Tech News
← Back to articles

Graphene OS: a security-enhanced Android build

2025-10-31 | original
read original related products more articles

Graphene OS: a security-enhanced Android build [LWN subscriber-only content]

Welcome to LWN.net The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider subscribing to LWN. Thank you for visiting LWN.net!

People tend to put a lot of trust into their phones. Those devices have access to no end of sensitive data about our lives — our movements, finances, communications, and more — so phones belonging to even relatively low-profile people can be high-value targets. Android devices run free software, at least at some levels, so it should be possible to ensure that they are working in their owners' interests. Off-the-shelf Android installations tend to fall short of that goal. The GrapheneOS Android rebuild is an attempt to improve on that situation.

GrapheneOS got its start as "CopperheadOS"; it was reviewed here in 2016. A couple of years later, though, an ugly dispute between the two founders of that project led to its demise. One of those founders, Daniel Micay, continued the work and formed what eventually became GrapheneOS, which is, according to this history page, an independent, open-source project that " will never again be closely tied to any particular sponsor or company ". Work on GrapheneOS is supported by a Canada-based foundation created in 2023; there appears to be almost no public information available regarding this organization, though.

At its core, GrapheneOS is an effort to harden Android against a number of threats and to make Android serve the privacy interests of its users. It is based on the Android Open Source Project, but removes a lot of code and adds a long list of changes. Some of those, such as a hardened malloc() library or the use of additional control-flow-integrity features, will be mostly invisible to users (unless they break apps, of course, which has evidently been known to happen). Others are more apparent, but it is clear that a lot of effort has gone into making the security improvements as unobtrusive as possible.

Installation

Some Android rebuilds prioritize supporting a wide range of devices, often with an eye toward keeping older devices working for as long as possible. GrapheneOS is not one of those projects. The list of supported hardware is limited to Google Pixel 6 through Pixel 9 devices, with some trailing-edge support for Pixel 4 and 5 devices. Even then, though, the newer devices are strongly recommended:

8th/9th generation Pixels provide a minimum guarantee of 7 years of support from launch instead of the previous 5 year minimum guarantee. 8th/9th generation Pixels also bring support for the incredibly powerful hardware memory tagging security feature as part of moving to new ARMv9 CPU cores. GrapheneOS uses hardware memory tagging by default to protect the base OS and known compatible user installed apps against exploitation, with the option to use it for all apps and opt-out on a case-by-case basis for the few incompatible with it.

My phone had been making it clear for a while that it could not be counted on in the future, but the prospect of buying a new one inspired a lot of trepidation. Each new device seems to come with more privacy-hostile "features" and intrusive AI "assistants"; finding all of the necessary "disable" switches is a tedious and error-prone task. That, along with the news that Google's "Gemini" feels increasingly entitled to a device-owner's data regardless of its configuration, inspired the purchase of a Pixel 9 device that would be used to experiment with GrapheneOS to see if it could replace stock Android for everyday use.

Flashing the firmware of an expensive device is always a bit of a nervous prospect; the GrapheneOS installer is designed to minimize the amount of fingernail biting involved in the process. There are two installation methods described in the documentation — a web-based install, and one that works from the command line. Naturally, I chose the command-line version. The instructions are straightforward enough: download the installation image, connect the device, and run the supplied script. Said script ran to completion and confidently declared victory at the end, but the device still only booted into normal Android — a repeatable result, but not quite the intended one.

... continue reading

Related:
WhatsApp arrives on Apple Watch - here's which models get it
Apple Card adds Hertz as a new 3% Daily Cash partner, plus more perks
iOS 26.2 adds enhanced alerts for earthquakes and imminent threats, and a new tone
You can try OpenAI's popular Sora video app on Android and iOS now - for free
Uber Wants To Be an AI Company Too

© 2025 GoKawiil