How GrapheneOS Improves Privacy and Security

GrapheneOS does it make you secure
Rate our article

Apart from your standard laptops and computers, mobile phones are currently up there with the most used tech items in the world. With so much importance put on our mobile devices, it makes sense that privacy and security are very important.

However, your traditional Android and iOS systems are typically not built with your best interests in mind. That’s why we have security-optimized operating systems like GrapheneOS. Let’s look at GrapheneOS and its abilities.

What is GrapheneOS?

GrapheneOS is a privacy-aimed OS launched in 2014. Back then, it was known as CopperheadOS. The OS was originally built on an open-source Andriod code and aimed to improve the privacy and security of your device by alleviating classes of any possible vulnerabilities or threats. GrapheneOS also uses its design to enhance the overall safety of apps and the OS with its multi-facilitated control of system permissions.

Open-source project development and success are significant driving factors for the GrapheneOS developers. The platform even works as an NPO (Non-Profit Organisation), allowing developers to continue improving privacy and security standards without forced obligation or restriction. To get a greater understanding of how GrapheneOS works, we need to take a look at how it protects our privacy.

How Does GrapheneOS protect your Privacy?

GrapheneOS’ is pretty straightforward. In a world where cyber-attacks and malicious tech are so common, GrapheneOS is a security-based OS that focuses on giving you a secure device resistant mainly to outside oversight or threats. 

Based on the Andriod code, GrapheneOS targets users who want more privacy on their mobile devices and use its security tech to give them just that. This includes OS system permissions model improvements, sandboxing, and opening/closing certain vulnerabilities.

Verified Startup

The first line of defence in the GrapheneOS is the verified startup process or boot. As your device starts, it will undergo a series of checks to see if its integrity is intact. If any malicious evidence is detected, the OS will attempt to remove it. If it’s unable, it will not boot, leaving you with the only option of wiping the device. A risk you need to choose if you’d like to take.

Uses Sandboxing to Protect Data 

When you install GrapheneOS, you will discover only a few standard apps. Users can download others as needed. Apps such as Gmail or Google Play won’t be there. This is because GrapheneOS has unbundled itself from Google Mobile Services. You can still download these as sandboxed apps.

Note: You will need to download the Tor Browser or Orbot manually.

Google isn’t recommended either, but if you need to install it. You can.

This aims to prevent app developers from being able to read your data. Features with these apps will also not be available, such as autofill passwords, etc. This makes your app permissions and profiles separate and, in doing so, protects them from malware or anything trying to capture your data.

Files and Meta Data have AES Encryption.

GrapheneOS uses file-based disk and metadata encryptions to protect your device. With file-based encryption, the OS uses random keys, which are generated every time your device is used, and when then they are destroyed when you are done with the device. 

Metadata encryption is used to protect any data connected to your user profile. Based on the AES-256 encryption, you can rest assured that your device is well protected with the GrapheneOS.

Has Strict App Permissions

On a regular Andriod OS, your apps have permission to access your data freely to an extent and communicate that data over any available network. Often this is an endeavour to improve your user experience. Still, it also leaves you vulnerable to data collection you don’t want. 

GrapheneOS has stringent app permissions. Let’s take a look at how. 

While other apps can store and transport data locally or to developers, GrapheneOS changes and restricts how your data can be sent. They also sensor the permission toggle. Apps cannot send or access your data without your consent.

You have complete control over what apps can access your data and how they communicate with developers. Even apps that only require a little of your data, like a compass, microphone, etc., are prohibited until you give the go-ahead. 

Uses an Open Source Code

As we mentioned early, GrapheneOS is built on an open-sourced code, and for a good reason. Someone once said, “Alone, you can go fast, but together, we can go far” The same concept is applied here. 

GrapheneOS developers want to see the open-source ecosystem grow and develop, so their OS is open for developers to improve. This also keeps GrapheneOS transparent and above board in whatever they do, making them easier for us to trust. 

One of the most significant advantages of GrapheneOS being open-sourced is that developers can red-flag any bugs or possible vulnerabilities and patch them immediately. Talk about a combined workforce, right? 

Supported Devices

Unfortunately, at this current point, GrapheneOS only supports Google Pixel Smartphones. However, as they expand and develop the OS, it will adapt to support other devices like Samsungs. The chances of device manufacturers like Apple (especially Apple) allowing this software on their devices are relatively low.

Why does GrapheneOS only work on Google Pixel?

GrapheneOS uses Google Pixel phones mainly because they work well for developers. This includes Google Pixels’ ability to integrate and install other operating systems onto their devices. The standard hardware-based security features, like their hardware-backed key stores’ verified boot and input-output memory management units, were enough to entice GrapheneOS developers to use their devices. 

GrapheneOS currently supports all Pixel devices from the Pixel 4a to the Pixel 7 Pro.

Pros and Cons of GrapheneOS

We have covered how GrapheneOS protects privacy and security, but like anything, there are always pros and cons to it. Here is a list of pros and cons that we thought would be necessary for you to consider:


  • Clean and bloatware-free AOSP-based OS.
  • Developed for security and PrivacyPrivacy, free from corporate influence.
  • Complete compatibility with Pixel phones and Titan chips.
  • Enhanced privacy features, such as disabling sensors and cameras.
  • Restricted app permissions for better data control.
  • Secure network traffic encryption by default.
  • Privacy-centric approach by a team of security experts.


  • Small development teams may need more resources for significant issues and extensive feature development.
  • Limited device compatibility, restricted to Google Pixel phones.
  • Some features are still in development and have yet to be released.
  • The installation process requires time and effort and may void the device warranty.

Choosing to use GrapheneOS will be based on your personal preferences. If you believe the pros outway the cons, you have found a suitable Privacy OS. Let’s take a look at how to install GrapheneOS.

How to Install GrapheneOS

If you would like to install GrapheneOS onto your Pixel device, then follow these steps:

  1. Go to the GrapheneOS Website and download the GrapheneOS file.
  2. Summary of the installation steps for GrapheneOS on a Google Pixel device:
  3. Prepare your Google Pixel phone, ensuring it is fully charged and connected to a stable internet connection.
  4. Enable Developer mode by tapping on the build number in the “About phone” section of the settings, then activate “OEM unlocking” in the “Developer options” section.
  5. Turn off your Google Pixel device.
  6. Enter the Bootloader interface by holding the Power and Volume down buttons simultaneously.
  7. Connect your Pixel device to your computer using a USB cable.
  8. Using a site like Kraden, establish a secure connection with your device.
  9. Unlock the bootloader by following the on-screen prompts on your computer and smartphone.
  10. Finalize the setup by locking the bootloader using the corresponding button on the website and confirming on your phone.
  11. Enable developer mode and toggle off “OEM unlocking” in the settings.
  12. Once you complete these steps, your Google Pixel phone will run GrapheneOS, prioritizing privacy and security.