Affiliate links on Android Authority may earn us a commission. Learn more.
I ditched Google and installed the privacy-focused GrapheneOS on my Pixel
If you’re privacy-conscious and shopping for a new smartphone, you don’t have many options these days. Some begrudgingly buy an iPhone every single time for Apple’s excellent privacy commitment and track record, while many of us accept Google’s data collection in exchange for the convenience and AI-assisted features that Android has to offer. But what if you could convert an Android phone into a bastion of privacy? That’s exactly what GrapheneOS, an aftermarket custom ROM I recently stumbled upon, aims to achieve.
GrapheneOS offers a simple pitch — it delivers a private and secure Android experience without compromising the usability of your smartphone. You can download apps from the Play Store, get push notifications via Google’s servers, and even sync your data as usual. All of this while preventing Google from gathering data through your smartphone. But how does all of this work and is GrapheneOS even worth using? I took it for a test drive on a Pixel 6 to find out.
Would you consider switching to GrapheneOS?
Why use GrapheneOS: More than a De-Googled smartphone
Before talking about my experience installing and using GrapheneOS, I’ll address what you’re probably wondering: what even is a “privacy-hardened” custom ROM? And how does GrapheneOS achieve its privacy-centric goal with Google services installed?
Put simply, GrapheneOS doesn’t take the nuclear approach to Android privacy and security as we’ve seen in the past. Rather than getting rid of Google services entirely, it offers a way to sandbox them.
GrapheneOS doesn't delete Google apps in the name of privacy, it simply makes them behave nicely.
Now, sandboxing isn’t a new concept. On Android, all user-installed apps are intentionally sandboxed or isolated as a security measure. This prevents them from interacting with each other or running malicious code that affects your entire device. However, Google apps get special treatment. Most Android phones ship with Google services pre-installed as privileged apps on the system partition, which essentially gives them unrestricted access before you’ve even set up the device.
To escape this diktat, privacy-conscious users typically install a custom ROM like LineageOS and simply refuse to install any Google apps. Of course, you can do the same thing on GrapheneOS as it doesn’t ship with Google services by default. But what if you want Google services minus the tracking? That’s where GrapheneOS shines and also where the similarities with other custom ROMs end.
While most other ROMs expect you to install Google apps to the system partition, GrapheneOS does the opposite. It lets you install the Google Play Store and Play Services as user apps, forcing them to respect Android’s sandbox. This also allows you to revoke sensitive app permissions like location and file access. Blocking permissions works just as effectively as it would for the Twitter app, for example.
GrapheneOS doesn't give Google's apps and services any special treatment.
In effect, GrapheneOS allows you to reap the convenience and benefits of having Google services on your Android device without compromising your privacy. But that’s still only the tip of the iceberg. In my time using GrapheneOS, I found a number of features that I can only hope make their way to Android in the future.
GrapheneOS’ list of supported devices is limited to Google Pixel phones. You can install GrapheneOS on the Pixel 7 Pro, Pixel 7, Pixel 6a, Pixel 6 Pro, Pixel 6, Pixel 5a, Pixel 5, Pixel 4a 5G, and Pixel 4a.
With Android 13, Google introduced a new photo picker that lets you share only selected photos and videos with an app. This means you no longer have to provide full access to your storage or even all of your media files. It’s a neat privacy feature, but Google hasn’t enforced the new photo picker just yet.
GrapheneOS takes this concept one step further with its own alternative permission system called Storage Scopes. With it enabled, GrapheneOS will fool the app into believing it has access to all of the storage permissions it requested. But in reality, the app will only be able to create files. When I want to share a photo or document with the app, I can specify individual files and folders via the App Info > Storage page (pictured above).
What if you could only expose certain files and folders to apps via the Storage permission?
Even if Google enforces its new photo picker with Android 14 later this year, it won’t work for non-media files. In fact, Storage Scopes seems like a better version and, in my usage, works extremely well for keeping less trustworthy apps from peering into my storage.
A reason to use multiple user profiles
Android allows you to create multiple user profiles, each with its own set of apps, accounts, and data. I’ve never found the feature useful for anything beyond a separate work or entertainment profile on phones, but you could also use it to share a tablet between multiple users. Apps cannot “see” outside the current profile, making it another effective privacy tool.
With GrapheneOS, I can use multiple user profiles to isolate apps even further. Since GrapheneOS installs Google services as regular apps, we can relegate them to a secondary profile alongside other apps we don’t want running in the background.
GrapheneOS also has the ability to forward notifications from one profile to the one I’m currently using. On other Android devices, I’d have to log into each user profile to check for missed notifications — hardly convenient.
Per-app network access
Have you ever wondered why a flashlight app needs internet access? With GrapheneOS, I can simply block apps from accessing the internet. Whenever I install a new app, a confirmation prompt shows up asking if I want to enable network access.
