Calvin Wankhede / Android Authority
Should you’re privacy-conscious and looking for a brand new smartphone, you don’t have many choices as of late. Some begrudgingly purchase an iPhone each single time for Apple’s wonderful privateness dedication and monitor report, whereas many people settle for Google’s information assortment in alternate for the comfort and AI-assisted options that Android has to supply. However what if you happen to might convert an Android telephone right into a bastion of privateness? That’s precisely what GrapheneOS, an aftermarket customized ROM I not too long ago stumbled upon, goals to realize.
GrapheneOS gives a easy pitch — it delivers a personal and safe Android expertise with out compromising the usability of your smartphone. You may obtain apps from the Play Retailer, get push notifications through Google’s servers, and even sync your information as regular. All of this whereas stopping Google from gathering information via your smartphone. However how does all of this work and is GrapheneOS even price utilizing? I took it for a take a look at drive on a Pixel 6 to search out out.
Are you contemplating switching to GrapheneOS?
85 votes
Why use GrapheneOS: Greater than a De-Googled smartphone
Calvin Wankhede / Android Authority
Earlier than speaking about my expertise putting in and utilizing GrapheneOS, I’ll handle what you’re most likely questioning: what even is a “privacy-hardened” customized ROM? And the way does GrapheneOS obtain its privacy-centric aim with Google providers put in?
Put merely, GrapheneOS doesn’t take the nuclear method to Android privateness and safety as we’ve seen previously. Moderately than eliminating Google providers completely, it gives a solution to sandbox them.
GrapheneOS does not delete Google apps within the identify of privateness, it merely makes them behave properly.
Now, sandboxing isn’t a brand new idea. On Android, all user-installed apps are deliberately sandboxed or remoted as a safety measure. This prevents them from interacting with one another or operating malicious code that impacts your whole machine. Nevertheless, Google apps get particular therapy. Most Android telephones ship with Google providers pre-installed as privileged apps on the system partition, which primarily offers them unrestricted entry earlier than you’ve even arrange the machine.
To flee this diktat, privacy-conscious customers sometimes set up a customized ROM like LineageOS and easily refuse to put in any Google apps. In fact, you are able to do the identical factor on GrapheneOS because it doesn’t ship with Google providers by default. However what in order for you Google providers minus the monitoring? That’s the place GrapheneOS shines and likewise the place the similarities with different customized ROMs finish.
Whereas most different ROMs count on you to put in Google apps to the system partition, GrapheneOS does the other. It helps you to set up the Google Play Retailer and Play Providers as person apps, forcing them to respect Android’s sandbox. This additionally permits you to revoke delicate app permissions like location and file entry. Blocking permissions works simply as successfully as it could for the Twitter app, for instance.
GrapheneOS does not give Google’s apps and providers any particular therapy.
In impact, GrapheneOS permits you to reap the comfort and advantages of getting Google providers in your Android machine with out compromising your privateness. However that’s nonetheless solely the tip of the iceberg. In my time utilizing GrapheneOS, I discovered quite a few options that I can solely hope make their solution to Android sooner or later.
GrapheneOS’ record of supported gadgets is proscribed to Google Pixel telephones. You may set up GrapheneOS on the Pixel 7 Professional, Pixel 7, Pixel 6a, Pixel 6 Professional, Pixel 6, Pixel 5a, Pixel 5, Pixel 4a 5G, and Pixel 4a.
Storage Scopes
Calvin Wankhede / Android Authority
With Android 13, Google launched a brand new picture picker that allows you to share solely chosen pictures and movies with an app. This implies you now not have to offer full entry to your storage and even your whole media recordsdata. It’s a neat privateness function, however Google hasn’t enforced the brand new picture picker simply but.
GrapheneOS takes this idea one step additional with its personal various permission system known as Storage Scopes. With it enabled, GrapheneOS will idiot the app into believing it has entry to all the storage permissions it requested. However in actuality, the app will solely be capable to create recordsdata. After I need to share a photograph or doc with the app, I can specify particular person recordsdata and folders through the App Information > Storage web page (pictured above).
What if you happen to might solely expose sure recordsdata and folders to apps through the Storage permission?
Even when Google enforces its new picture picker with Android 14 later this yr, it received’t work for non-media recordsdata. Actually, Storage Scopes looks as if a greater model and, in my utilization, works extraordinarily effectively for protecting much less reliable apps from peering into my storage.
A cause to make use of a number of person profiles
Calvin Wankhede / Android Authority
Android permits you to create a number of person profiles, every with its personal set of apps, accounts, and information. I’ve by no means discovered the function helpful for something past a separate work or leisure profile on telephones, however you would additionally use it to share a pill between a number of customers. Apps can not “see” outdoors the present profile, making it one other efficient privateness software.
With GrapheneOS, I can use a number of person profiles to isolate apps even additional. Since GrapheneOS installs Google providers as common apps, we will relegate them to a secondary profile alongside different apps we don’t need operating within the background.
GrapheneOS additionally has the power to ahead notifications from one profile to the one I’m at the moment utilizing. On different Android gadgets, I’d must log into every person profile to test for missed notifications — hardly handy.
Per-app community entry
Calvin Wankhede / Android Authority
Have you ever ever puzzled why a flashlight app wants web entry? With GrapheneOS, I can merely block apps from accessing the web. Each time I set up a brand new app, a affirmation immediate exhibits up asking if I need to allow community entry.
