Take a basic course in Linux and privacy-proof technology
5 January, 2025
What is GrapheneOS?
GrapheneOS - mobile security and privacy beyond the influence of tech giants
Are you tired of feeling like your smartphone might be monitoring you? Nordic mobile users with privacy concerns are increasingly looking for alternatives to the platforms of the big tech giants. One of the most talked about alternatives is GrapheneOS, a standalone operating system based on Android but developed non-profit with open source. GrapheneOS has been praised by privacy experts - even whistleblower Edward Snowden recommends it as the basis for a secure smartphone. Here's an in-depth overview of GrapheneOS and why it offers superior security and privacy compared to standard Android and iOS phones.
What is GrapheneOS and why is it different?
GrapheneOS is an operating system for selected Google Pixel phones that builds on Android's foundation but without Google. Unlike a regular Android mobile (where Google apps and services are deeply integrated from the start), GrapheneOS comes fully without Google software. This means that no apps automatically send data to Google in the background - which drastically reduces the amount of information collected about your usage. Even Apple iPhones, which are often marketed as privacy-friendly, send some telemetry data to Apple. Studies show that on average, a standard Android phone sends 20 times more data about the user to Google than what an iPhone sends to Apple. By eliminating Google services, GrapheneOS removes the entire data-collecting infrastructure out of the equation.
GrapheneOS is not only Google-free - It is also full of customised security improvements. The project has been designed from the ground up to strengthen Android's already robust security model. The result is a system with harder sandboxing, more rights settings and exploit mitigations than both standard Android and iOS. Despite this, GrapheneOS feels like a modern, minimalist Android in everyday use. The interface is familiar and user-friendly, so you won't face a steep learning curve just because you're switching systems. One user who recently switched from iOS described that GrapheneOS on a Pixel phone provided a fast and snappy experience - "it works great for me as a daily driver, and I feel no need to go back". In other words: GrapheneOS does not compromise on ease of use to give you privacy and control.
Focus on security and privacy
Unlike Apple and Google, whose business models are partly based on data about users, GrapheneOS is entirely non-profit and community-driven. The system has no backdoors or hidden data flows to a manufacturer. All source code is auditable by anyone, which increases confidence that no unwanted monitoring features are hiding in the system. For you as a user, this means a big step towards data control: your phone obeys you and no one else.
GrapheneOS protects against surveillance and interception through several unique features. You get granular control over app permissions, more than what standard Android offers. For example, you can switch off internet access for individual apps altogether, as well as block access to sensors like the microphone, camera and GPS for apps that don't need them. This is significant - many apps that unnecessarily request network access or microphone can be effectively silenced on GrapheneOS. The system also has a "dead man's switch" for sensors in the quick settings: at the touch of a button, you can globally disable all sensors such as camera and microphone. This means you can prevent eavesdropping if you are in sensitive environments.
Another privacy function is PIN code scrambling on the lock screen - the position of the number keys is randomised each time, so no one can figure out your code by observing where you press. GrapheneOS also randomises the MAC address of your phone for each network it connects to, making it much harder for trackers to identify your device over Wi-Fi networks. This trumps standard Android and iOS, where the MAC address is often fixed per network or (in the case of iOS) only changes periodically - GrapheneOS makes sure you appear as a new device at every connection.
Beneath the surface, GrapheneOS has introduced a variety of security improvements. The system is a hardened variant of Android: among other things, the entire system is pre-compiled (the JIT compiler is switched off) to reduce the attack surface, memory management and sandboxes (locked execution environments) for apps are further strengthened. The consequence is that malware and hackers find it much more difficult to exploit vulnerabilities. For you, this can mean increased security against, for example, banking trojans and fraud attempts - GrapheneOS simply makes your phone a much harder target.
When Android and iOS fail - lessons learnt from scandals
Unfortunately, the collection of data about us by large companies is not an abstract risk, but something we have seen countless examples of. Historically, both Android and iOS have been involved in scandals and incidents which highlighted shortcomings in integrity:
- Silent data collection: In study 2021 showed that an Android phone sends about 1 MB of user data every 12 hours to Google, even when it is idle, while an iPhone sends about 52 KB to Apple over the same period. Both Google and Apple collect your device's unique IDs, network information and other details continuously - even if you've tried to turn off sharing in your settings. It has even been estimated that Google globally receives over 1.3 TB of data every 12 hours from Android devices. This background telemetry takes place without the active involvement of the user and was clearly illustrated in Douglas Leith's report. It is exactly like this involuntary data monitoring GrapheneOS eliminates by not having any Google components "calling home".