Admittedly, you can use a firewall like Netguard to accomplish the same thing on any other Android device. But it’s arguably more convenient and effective to block internet access before you’ve even installed a new app on your device. Not to mention, firewall apps like Netguard create an on-device VPN to filter network traffic. This approach prevents you from connecting to an actual VPN.
With GrapheneOS, you don’t have to choose between blocking network access to certain apps and connecting to a genuine VPN — you can have both. I bring this up because most people concerned with their device’s security likely rely on a VPN.
Other security and privacy bonuses
If all of that wasn’t enough, GrapheneOS also bundles smaller security and privacy-oriented features. Here are a few examples:
- Scrambled PIN input: The lock screen on GrapheneOS changes the PIN input layout each time I unlock my phone (pictured above). This prevents anyone from guessing my PIN via my hand movements alone. I remember third-party gallery vault apps sporting this feature nearly a decade ago, but it still hasn’t made its way to Android.
- Sensors permission toggle: GrapheneOS lets you control access to sensors like the compass, gyroscope, and barometer. This is an app permission — disabling it results in the app not receiving any sensor data whatsoever.
- Auto reboot: A handful of Android OEMs offer the ability to schedule automatic reboots every night or week, but Google does not. Why would you want to enable it? From a privacy standpoint, rebooting your device clears the encryption keys from memory and forces the device owner to input their PIN.
Installing GrapheneOS on a Google Pixel: Unexpectedly easy!
If you’re like me in that you spent most of the early 2010s experimenting with Android mods like CyanogenMod and Xposed, you’ll probably be surprised to learn just how easy it is to get GrapheneOS up and running.
While installation is still a multi-step process, most of it takes place entirely within a web browser. Even better — I didn’t have to worry about downloading the wrong zip file or flashing something that could potentially brick my phone. GrapheneOS’ documentation offers an excellent step-by-step guide. And even that’s mostly just distilled down to clicking a few buttons on a computer and agreeing to the prompts that showed up on my connected phone.
Installing GrapheneOS takes remarkably little effort and most of it is done through a web browser.
Going back to the stock ROM doesn’t take much work either — you only have to use Google’s web flashing tool instead. All in all, it’s a major upgrade over what used to be a fairly laborious and risky process.
You can install GrapheneOS via the command line too, but the WebUSB method should work just as well. And once you boot into GrapheneOS, installing sandboxed Play Services takes little effort. The “Apps” app has all of the essential Google apps covered.
To install GrapheneOS, you’ll need to unlock OEM Unlocking in the Developer Options menu of your Pixel smartphone. Next, connect the device to a computer using a USB-C cable and head to the official GrapheneOS web installer. The installer will guide you through unlocking your phone’s bootloader, flashing the custom ROM, and re-locking the bootloader.
The downsides to GrapheneOS: What doesn’t work?
So far, I’ve mostly just extolled the virtues of GrapheneOS without elaborating on the downsides. But admittedly, there are a few of them — some of which are more significant than others.
For starters, you can only install GrapheneOS on recent Pixel smartphones. This may sound counter-intuitive since you have to buy a Google-branded phone only to rip everything out and start from scratch. But there are a few good reasons for this juxtaposition, starting with the fact that Google doesn’t discourage you from installing alternative operating systems. The company also keeps its kernel source code, device tree, and factory images consistently up to date.
Even if you stomach the Pixel-only requirement, however, GrapheneOS only supports devices for as long as they still get Android security updates. This means that the Pixel 3 series, for example, will no longer receive new updates from either Google or the GrapheneOS project. According to the developers, keeping older devices secure isn’t feasible after the “firmware, kernel, and vendor code is no longer actively maintained.”
GrapheneOS only supports modern Pixel phones that still receive security updates.
Then there’s the elephant in the room — app compatibility. Even though the vast majority of Google apps work without a problem, some like Android Auto are incompatible with GrapheneOS’ sandbox model. That said, GrapheneOS excels at compatibility compared to running a de-Googled smartphone. Even third-party apps like Uber that rely on Google Maps work without a hitch.
However, GrapheneOS cannot pass all SafetyNet compatibility checks without Google’s certification. This means that NFC payments in Google Pay and a small number of third-party apps don’t work. However, there’s a workaround for the former: your bank may offer a way to make contactless payments through their own app, which you can use instead of Google Pay. Most apps don’t check for the highest level of SafetyNet, so you’ll only rarely run into problems. GrapheneOS also supports AOSP’s hardware attestation feature but it’s up to app developers to embrace it.
But if you’re willing to stomach those two compromises, I can confidently say that you can use GrapheneOS as your daily-driver smartphone operating system. Throughout my time using it, I never felt inconvenienced. On the contrary, the phone looked and behaved like any other Pixel 6. That’s high praise for any custom ROM, given their reputation for being buggy at best and unreliable at worst.