Admittedly, you should utilize a firewall like Netguard to perform the identical factor on every other Android machine. Nevertheless it’s arguably extra handy and efficient to dam web entry earlier than you’ve even put in a brand new app in your machine. To not point out, firewall apps like Netguard create an on-device VPN to filter community site visitors. This method prevents you from connecting to an precise VPN.
With GrapheneOS, you don’t have to decide on between blocking community entry to sure apps and connecting to a real VPN — you possibly can have each. I convey this up as a result of most individuals involved with their machine’s safety doubtless depend on a VPN.
Different safety and privateness bonuses
Calvin Wankhede / Android Authority
If all of that wasn’t sufficient, GrapheneOS additionally bundles smaller safety and privacy-oriented options. Listed here are just a few examples:
- Scrambled PIN enter: The lock display screen on GrapheneOS modifications the PIN enter format every time I unlock my telephone (pictured above). This prevents anybody from guessing my PIN through my hand actions alone. I keep in mind third-party gallery vault apps sporting this function practically a decade in the past, but it surely nonetheless hasn’t made its solution to Android.
- Sensors permission toggle: GrapheneOS helps you to management entry to sensors just like the compass, gyroscope, and barometer. That is an app permission — disabling it ends in the app not receiving any sensor information by any means.
- Auto reboot: A handful of Android OEMs provide the power to schedule automated reboots each night time or week, however Google doesn’t. Why would you need to allow it? From a privateness standpoint, rebooting your machine clears the encryption keys from reminiscence and forces the machine proprietor to enter their PIN.
Putting in GrapheneOS on a Google Pixel: Unexpectedly simple!
C. Scott Brown / Android Authority
Should you’re like me in that you just spent a lot of the early 2010s experimenting with Android mods like CyanogenMod and Xposed, you’ll most likely be shocked to study simply how simple it’s to get GrapheneOS up and operating.
Whereas set up remains to be a multi-step course of, most of it takes place completely inside an internet browser. Even higher — I didn’t have to fret about downloading the mistaken zip file or flashing one thing that would doubtlessly brick my telephone. GrapheneOS’ documentation gives a wonderful step-by-step information. And even that’s principally simply distilled right down to clicking just a few buttons on a pc and agreeing to the prompts that confirmed up on my related telephone.
Putting in GrapheneOS takes remarkably little effort and most of it’s finished via an internet browser.
Going again to the inventory ROM doesn’t take a lot work both — you solely have to make use of Google’s net flashing software as a substitute. All in all, it’s a significant improve over what was once a reasonably laborious and dangerous course of.
You may set up GrapheneOS through the command line too, however the WebUSB methodology ought to work simply as effectively. And when you boot into GrapheneOS, putting in sandboxed Play Providers takes little effort. The “Apps” app has all the important Google apps lined.
To put in GrapheneOS, you’ll must unlock OEM Unlocking within the Developer Choices menu of your Pixel smartphone. Subsequent, join the machine to a pc utilizing a USB-C cable and head to the official GrapheneOS net installer. The installer will information you thru unlocking your telephone’s bootloader, flashing the customized ROM, and re-locking the bootloader.
The downsides to GrapheneOS: What doesn’t work?
Edgar Cervantes / Android Authority
To this point, I’ve principally simply extolled the virtues of GrapheneOS with out elaborating on the downsides. However admittedly, there are just a few of them — a few of that are extra important than others.
For starters, you possibly can solely set up GrapheneOS on current Pixel smartphones. This will sound counter-intuitive since you need to purchase a Google-branded telephone solely to tear every thing out and begin from scratch. However there are just a few good causes for this juxtaposition, beginning with the truth that Google doesn’t discourage you from putting in various working methods. The corporate additionally retains its kernel supply code, machine tree, and manufacturing facility photos persistently updated.
Even if you happen to abdomen the Pixel-only requirement, nevertheless, GrapheneOS solely helps gadgets for so long as they nonetheless get Android safety updates. Which means the Pixel 3 sequence, for instance, will now not obtain new updates from both Google or the GrapheneOS challenge. In response to the builders, protecting older gadgets safe isn’t possible after the “firmware, kernel, and vendor code is now not actively maintained.”
GrapheneOS solely helps fashionable Pixel telephones that also obtain safety updates.
Then there’s the elephant within the room — app compatibility. Regardless that the overwhelming majority of Google apps work and not using a drawback, some like Android Auto are incompatible with GrapheneOS’ sandbox mannequin. That stated, GrapheneOS excels at compatibility in comparison with operating a de-Googled smartphone. Even third-party apps like Uber that depend on Google Maps work and not using a hitch.
Nevertheless, GrapheneOS can not move all SafetyNet compatibility checks with out Google’s certification. Which means NFC funds in Google Pay and a handful of third-party apps will doubtless by no means work. Having stated that, most apps don’t mandate SafetyNet. GrapheneOS additionally helps AOSP’s {hardware} attestation function but it surely’s as much as app builders to embrace it.
However if you happen to’re keen to abdomen these two compromises, I can confidently say that you should utilize GrapheneOS as your daily-driver smartphone working system. All through my time utilizing it, I by no means felt inconvenienced. Quite the opposite, the telephone seemed and behaved like every other Pixel 6. That’s excessive reward for any customized ROM, given their fame for being buggy at finest and unreliable at worst.