The GrapheneOS mobile operating system is supposed to improve the privacy and security of smartphone users – let’s take a closer look.
There are several steps you can take to increase privacy and security on Android devices, which apply to most smartphones and tablets with Google’s mobile operating system. At the same time, in a world of ever-growing cyber threats and data-hungry social media companies, some people need an extra layer of protection to ward off legal and illegal threats to their digital identities.
GrapheneOS is an operating system designed for these users – it focuses on the research and development of technologies for the protection of privacy and security. These include improvements to the sandbox, threat mitigation, and the operating system’s global permission model.
But you need to know what you’re getting into – using GrapheneOS and using extended privacy requires some knowledge. Below is information to help you learn about the privacy and security-focused alternative to Android.
What is the GrapheneOS mobile operating system?
Created in 2014 under the name CopperheadOSThe privacy-focused operating system was briefly known as Design Android hardening in 2018, before officially becoming GrapheneOS. Powered by Android Open Source (AOSP), GrapheneOS improves operating system privacy and security by mitigating entire classes of security vulnerabilities and making it difficult to exploit the most common sources of vulnerabilities. Additionally, GrapheneOS increases the security of the operating system and the applications running on it, for example by providing more granular permissions control. Application sandboxing and other security boundaries are also tightened.
Organizationally, GrapheneOS is a non-profit organization and intends to remain so. The model allows developers to focus on improving privacy and security without having to build a business model that does not contradict the success of an open source project.
According to the developers, many earlier features of GrapheneOS were rolled into AOSP and became part of its code, to be implemented by anyone creating AOSP-based Android ROMs. For context, these features will not be listed below as they are now part of the AOSP code and can be found in most modern ROMs from phone manufacturers and independent developers.
According to the creators of GrapheneOS, the new CopperheadOS project is closed source and not related to the original project.
What are the features of GrapheneOS?
GrapheneOS is particularly focused on protecting users against so-called zero-day vulnerabilities. GrapheneOS believes that the first line of defense is to reduce the attack surface, which means removing unnecessary code from the operating system, both in terms of potentially dangerous features and traditionally built-in applications.
As such, GrapheneOS includes network and sensor permission switches that are not normally available on AOSP ROMs. The operating system also supports MAC randomization for each connection, a private screenshot feature that disables the inclusion of confidential metadata, and an LTE-only mode that reduces the radio attack surface by disabling code legacy (2G, 3G) and edge. code (5G). Additionally, Wi-Fi and Bluetooth can be configured to automatically turn off if not connected to the device.
The ROM also aims to prevent attackers from exploiting a security vulnerability by preventing (or at least hindering) its development. GrapheneOS claims to devote significant resources to the development of in-memory safe languages and libraries, static and dynamic analysis tools, and more.
Finally, the creators of GrapheneOS strongly believe in sandboxing at different levels, fortifying the kernel and other core components of the operating system. This means sandboxing into a specific Android codec, app, or user profile.
This list is not intended to be exhaustive and you will find more details on each of these features on the official GrapheneOS website.
Apps for GrapheneOS
GrapheneOS offers a variety of built-in and robust applications for basic tasks. Some of them are available on the Google Play Store and some are not. First of all, it’s WebViewer Vanadium and browser. The app is essentially a hardened version of Chromium, offering enhanced privacy and security features. Vanadium is not available on non-GrapheneOS ROMs.
GrapheneOS also offers a camera app called Secure camerawhich is available in the Google Play Store. It was developed by the GrapheneOS team (not based on AOSP code) and supports most mainstream shooting modes along with a host of privacy and security features. These include a special QR code scanning mode that works without network and media/storage permissions, and optional removal of EXIF metadata from photos and videos.
Additionally, the GrapheneOS team has developed a hardened PDF viewer application – Secure PDF Viewer, which blocks another common attack vector. An app is also available Listener (link to Google Play), designed to provide hardware verification of authenticity and integrity of firmware/software on devices. Both of these apps are available on the official Google Play Store.
Can I use Google services on GrapheneOS?
Basically, GrapheneOS tries to avoid any impact on the user experience by adding the privacy and security features mentioned above. That being said, the nonprofit also acknowledges that it’s not always doable. Google’s applications are a good example of this since GrapheneOS does not include them natively in its operating system. The team explains that it is not against users using Google’s services, but asserts that they are not integrated into the operating system in an invasive way.
Because of this, Google apps can be installed on GrapheneOS through a separate compatibility layer that deprives them of the special access or privileges they normally have on AOSP ROMs. You can learn more about the Google Play Sandbox compatibility layer here.
What devices does GrapheneOS run on?
Currently, GraphenOS is available for Pixel phones and only Pixel phones. These devices support the strict privacy and security standards required by design. These include support for installing other operating systems, standard hardware security features (e.g., hardware-supported key vaults, verified boot, validation, etc.) and input/output memory management units (IOMMU). Thanks to IOMMU, the system can isolate components such as the GPU and the network, among others.
GrapheneOS currently supports Pixel 4 and newer versions of the phone, and the Pixel 3 line is being phased out and no longer receiving full security updates. The nonprofit also confirmed that the ROM will be available on Pixel 6a soon after its official release.
Although GrapheneOS only works on a few phones, it’s a great way to extend the life of an aging Pixel, or just make your phone more private and secure. If you have a Pixel device and want to see what true mobile privacy looks like, check out our guide on installing GrapheneOS.
➔ Follow us on Google News to stay up to date!
source: Graphen OS | android font
I’ve been dealing with Internet communication and e-marketing since 2005, I’m passionate about mobile devices and new technologies – and I don’t hesitate to use them.