Calvin Wankhede / Android Authority
Google’s Pixel phones have long been sold as some of the most secure Android devices you can buy, thanks to the inclusion of the Titan M2 chip and regular security patches over several years. There’s a bit of irony to that statement, of course — Google’s entire business model revolves around selling ads. Indeed, the search giant has quite a bit of insight into the way you use your device along with a host of other analytics and location data.
Having said that, Pixel phones have one unique advantage: they are compatible with GrapheneOS, an open-source alternative to the default Pixel operating system. GrapheneOS makes it extremely difficult for apps — Google’s included — to phone home in the background.
Of course, what makes the Pixel the first choice for privacy purists isn’t something Google likes to advertise. It’s the fact that you can strip everything Google out of the phone. Here’s why you might want to make the jump.
Hardening your Pixel is easier than you think
Calvin Wankhede / Android Authority
Installing a third-party operating system might seem daunting and reckless — especially if you never flashed custom ROMs back in the Wild West days of Android modding. But GrapheneOS is perhaps the only one among them all that makes the entire process remarkably painless. In fact, I’d argue that it’s easier than installing Windows on a laptop.
Most of the installation process takes place in a web browser, and the only hardware you’ll need is a computer and a USB cable. GrapheneOS’ documentation is clear and walks you through each step — that’s as good as it gets in the world of aftermarket software. That’s partly because GrapheneOS only supports one family of devices: Pixel phones and tablets. With no fragmentation to account for, the instructions are easy to follow with little to no caveats.
Why doesn’t GrapheneOS support non-Pixel devices? GrapheneOS maintains a dedicated FAQ page explaining why the project currently only targets Pixel phones. The long and short of it is that only Pixel devices meet the project’s security standards. Furthermore, Google is the only major phone maker allowing us to install an alternative OS at the moment. Finally, the company provides consistent security patches over a definite support window that GrapheneOS can use as a base for updates. The GrapheneOS team has hinted at a partnership with a phone manufacturer, but there are no public details yet.
Still, I’ve seen one common misconception: that installing GrapheneOS means weakening your phone’s defenses. After all, doesn’t unlocking the bootloader open up security holes? Not quite.
While you do need to unlock your bootloader in order to install a different operating system, you’re supposed to relock it for GrapheneOS. It also explicitly mandates a locked bootloader and enforces Verified Boot, meaning the same stringent integrity checks you’d find on the stock Pixel OS. Once again, this is different from the old days of Android customization — most of us didn’t relock the bootloader, and left a custom recovery installed with full filesystem access to app and user data.
Finally, my favorite aspect about installing GrapheneOS is that it just works — it’s the opposite of the old days when we’d install half-baked CyanogenMod nightlies and crossed our fingers. And unlike those setups that often relied on root access for most of the meaningful features, GrapheneOS doesn’t use root at all.
That’s just the setup process. Once installed, GrapheneOS offers the regular smartphone experience plus a whole lot more. From better permissions to
What you gain from using GrapheneOS
Calvin Wankhede / Android Authority
Before I talk about any of the more flashy privacy features that make GrapheneOS such a refreshing change of pace compared to Pixel OS, it’s worth highlighting that the best part is perhaps what you don’t see on the surface.
Specifically, GrapheneOS’ open source nature means that its community is constantly looking to patch new security holes — at a pace that’s often faster than Google and other tech companies. Case in point: I discovered the TapTrap vulnerability the other day and was pleasantly surprised to find that GrapheneOS has patched it. Meanwhile, Google first got wind of this potential exploit last year but even the latest Android 16 build remains vulnerable to it. GrapheneOS builds on top of Android’s monthly security patches instead of just shipping whatever Google deems fit.
That alone might be worth making the switch for some privacy advocates. But the real power of GrapheneOS becomes more evident once you start using the phone: Sandboxed Google apps : The pre-installed Google apps on Android phones run in a privileged manner — meaning they have deep system-level access to your device. Whether it’s network activity or your location via GPS, there’s little you can do to stop Google from knowing it all. This is how traffic data is always so accurate on Google Maps, for example. But on GrapheneOS, if you need Google Play Services, you can install a sandboxed version directly from the OS. Better yet, it treats Google apps like regular apps. You can shut off access to specific permissions or everything, and your phone will still work as expected.
: The pre-installed Google apps on Android phones run in a privileged manner — meaning they have deep system-level access to your device. Whether it’s network activity or your location via GPS, there’s little you can do to stop Google from knowing it all. This is how traffic data is always so accurate on Google Maps, for example. But on GrapheneOS, if you need Google Play Services, you can install a sandboxed version directly from the OS. Better yet, it treats Google apps like regular apps. You can shut off access to specific permissions or everything, and your phone will still work as expected. Scoped permissions : Instead of giving an app full access to your files, GrapheneOS lets you pick and choose which ones you’d like to share. But it’s not just files, it extends to contacts too. This is because most apps will refuse to function if you deny permissions. In the future, GrapheneOS also plans to introduce location scopes to send a mock location to singular apps. Likewise, camera scopes will send an image or recorded video to the app instead of your live camera feed.
