GrapheneOS: User Impressions
When I first started focusing on moving toward more privacy-friendly software and services, I knew that at some point I would want to install a custom OS on my phone. I’ve always used Android as my mobile OS, and Android, being a Google product, is of course used to gather data on its users. While I was not as privacy-conscious when I bought my current phone a few years ago, by good fortune the model I purchased was a Google Pixel 3a, which is compatible with some top-tier custom OSes, including CalyxOS and GrapheneOS. The phone is getting somewhat old at this point (though it still runs pretty smoothly) and the Pixel 3a reaching end-of-life and no longer receiving software updates (including security updates) from Google was extra motivation for me to consider installing a custom OS. Even so, I was a bit nervous to install a new OS on the phone since doing so involves formatting the phone and entails a chance of bricking the device. I spent quite a while tinkering with various non-Google backup solutions for my phone so that I could import all my data to the formatted device without needing to rely on Google (Syncthing was very useful for this). After I felt comfortable with my backups, I finally made the plunge and installed GrapheneOS on my device. I thought my experiences could potentially be useful to others who are considering a custom mobile OS and decided to write a post about it. This will not be a full review of GrapheneOS, but merely my impressions installing and using the software. I will be writing about GrapheneOS from the perspective of a layman/user, as I’m not qualified to evaluate GrapheneOS from a technical standpoint.
Choosing the OS
While there are quite a number of “deGoogled” and/or privacy-focused custom OSes that were available for my phone, the two that were most often recommended for Google Pixels were CalyxOS and GrapheneOS. Both are based on AOSP (Android Open-Source Project) and are focused on making Android a more privacy-friendly OS and limiting Google’s control over the data stored on and generated from the device. Both also preserve Android’s verified boot feature, a security feature which is often not preserved in custom OSes.
While I was leaning more toward CalyxOS at first, the more I researched, the more I felt that GrapheneOS was the better option. While CalyxOS does preserve the security features of stock Android well (unlike other custom AOSP-based OSes which do not), GrapheneOS not only preserves the security features in stock Android, but improves on them in a variety of ways. Additonally, GrapheneOS has a better track record than CalyxOS of merging upstream updates on time, which is also important for device security.
There were two factors that continued to pull me toward CalyxOS, however. The first was CalyxOS’ support for MicroG, which mimics Google Play Services and allows many apps that rely on Google Play Services to run on the phone even without Google Play Services installed. While having a phone without Google Play Services installed on it at all sounds nice in theory, in practice many of the apps I need day-to-day require Google Play Services to function properly. However, somewhat recently GrapheneOS added support for sandboxed Google Play Services, which allows Google Play Services to be installed on the phone while limiting its permissions and general access as compared to Google Play Services on stock Android. MicroG and sandboxed Google Play Services are two different models of attempting to limit Google’s control over the device while preserving compatibility. MicroG is an open-source reimplementation of Google Play Services, which spoofs stock Google Play Services, requiring all the same elevated permissions that Google Play Services does and communicating with Google’s servers. Sandboxed Google Play Services on the other hand, uses the standard, proprietary Google Play Services software, but treats it as a user app and denies many of the elevated permissions that stock Google Play Services and MicroG both require in order to work. Both solutions still send some information to Google and provide imperfect compatibility with apps that require Google Play Services. Nevertheless, by all reports sandboxed Google Play Services provides at least as much compatibility as MicroG and seems to be a more secure implementation as well.
The second factor that pulled me toward CalyxOS was the drama surrounding GrapheneOS and its founder and lead developer, Daniel Micay. GrapheneOS started its life as CopperheadOS, but after a feud between Micay and James Donaldson, Copperhead’s CEO, Micay left Copperhead and started GrapheneOS. Both Micay and Donaldson claim that they have the rights to the CopperheadOS source code and are currently in a legal dispute over these rights. Given that Micay was clearly the technical brains behind CopperheadOS and the fact that other of Donaldson’s former business associates aren’t very complimentary of him, this dispute alone is not very concerning. However, Micay, and by extension the GrapheneOS project and community, have gotten in feuds with a number of other privacy-focused and FOSS projects. The list includes but is not limited to: Techlore, CalyxOS, F-Droid, Seth For Privacy, and Bromite.
Now, is it possible that all of these projects are in cahoots against Micay and GrapheneOS and have organized misinformation and harassment campaigns against the project as Micay claims? I haven’t seen any evidence of these campaigns myself, but sure, it’s possible. Is it also possible and perhaps more likely that Micay is simply a little paranoid, maybe because of his bad experiences at Copperhead? Absolutely. However, while Micay has been somewhat acrimonious toward many of these projects, he seems genuine in believing that these other projects are looking to damage GrapheneOS and his behavior toward them generally seems to be better characterized as unprofessional rather than abusive. While that is still unfortunate, I don’t think it’s a good reason not to use and even support the GrapheneOS project, especially when many of the projects that GrapheneOS feuds with admit that GrapheneOS is an excellent OS and that Micay is a genius developer. It is still concerning that GrapheneOS has such poor relationships with other FOSS projects since the success and longevity of FOSS projects is often dependent on incorporating code from other projects. However, GrapehenOS has a whole team of talented developers and contributors, so perhaps they can continue making a successful product even without collaboration with other prominent FOSS projects. Ultimately, this drama, while somewhat concerning, did not seem like a good reason for me to choose an alternative custom OS over Graphene.
