GrapheneOS

A look into the private and secure mobile OS

Jack G
3 min readOct 28, 2022

I recently learned through the almighty YouTube (and their algorithm that provides tailored recommendations to each user) about GrapheneOS. Formerly known as CopperheadOS, GrapheneOS was founded in 2014 and is a “privacy and security focused” mobile operating system developed as a non-profit, open source project, that aims to maintain Android app compatibility.

Maintain app compatibility? Why wouldn't any apps be compatible?

The way Android handles app services requires Google Play Services to be running with administrator permissions (full unrestricted access) on your device at all times. The problem with Google Play Services when developing a private and secure mobile operating system is how sneaky Google Play Services is. In a paper published in August of 2018 by Digital Content Next, the shady and invasive practices of Google’s mandatory application services are revealed. Google’s Play Services constantly phone home with information about your location, what you are doing on your phone, device type, cell service carrier name, crash reports, and information about apps installed on the phone. It also sends Google updates whenever any app is accessed on your Android phone. This lets Google know when an Android user accesses, for example, their Facebook app.

According to the article, Android also manages to collect data even when WiFi is disabled, with “the ubiquity of Wi-Fi hubs [makes] location tracking quite frequent.” With nearly every home in your typical residential neighborhood, it only requires a 15-minute walk for an Android device to send nine location requests to Google. “The request collectively contained ~100 unique BSSIDs of public and private Wi-Fi access points.”

Wifi and Bluetooth scanning are still enabled even with Wifi and Bluetooth turned off.

So, how can we create a fork (or copy) of Android that aims to eliminate the invasive practices of the Google Play Services, while keeping Google Play Services, so apps still function on your device?

The answer is to not have them preinstalled. GrapheneOS does not come with any Google apps or services preinstalled, and they must be downloaded from their app store by the user if they want or need them. This doesn’t completely defeat the purpose of the OS, however. When the Google services are installed, they are placed into a sandbox (or an environment that doesn’t allow apps running in them to access anything outside of the environment) that can be completely controlled by the user. Don’t want Google accessing your device’s gyroscope? Done. Don’t want Google accessing your device’s location? Done. It’s as easy as any other app, just toggle the switch. This is not possible on stock Android, as Google’s services are woven deep within the operating system in a way that does not allow users to limit what Google can do on your device.

Want to learn more about this topic?

Here is the article I referenced, plus two more articles that go into more detail about Android and Data Privacy.

Article I referenced above
Study on Android Handsets and Privacy

You can also learn more about GrapheneOS with the embed below!

--

--