- Position tracking: Google became 2018 revealed with the fact that track users' location data even when "Location History" was switched off. An AP review found that several Google services (both on Android and iPhone) were secretly storing time-stamped location data anyway. For example, Google was able to save your exact latitude/longitude only when you opened Google Maps, or via searches that should not require location at all. This happened even though the user explicitly opted out of location logging. Google updated its policies after criticism, but the incident highlighted the risks of a system that trusts big business to follow privacy settings. In GrapheneOS, these background services do not exist at all - your location is not shared anywhere unless you yourself installs an app that does so.
- The voice assistant scandal: Even Apple has stepped up to the plate. In 2019, it was revealed that Apple contracted company that intercepted Siri recordings for quality purposes, without users' knowledge. Contractors who worked for Apple reported that they regularly heard sensitive private conversations via Siri, including medical information, business discussions - even sounds of couples having sex. This was possible as Siri sometimes interpreted common sounds as the activation phrase and recorded without the user realising. When it became known, Apple had to apologise and introduce the option to opt out of Siri recording. But the damage was done: the incident confirmed once again that even Apple, which tries to profile itself as more "privacy-friendly" are far from infallible - data can end up in the wrong hands or ears. With GrapheneOS, there is no built-in voice assistant at all listening in the background. If you want to use such a service, you have to deliberately install it, and you can then put it in a restricted profile (more on that below) to control its access.
- Mass surveillance: Both Google and Apple were among the companies named in 2013 in the NSA's secret surveillance programme PRISM. Under PRISM, US tech companies were forced to hand over user data to the NSA, according to leaked documents published by Edward Snowden. This meant that information from Gmail, iCloud, Google Drive, etc. could end up directly with the NSA without an individual search warrant. Although PRISM was conducted legally in the US, it sparked global debate about how much user data flows through the servers of large companies and can reach authorities. GrapheneOS, on the other hand, offers a way to minimise that risk - by not rely on any centralised cloud infrastructure from Google or Apple. Your data stays locally or in services of your choice, outside the ecosystem of the tech giants.
The above examples are just a few of many. The point is that the standard platforms have inherent conflicts of interest between functionality and your privacy. GrapheneOS tries to resolve that conflict by providing you in control of the data. As a user, you don't have to worry about telemetry, unexpected recording or backdoors - GrapheneOS is built to serve you, do not exploit you.
Profiles in GrapheneOS - different worlds on the same phone
One of the most powerful and unique features of GrapheneOS is the support for multiple user profiles. Just as you can have multiple user accounts on a computer, GrapheneOS allows you to create separate profiles on your phone. Each profile is like its own space - with its own apps, settings and full data separation from the other profiles. This feature is also available in Android, but GrapheneOS takes it to the next level: instead of a maximum of 4 profiles on a regular Android, GrapheneOS supports up to 32 profiles (31 separate + 1 Guest) on modern Pixel phones. It offers unprecedented opportunities for those who want to "sandbox" their digital lives.
For example, imagine you want to keep work apps separate from private ones. On GrapheneOS, you can create a Job profile where you install work-related apps (email, Slack, etc) and maybe give it access to the calendar. Then you have a Personal profile with your chats, photos, social media and so on. When you are free, you can switch off completely job profile - GrapheneOS allows you to "close the session" for a profile, which encrypts and puts it to sleep until you next open it. In the meantime, no work apps can intercept your location or send you notifications, because the profile is literally turned off. It's like having two phones in one, but much more convenient.
Many GrapheneOS users utilise profiles to increase both privacy and convenience. One user describes e.g. its approach to several profiles: "The owner profile" solely for system updates, a everyday profile for common apps like not need Google, a separate Google profile for the few apps that require Google Play services, a bank profile for bank ID and finance (which he only opens when needed and then closes), and a temporary profile for apps to be deleted without a trace. All this on the same device! Other users have a profile where they allow location access (e.g. for navigation in Google Maps), while their main profile never shares location to avoid tracking. The degree of control and compartmentalisation that profiles provide is difficult to achieve in standard systems.
GrapheneOS has also made profiles more convenient. You can quickly switch profiles via the quick settings or the lock screen. The owner profile can "share" apps to other profiles without having to reinstall them - meaning that if you downloaded Signal in one profile, for example, you can make it available in another profile with a couple of taps, instead of having to download two copies. At the same time, security isolation is intact: an app in Profile A cannot see data belonging to Profile B. Each profile has its own encryption keys and storage space.