While I have never installed a custom OS on my phone before, I do have some experience installing custom firmware on video game consoles and by comparison, installing GrapheneOS is an absolute breeze. I used the web installer for the installation process and doing so was very straightforward. Once you have your phone connected to your PC, the process is basically just pressing a few buttons while the web installer does all the hard work for you. I did run into problems when trying to use UnGoogled Chromium as the browser for the install, but the good folks the GrapheneOS Matrix room informed me that while vanilla Chromium is compatible with the web installer, UnGoogled Chromium is not. I ended up using Brave for the install, which worked very well and I didn’t hit any other snags in the installation process. Even if you have minimal technical expertise, using the web installer should be no problem.
After installing GrapheneOS, the setup experience was very similar to stock Android with the obvious exception of not needing a Google account. By default the UI is very bare, but this is by design. The only apps that are installed by default include reskinned versions of some basic AOSP apps (Phone, Contacts, Messages, Settings, etc.), Vanadium (GrapheneOS’ hardened version of Chromium), and GrapheneOS’ “app store”. I put “app store” in quotes since it is only used for GrapheneOS’ first-party apps, most of which are system apps which come preinstalled. The app store also includes sandboxed Google Play Services, though I will discuss that more in-depth in a bit. The general UI of the phone is basically identical to stock Android and should be familiar to anyone who is used to the stock version of the OS. After adding some apps and a custom background, my phone with GrapheneOS looks mostly indistinguishable from when it was running stock Android.
Sandboxed Google Play Services
While I could get some apps running on GrapheneOS as-is, the vast majority of apps require Google Play Services to work properly. Installing sandboxed Google Play Services from Graphene’s app store is pretty simple and can be done in a few taps. While some basic Google Play Services functionality can work without being logged in to a Google account, most apps will need the full Google Play Services suite, which includes the Google Play Store and in order for the Play Store to function, you will need to log in to a Google account. You can of course make a “throwaway” account specifically for this purpose, though it would not surprise me if Google has ways of correlating accounts with each other, especially if you ever log in to your personal account on the same device. You can then use the Google Play Store to install apps, though you can of course also use F-Droid or Aurora Store. Once the full Google Play Services suite was installed and I was logged into my Google account, I was really impressed with the app compatibility. I did struggle a little bit with some apps at first, but after some experimenting and tweaking, I have yet to encounter a single app that I couldn’t get working with sandboxed Google Play Services. This even includes some banking apps, which apparently don’t always work well with sandboxed Google Play Services. You can further limit Google Play Services by installing it only in a specific user profile or a work profile, though I am currently just using it on the main user profile for the sake of convenience.
Most of GrapheneOS’ security features are under the hood, but there are some that you will notice. First is the obvious lack of any proprietary Google apps on the phone by default, as I have already discussed. Second, is the expanded permissions capability. While stock Android allows you to control some permissions (such as camera or location access) for most apps, GrapheneOS allows you to control the sensors and network permissions as well. This network toggle in particular is a very powerful tool which can prevent any app you choose from connecting to the internet. This feature made me more comfortable installing some proprietary apps that I enjoy using but have no need for internet access. On stock Android, I have no choice but to allow them access anyway (and likely send data the app collects back to the developers) or else use an imperfect firewall solution like Netguard. GrapheneOS lets me deny these apps network access on the operating system level, which is a far more ideal solution.
These permission toggles are available for Google Play Services as well, meaning you can decide exactly what permissions Google’s apps have on your phone even if you do choose to install them, which is simply impossible on stock Android. While this lessens some of the seamless experience of stock Android (I often have to manually approve requests for access from Google Play Services), the gain in privacy and security is definitely worth it. I can even install Google apps like GBoard on my phone and simply disallow them from using the internet, which they don’t need anyway. I even denied the network permission to the Google Play Store (I either download my apps manually or get them from F-Droid or Aurora Store) and found that app compatibility still works just fine. While the basic Google Play Services apps continue to have network access, I have still greatly limited the number of avenues Google has to siphon data from my phone, which feels really great!
The other security feature you may notice is “secure app spawning”, which will cause a slight delay when opening apps. This delay is noticeable, but still quite short and it didn’t impact my usage of the phone at all. However, if you want to disable it, you can do so in the phone’s security settings and apps will open without the delay.
Overall, I am quite happy with GrapheneOS. I did have to struggle a little bit with getting the sandboxed Google Play Services to work as I like, but at this point all the apps I need run smoothly and I haven’t had any compatibility issues. While GrapheneOS’ web installer is very easy to use, I still don’t think I can recommend the OS to my non-tech savvy friends and family. A fair bit of setup and tinkering with sandboxed Google Play Services was required for me to get it working smoothly and many of GrapheneOS’ best security features would likely go unused and/or unappreciated, while the usability sacrifices would still be noticeable. For me personally however, GrapheneOS is a great fit and when I get my next phone, installing GrapheneOS on it will likely be the first thing I do.