Graphene OS: a security-enhanced Android build
9 months ago
- #Privacy
- #Android
- #Security
- GrapheneOS is a security-enhanced Android build that started as CopperheadOS, later rebranded after a dispute between founders.
- It focuses on hardening Android against threats and enhancing user privacy, based on the Android Open Source Project but with significant modifications.
- Supported devices are limited to Google Pixel 6 through 9, with some support for Pixel 4 and 5, emphasizing security features like hardware memory tagging.
- Installation can be done via web-based or command-line methods, with the web method noted as more reliable.
- GrapheneOS offers a minimalist setup with its own apps like Vanadium (a hardened Chromium fork) and a privacy-focused camera app, avoiding Google apps by default.
- It includes sandboxed Google Play for compatibility, allowing apps to run without special privileges, though some apps may refuse to work due to integrity checks.
- Security features include enhanced app permissions, storage and contact scopes, a duress PIN for data wiping, and frequent updates.
- Governance is opaque, with a foundation supporting development but little public information on operations or contributors beyond founder Daniel Micay.
- Users report positive experiences with GrapheneOS, appreciating its security and privacy controls, though some proprietary apps may still be necessary for full functionality.