GrapheneOS: When buying a smartphone or looking for a new one, there is no alternative to the duopoly between Apple and Android. The former is synonymous with the iPhone, a closed ecosystem and attention to privacy. At the same time, the latter allows you to pick your favourite model from many options, with different personalisations of the operating system. Choosing Android means relying on Google’s services, with Big G’s apps that have been pre-installed on phones for years, but also the impossibility of evading the data collection that Google performs every time one of its apps is used.

Granted that the native Android Open Source Project is characterised as a more secure and privacy-conscious system, there are alternatives to the duopoly. One of the most interesting is GrapheneOS, which guarantees a secure Android experience with an operating system that relies on Google services, including apps to download from the Play Store and data synchronisation, but without leaving the door open for the Mountain View company to collect personal data, which is then useful for companies to tailor ads to the user’s tastes and preferences.

I use GrapheneOS every day. https://t.co/8tWRvwVtgJ

— Edward Snowden (@Snowden) November 4, 2022

Why is it different from others?

Launched in 2014 as CopperheadOS and named GrapheneOS in 2019, after developer Daniel Micay moved away from Copperhead Limited to pursue work on the Android Hardening project (another name for GrapheneOS), the operating system based on respect for privacy and security is an open-source, non-profit initiative recommended several times by Edward Snowden precisely because of its ability to offer Google’s suite of services, blocking the enormous amount of data that Big G takes possession of, which is precisely what Big G has founded much of its power and wealth on.

Having said that, a large part of the innovations provided by the GrapheneOS developers then make their way into the AOSP code, thus ending up ensuring improvements to the operating system used by so many people; it is curious to understand how an OS that was born for Google and runs on Android manages to circumvent some of Big G’s mechanisms. Much of the merit lies in GrapheneOS engineers’ changes to the original Android version, removing vulnerabilities and code that allows users’ preferences to be tracked.

Innovations come first

Calvin Wankhede of Android Authority explained some exciting details on how GrapheneOS works after testing the operating system for a few weeks. Unlike custom ROMs, which, to safeguard personal data, give up Google apps, GrapheneOS allows you to install the Play Store and revoke app permissions, which then work but do not collect any information about the user. In this way, one can also discover some new features already developed by Google but have yet to be available to users who rely on classic solutions.

One example is the new photo picker, which allows users to share only the selected photo or video with the app they intend to use without providing access to all stored files. But Google has not yet made the function available, so only those who opt for GrapheneOS (which tricks the app by simulating access to the entire archive via the Storage Scopes system) can, in the meantime, take advantage of an interesting privacy innovation.

Widening the point of view, there are many security and privacy benefits that GrapheneOS provides. With the lock screen changing the PIN entry layout every time the phone is unlocked, guessing the PIN through hand movements is virtually impossible. In addition, access to sensors such as the compass, barometer and gyroscope can be controlled, which, conversely, if disabled, reset the data from the same sensors.

A solution for few

Among many merits, there is no shortage of flaws and limitations. Only some people can rely on GrapheneOS because some applications are incompatible with the sandbox model that exploits the operating system. One example is Android Auto; another linked to Google’s certification for SafetyNet compatibility is NFC payment via Google Pay, which you can replace with your bank’s app.

Beyond this, however, the real weak point is that GrapheneOS can only be used with the Google Pixel. From March 2022, the operating system only supports Big G’s devices, from model 4a to the newest Pixel 7 Pro. It goes without saying that these compromises make an effective solution such as GrapheneOS limited to a niche of enthusiasts and nerds ready to tinker as much as they need to have an Android smartphone without giving up their data to Google just to be able to use the company’s services.