GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.
GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.
GrapheneOS will never include either Google Play services or another implementation of Google services like microG. Those are not included in the Android Open Source Project and are not required for baseline Android compatibility.
Comments and Reviews
As an IT security and privacy expert for regulated industries, this is all I use personally and professionally and is always my top recommendation for others seeking maximum security and privacy of their data and identities.
Arguably the most secure OS out there and it is not hard to use and install. Even when you just use sandboxed google play to install apps it is way more secure and private then other any other OS you could run.
I have been using this for a couple years now and it's by far my best experience with any custom android OS. The web installer is great, I usually just install it from another phone. It's by far the most smooth custom OS installation process (party due to Pixel phones being so open and modification-friendly).
It's the only Android OS that truly provides security and privacy and compatibility with apps and Play Services.
Beyond this it's also a very sleek and distraction-free OS that gives you the choice to uninstall or disable apps if you wish.
By default it comes with a few GrapheneOS apps that are actually useful (and some actually necessary). And a few essential apps. You can disable what you don't like and group GrapheneOS in a folder in the launcher drawer (if the launcher supports this).
It does (preferably) require some initial setup for most people and it might be intimidating and confusing for beginners.
I have a little list of settings and apps I always change when setting up the OS for friends or family. As well as swapping out some essential apps for QUIK, Fossify apps, FlorisBoard keyboard, Nova Launcher and Droid-ify to mention the main ones.
If you are reading very opinionated comments about "toxic community" etc. you should know that they aren't nuanced. And in my experience the community is pretty normal and enthusiastic.
Most likely what the opinionated comments are referring to is a beef some GrapheneOS leaders had with a different OS community leaders. One of the individuals in question is diagnosed with autism and I has received a lot of negative communication and pressure. I think anyone can understand that every situation has two sides and sometimes people misinterpret or get misinterpreted. Nothing is as simple as it seems initially.
In short, if you actually look into it, it's not something that really reflects on GrapheneOS and is something from the past that people keep bringing up again and again. The GrapheneOS project is much larger than this particular situation from the past and people attribute it to GrapheneOS in an exaggerated way. So please, can we stop talking about something that hasn't been relevant or important for very very long now? :)
As of July 2024, the operating system is as functional as ever. Unparalleled mobile security. I couldn't care less about the community opinions if the product delivers on its promises, which it does. As long as this OS is being supported/updated, I will likely never consider another.
Note that this operating system is not for everyone, as you will likely lose some convenience for added security. My only real inconvenience for myself is lack of NFC/"tap to pay". I highly recommend you donate to their cause, because GrapheneOS and their developers are one of the few that are staying ahead of insane forensic companies like Cellebrite.
Basically a hardened Android, focusing on security and privacy.
A few years ago, I couldn't use it as I needed some Google Play apps that didn't work well with it.
But now, with its sandboxed Google Play, almost everything works flawlessly.
The only good alternative is CalyxOS, but Graphene is more secure.
GrapheneOS is the only OS you should use. The installation is a breeze, and afterwards the device is locked again. Updates come extremely fast (faster than most Phone Manufacturers, which is a shame as they get access to the code faster). They focus a lot on security and enhancing core Android features, never reinventing the wheel. They enhance the permission model, user profiles, and user apps. Google Apps are made available as standard user apps, so they dont have to be flashed, but can just be installed, deactivated, uninstalled etc. They dont get any privileged access, but maps, push messages and even Android Auto work.
They develop several Apps like the hardenes PDF Viewer and Browser. Their Camera is also really great.
The User Experience out of the box is pretty barebones. You will want to install some apps:
https://android.izzysoft.de/articles/named/list-of-fdroid-repos
It can be only installed on Pixel phones :/
They would like to support more models, but all are insecure or proprietary basically.
Reply written Jan 11, 2024