware like the PinePhone would be ideal. In the meantime, I think projects such as GrapheneOS serve as a far more effective gateway drug for the average smartphone user.

Also, I really want to emphasize that privacy is not something reserved for cyber criminals and tech enthusiasts. This is just common sense; everyone should be more cognizant of the way large corporations manipulate them. Our current state of affairs is something that George Orwell couldn't have imagined in his wildest nightmares while writing 1984.

Rant Time

People are rightly concerned about the emergence of social credit systems and heightened government surveillance that we're seeing in China. Many of these same people, meanwhile, go about using their smartphones, giving away their data to large corporations that wish to recreate those malicious systems at home. If I were to be nice, I'd say that these people are very naïve. If I were to be more blunt, I'd say these people are hypocrites.

Honestly, I'm going to take this a step further. If you ask me, rule by corporations is a much scarier prospect than rule by an authoritarian government. At least with the latter example, power is highly centralized in one source; those in power can't place the blame for their nation's shortcomings on anyone but themselves. This is not the case in an oligarchical system, like the one we're seeing take hold in the United States and other "civilized" nations. None of the corporations that skew elections, control the media you consume, and influence the laws that govern you are ever held accountable for their crimes. If a man were crouched in the bushes outside your bedroom window at 3 in the morning, keeping a log of every single thing you said, we would expect him to face justice for his wrongdoing. I find it gross that so many people excuse it because it's convenient to do so.

What was your initial experience with GrapheneOS like?

My first experience with GrapheneOS was quite a few years ago. I installed the OS on a Google Pixel 3a, which was out of date when I got it. I chose that model because it was the last Google Pixel that still had a headphone jack, which I was still clinging to at the time. Honestly, I hardly ever even used earbuds with that phone, wired or otherwise. I just was and still am really irritated that modern smartphones lack such a basic feature, all because Apple wanted to sell overpriced wireless earbuds that make you look like a complete dork.

That phone was already on its way out when I bought it, and it stopped getting updates a couple of months later. Being so out of date, compatibility with Google apps was rather poor on that device. I couldn't get Uber or any banking apps on the device... So I just coped without them. There were times where that phone's limitations were very inconvenient, but I was willing to put up with it just for the peace of mind it afforded me. For years I used a phone this way; if some service was gated behind an app, I just didn't use that service.

N.B.: It is possible that Google apps actually would have functioned on that device, and that I was just unaware of how to install them.

Eventually, I found it too inconvenient to lack access to Google apps. Operating under the false assumption that GrapheneOS's compatibility with Google apps was still poor, I decided to buy a generic Google/Android phone. I believe the model I bought was a Motorola 5G Power, which I purchased because it featured a headphone jack and microSD card slot. I spent around 30 minutes tinkering with the phone, until I eventually just shoved it back in the box out of disgust.

The setup process was so incredibly obnoxious. There were so many unnecessary junk apps just pre-installed on the device, without an obvious way to remove them. The straw that broke the camel's back was when I saw that TikTok was pre-installed on the phone. Rest assured, I have absolutely no interest in ever using TikTok. I have ignored every single TikTok link that has ever come my way. I returned the phone the very next day and got a full refund for my trouble.

I went on using the Pixel 3a for a few more weeks, until eventually buying a renewed Pixel 8 on eBay. Upon returning to GrapheneOS, I was delighted to be greeted with a fresh, naked operating system. I went in totally willing to abstain from using Google apps, and to just continue roughing it as I did a few years ago. Learning that I could install Google apps and keep them sandboxed was like a dream come true.