This high-profile existence brings huge benefits in terms of privacy. If you are must use a particular app that you don't really trust (perhaps a popular social media app), you can put it in a restricted profile where it can't access your contacts, photos or other apps at all. Should the app get hacked or try to spy, the damage is locked in its profile. This is security in depth, far beyond what standard Android or iOS offers.
Aurora Store - app store with integrity
A common concern when switching to a Google-free system is: "How will I get my apps without the Google Play Store?". GrapheneOS has the solution: Aurora Store. Aurora Store is a standalone app store that allows you to download apps directly from Google's Play Store, but completely anonymously and without a Google account. It acts as a middleware - it downloads the APK files from Play for you, so you don't have to log in to Google or run their store client.
In the GrapheneOS world, Aurora Store is considered a key component to provide a complete app experience. You can search for apps just like in the regular Play Store and install them with a tap. The difference is that Google doesn't know it's you - Aurora can use a shared anonymous account to download the app. This means that even if you use popular apps like Spotify, Netflix, BankID or your banking apps, you can get them without giving up your identity or privacy. For open source apps, there are also F-Droid, an alternative store with only free apps, often used side by side with Aurora. In short: GrapheneOS offers several ways to get hold of software without opening the door to the big tech companies.
However, there are some practical limitations to be aware of. Pushnotes - the service that sends out notifications in the background of apps - many apps rely on Google Play Services (Google's background services). If you are running an app without Google services installed, the app may not be able to receive push notifications when it is closed. Guides recommend solutions such as installing MicroG (an open replacement for some Google services) if you absolutely need all push notifications. Alternatively, in GrapheneOS you can actually install the real Google Play Services in the sandbox (more on that in a moment) to get notifications going. Many secure messaging apps like Signal However, they have their own notification systems and work fine anyway - for example, users report that Signal provides notifications as long as the app has been recently open, even without Google push. Another example is that some banking apps and payment functions like Google Pay may refuse to run on a non-certified system. GrapheneOS passes basic security checks (SafetyNet basicIntegrity), but lacks Google's official certification, which may cause some apps to complain. In practice, however, most apps work fine - the GrapheneOS user community keeps lists of which banks and services work. For the few that don't, you can consider using their web alternatives or simply do without those particular apps.
In summary, Aurora Store and similar tools give you access to almost the entire Android app ecosystem - but on your terms. You can continue using your favourite apps but not have to give Google information about your app usage. This is one of the cornerstones that makes GrapheneOS practical in everyday life, not just a niche experiment.
Alternatives to Google and Apple apps - a complete experience
A common misconception is that with a privacy-focused phone, you have to compromise and live "offline". GrapheneOS disproves that by offering modern options for almost all types of apps you need, without to be tied to Google or Apple. Here are some examples of how a GrapheneOS user can replace common services:
- Web browsers: Instead of Google Chrome, GrapheneOS comes with Vanadium - a hardened variant of the Chromium browser developed by GrapheneOS themselves. Vanadium removes unnecessary tracking and includes extra security protections, providing a safer browsing experience than the default browser. For you as a user, Vanadium feels like Chrome (same speed and look) but with the knowledge that it does not send your browsing history to Google.
- Search engine: Instead of Google Search, you can easily set up a privacy search engine like DuckDuckGo or Brave Search by default in Vanadium. These don't track your searches in the same way that Google does.
- Camera and photos: GrapheneOS includes its own Camera app (Secure Camera) which is optimised for privacy. Your photos are saved locally (or to a service of your choice), instead of being automatically uploaded to Google Photos or iCloud. For photo gallery and editing, free options include Simple Gallery or Plexamp depending on your needs, which can be installed via F-Droid. You can also use cloud services with zero knowledge encryption (e.g. Proton Drive or Nextcloud) if you want to back up images without giving the tech giants access.
- Messaging and communication: Instead of iMessage or Google Messages (which don't come with GrapheneOS anyway), many people use Signal for encrypted messaging - the app is easy to install via the Aurora Store. Signal offers secure chats and calls with end-to-end encryption, something neither Apple nor Google can read. For email, there are apps like Proton Mail or Tutanota that safeguard privacy, and standard IMAP clients that K-9 Mail if you have your own mail server. Video calls? Try it out Jitsi Meet or Element/Matrix for open, encrypted solutions.
