I've given up on Google and installed privacy-oriented GrapheneOS on my Pixel
GrapheneOS offers many privacy and security advantages over standard Android, but is it worth the hassle?
GrapheneOS is an aftermarket custom software for Android devices that aims to become a bastion of privacy. It is based on the open source code of the Android operating system and provides additional security mechanisms that can provide higher data protection on the device. GrapheneOS removes pre-installed Google apps and services, and includes additional security mechanisms such as detecting changes to system files and protecting against malicious applications. In addition, GrapheneOS uses strong data encryption and provides the ability to install additional applications only from official sources.
GrapheneOS offers an easy way — it provides a private and secure experience with Android without compromising the usability of your smartphone. You can download apps from the Play Store, receive push notifications via Google servers, and even sync your data as usual. All this prevents Google from collecting data through your smartphone. But how does it all work and is it worth using GrapheneOS? I took it for a test drive on the Pixel 6 to find out.
Before I tell you about my experience installing and using GrapheneOS, I'll tell you what you're probably interested in: what is a custom OS with privacy protection? And how does GrapheneOS achieve its privacy-focused goal with Google services installed?
Simply put, GrapheneOS offers a sandbox way.
So, the sandbox is not a new concept. On Android, all user-installed applications are intentionally sandboxed or isolated as a security measure. This prevents them from interacting with each other or running malicious code that affects your entire device. However, Google apps are treated in a special way. Most Android phones come pre-installed with Google services as privileged apps in the system partition, which essentially gives them unlimited access even before you set up the device.
GrapheneOS doesn't pay much attention to Google apps and services.
In Android 13, Google has introduced a new photo picker that allows you to share only selected photos and videos with the app. This means that you no longer need to provide full access to your storage or even to all your media files. It's a handy privacy feature, but Google hasn't implemented a new photo selection tool yet.
GrapheneOS takes this concept one step further by offering its own alternative permission system called Storage Scopes. With it enabled, GrapheneOS will trick the application into believing that it has access to all requested storage permissions. But in fact, the application will only be able to create files.
Although Google plans to release a new photo selection tool in Android 14 later this year, it will only be applicable to multimedia files. However, the new tool will not work for files that are not multimedia. At the moment, Storage Scopes seems to be a more efficient and secure solution that helps me control application access to my storage, especially for those I don't trust.
Network access for each application
Ever wondered why a flashlight app needs internet access? With GrapheneOS, you can easily block applications from accessing the Internet. When installing new applications, you are prompted to confirm that you need permission to access the network. With GrapheneOS, you can easily choose which applications should have access to the Internet and which should be blocked without sacrificing the convenience of connection.
If all that wasn't enough, GrapheneOS also includes small features focused on security and privacy. Here are some examples:
- Entering an encrypted PIN code: The lock screen in GrapheneOS changes the layout of entering the PIN code every time I unlock my phone. This will prevent anyone from guessing my PIN code just by hand movements. I remember how third-party gallery storage apps used this feature almost a decade ago, but it still hasn't appeared on Android.
- Sensor Resolution Switch: GrapheneOS allows you to control access to sensors such as compass, gyroscope and barometer. This is the permission of the application — disabling it leads to the fact that the application does not receive any sensor data at all.
- Automatic reboot. Several Android OEMs offer the option to schedule an automatic reboot every night or week, but Google doesn't do that. Why do you want to turn it on? From a privacy perspective, rebooting the device removes the encryption keys from memory and forces the device owner to enter their PIN.