: Instead of giving an app full access to your files, GrapheneOS lets you pick and choose which ones you’d like to share. But it’s not just files, it extends to contacts too. This is because most apps will refuse to function if you deny permissions. In the future, GrapheneOS also plans to introduce location scopes to send a mock location to singular apps. Likewise, camera scopes will send an image or recorded video to the app instead of your live camera feed. Extra permissions : In addition to the added granularity for existing permissions, GrapheneOS also gives you additional ones like sensor and internet access. This prevents apps on your phone from knowing your activity, phone usage, and other important metrics that could be used to profile you for advertising or other reasons.
: In addition to the added granularity for existing permissions, GrapheneOS also gives you additional ones like sensor and internet access. This prevents apps on your phone from knowing your activity, phone usage, and other important metrics that could be used to profile you for advertising or other reasons. Enhanced multi-user profiles : While Android has offered multiple user profiles for years, it has never been useful from a privacy point of view. However, GrapheneOS encourages you to isolate apps in different user profiles and can forward notifications across profiles. This means you can banish Google apps to a secondary or tertiary profile where they cannot see or interact with the rest of the device. GrapheneOS is the only Android fork I’ve seen that pushes notifications to the primary user profile, making the feature much more useful.
: While Android has offered multiple user profiles for years, it has never been useful from a privacy point of view. However, GrapheneOS encourages you to isolate apps in different user profiles and can forward notifications across profiles. This means you can banish Google apps to a secondary or tertiary profile where they cannot see or interact with the rest of the device. GrapheneOS is the only Android fork I’ve seen that pushes notifications to the primary user profile, making the feature much more useful. Auto reboot : When your phone first boots up, all of your data is encrypted and locked behind your password or PIN. GrapheneOS can automatically reboot your device periodically to ensure that someone cannot extract unencrypted data from the phone’s memory. This is a minor feature but still nice to have.
: When your phone first boots up, all of your data is encrypted and locked behind your password or PIN. GrapheneOS can automatically reboot your device periodically to ensure that someone cannot extract unencrypted data from the phone’s memory. This is a minor feature but still nice to have. Duress PINs: What if you’re in danger and forced to hand over your unlocked device? GrapheneOS lets you set a second PIN that will completely wipe all data on your device including eSIM profiles. These are just a handful of what’s available — GrapheneOS also packs its own hardened web browser, PDF reader, and camera app. Not to mention, smaller security and privacy tweaks like a scrambled PIN input pad on the lockscreen.
GrapheneOS’ cons and why they’re not deal-breakers
Joe Maring / Android Authority
Back when I first wrote about GrapheneOS, it had two major downsides: it didn’t support Android Auto, and Google Pay/Wallet would not run on the OS. Two years later, I’m happy to report that Android Auto now works on GrapheneOS in a completely sandboxed manner. And while Wallet will likely never work because of Google’s restrictions, there are easy workarounds to this problem.
First off, contactless payments are still absolutely supported and possible on GrapheneOS. Even if Google Wallet doesn’t work, plenty of banks worldwide support NFC payments using their own app. You simply set it as the default and carry on as usual. As for banking apps themselves, most of them work on GrapheneOS because the latter enforces the same strong security standards as any other flavor of Android.
And if your bank’s app doesn’t natively support NFC payments, there’s yet another way: simply get a wearable. Google Wallet will work fine on a Pixel Watch, for example, as will Samsung Pay on a Galaxy Watch. This does translate to a bit of extra cost if you don’t already own one, but I upgrade my wearables far less often than any other device. In fact, I still have a fully functional Samsung Pay setup on my Gear S3 from 2017.
NFC payments don't work via Google Wallet, but your bank app might support it instead.
Other than that, you’re inevitably going to miss a few bleeding-edge software features on GrapheneOS, namely those that rely heavily on Google services. The most impactful ones I’ve found are Circle to Search, Now Playing, and Call Screening. Whether or not these matter to you is a matter of personal preference, but I believe the pros of GrapheneOS outweigh these omissions. Luckily, hardware-based features still work, including Pro Camera controls and the thermometer on newer Pixel Pro phones.
Still, if all of the above isn’t enough to convince you to switch, you can at least take some solace in knowing that GrapheneOS has made some important upstream contributions to the AOSP codebase. This means the project’s efforts have made all Android phones a bit more secure, even those running Pixel OS. It’s hard to argue against such an altruistic mission.
In the end, GrapheneOS proves that robust privacy doesn’t require immense sacrifice. By building on the solid foundation of the Pixel, it delivers a stable and user-friendly experience that puts you firmly in the driver’s seat. Still the irony is clear: the Pixel’s most powerful privacy tool isn’t one Google created, but one it merely makes possible.
Follow