- Maps and navigation: You are not locked into Google Maps. There are excellent alternatives based on OpenStreetMap, such as Organic Maps or OsmAnd, which provides offline navigation without tracking. Should you still need Google Maps' detailed data, you can either run it through the browser or in a separate profile where Google gets your location only during use.
- Assistant and voice control: GrapheneOS doesn't have a built-in voice assistant that listens to you (which most people see as a good thing). But you can of course install Google Assistant or Amazon Alexa if you really want to - of course, you then lose some privacy benefits. One tip is to use them in a separate profile with microphone access only when you are actually actively using the assistant, to minimise the risk of constant eavesdropping.
- Cloud storage and backup: Instead of Google Drive/iCloud: GrapheneOS includes SeedVault for backups. SeedVault can encrypt your phone's data and allow you to store the backup wherever you want (e.g. on a USB stick or a Nextcloud server). This way you have backup without giving your data to Google/Apple. For files in general, apps like Syncthing keep your documents synchronised directly between devices - without a central server.
- Other: GrapheneOS has a built-in PDF reader (Secure PDF) that do not spy on your documents. For notes, you can use simple apps like Standard Notes (encrypted) instead of Google Keep. Calendar and contacts can be managed locally or synchronised via, for example, Nextcloud or with Proton Calendar, instead of Google Calendar.
In short, GrapheneOS can offer a complete smartphone experience without dependence on the tech giants. You can call, text, email, take photos, browse, navigate, stream - well, do all the usual stuff - but in a way that you choose which services are allowed to join. Many switchers express surprise at how little they actually miss from the Google ecosystem. On the contrary, they often feel that the phone becomes faster and more battery-efficient when all bloatware and hidden background processes are gone. GrapheneOS is also continuously updated (often faster than manufacturers' own updates), so you get both new Android versions and security fixes quickly - without having to buy a new phone.
The transition - easy to get started and use
The beauty of GrapheneOS is that despite its advanced features, it is surprisingly easy to use. If you're used to Android, you'll immediately feel at home - the interface of a Pixel with GrapheneOS looks and works almost identically to a regular Pixel. The difference lies under the hood and in the settings menus where the new security options pop up. But these you only need to touch if you want to; the default settings are already secure.
You use your phone like any other smartphone. You unlock with fingerprint or PIN as usual (GrapheneOS supports all Pixel features like fingerprint reader and face unlock if the model has it). You download apps - either from GrapheneOS' built-in "Apps" app (where you can install sandboxed Google Play if you want), or via Aurora/F-Droid as we described. Your calls and SMS will work just as usual (GrapheneOS uses Android's built-in phone and SMS apps). Camera and media gallery also work as usual, except that you don't have to worry about pictures being automatically uploaded somewhere you don't want. Note centre, multi-tasking, widgets - everything you expect from Android is there.
Of course, for those coming from iOS, the Android environment may feel different at first, but GrapheneOS does nothing to make it more complicated - on the contrary, you avoid many pre-installed apps that can otherwise confuse new users. So the transition does not have to involve a big learning curve. Most basic functions (calling, messaging, camera, web) are self-explanatory. And should you need help, there is an active community around GrapheneOS with forums, chats and guides, where Nordic users also participate and can answer questions. The documentation is comprehensive and frequently updated, so you're not alone.
Finally, it should be said: switching from a comfortable ecosystem requires bit initial commitment. You may need to spend a few hours setting up options for services you previously took for granted through Google/Apple. But for the privacy-conscious, it's an investment that pays off. With GrapheneOS you get a fast, modern smartphone which obeys you giving you the freedom to experiment outside the gardens of the tech giants - without sacrificing convenience.
Conclusion - take control of your digital life
GrapheneOS shows that we can have the highest security and integrity without to sacrifice the modern mobile experience. For Nordic consumers - and everyone else - who cares about privacy, this operating system is an exciting option. You get transparency and control in everything that happens on your phone, protection against both commercial data collection and potential cyber threats, and the freedom to tailor your mobile experience to your own preferences. More and more people are recognising the opportunities outside the big corporate ecosystem, and GrapheneOS is at the forefront of that movement.
Switching to GrapheneOS means taking control of your data and your device. In an age of constant privacy breaches, that can feel incredibly liberating. Perhaps it's time to give your smartphone a new one, privacy-protected life - out of reach of the greedy tech giants.
EN 
SV 