Article · Wikipedia archive·Last revised Jun 29, 2026
GrapheneOS
GrapheneOS is an open-source mobile operating system focused on security and privacy, available for Google Pixel and future Motorola devices, including smartphones, tablets, and foldables. It is built on the Android Open Source Project (AOSP) and was first released in 2016.
The nonprofit GrapheneOS Foundation was founded in Toronto, Ontario, Canada, by Daniel Micay, Dmytro Mukhomor, and Khalykbek Yelshibekov in March 2023. It received large contributions from donors such as Ethereum developer Vitalik Buterin and Twitter founder Jack Dorsey. As of April 2026, the operating system had approximately 400K active users.
History
The main developer, Daniel Micay, co-founded and originally worked on CopperheadOS until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.7 Micay continued working on the Android Hardening project, which was renamed to GrapheneOS and announced in April 2019 as the "true successor" to CopperheadOS, with the goal of restoring the same functions.78 The project's website states that CopperheadOS was renamed to GrapheneOS.9
In July 2025, the GrapheneOS Foundation stated it was pursuing a partnership with a "major Android OEM" with the goal of engineering devices with official GrapheneOS support that meet the project's extensive hardware and vendor support requirements.1213 In March 2026, an official announcement was made, revealing that the partner is Motorola Mobility.14
As of April 2026, GrapheneOS developers reported they had around 400K active users. The figure is an inexact estimate based on statistics generated from the access logs of the update servers. This is the only way for the GrapheneOS Foundation to approximate the number of users, since no telemetry mechanism is included in the operating system.15
Features
GrapheneOS' default "App Store" (formerly known as just "Apps") source ↗
This differs from other custom Android distributions, such as CalyxOS, iodéOS, or /e/OS, that replace Google Play Services with microG. According to some analysts, the microG implementation is problematic because it can log users out of the Play Store and not allow them to download more apps.18
In December 2023, Android Auto support was added to GrapheneOS, allowing users to install it via the App Store.19 The Sandboxed Google Play compatibility layer settings add a new permission menu with 4 toggles for granting the minimal access required for wired Android Auto, wireless Android Auto, audio routing, and phone calls.2021
GrapheneOS improves the privacy of PSDS on devices using Qualcomm GNSS hardware by removing the User-Agent header containing unique hardware identifiers, such as the serial number of the chip.12324
The use of the Google Wi-Fi positioning service can optionally be enabled in the settings if Sandboxed Google Play is installed.25
Alternatively, the Apple Wi-Fi positioning system can be used, either directly or through a proxy hosted by the GrapheneOS Foundation. The GrapheneOS Foundation also hosts an instance of the Nominatim geocoder, which uses OpenStreetMap data.2622
Security and privacy features
GrapheneOS introduces revocable network access and sensor permission toggles for each installed app.1627 It also adds a PIN scrambling option for the lock screen as well as a duress PIN/password, which will wipe all data and installed eSIMs on the device when entered on the lock screen instead of a regular PIN/password. The duress wipe is performed instantly and cannot be interrupted.2829
GrapheneOS randomly generates a new MAC address every time a Wi-Fi connection is established, instead of the default Android behavior of randomizing the address per Wi-Fi network.730
GrapheneOS includes a feature that automatically initiates a reboot of the device when at rest for a set time period in order to revert from the after first unlock (AFU) state to before first unlock (BFU), wiping the cryptographic keys used for disk encryption from RAM. It aims to make brute-force attacks significantly more difficult by enforcing the throttling of unlock attempts through the secure element. The automatic reboot feature is enabled by default and configured to activate after 18 hours. The time period can be set to values between 10 minutes and 72 hours in the settings.3132iOS 18 implemented a similar feature called Inactivity Reboot with a fixed time of 7 days. The time period was shortened to 72 hours in version 18.1.333435 It is not clear whether Apple was inspired by GrapheneOS.36
It also includes automatic Wi-Fi and Bluetooth disabling, along with software and hardware-level disabling of the USB-C port and pogo pins (as found on the Pixel Tablet). The USB interfaces can be operated in 5 modes, which can be configured in the settings:22
Off (disables charging to prevent the exploitation of possible USB-PD vulnerabilities; charging is still possible when the device is powered off)
Charging-only (disables all data connectivity)
Charging-only when locked
Charging-only when locked, except before first unlock
On (standard Android behavior)
By default, the Charging-only when locked setting is used.22
GrapheneOS can also disable the microphone, camera, and sensors for apps. Additionally, it offers the Contact and Storage Scopes feature, which allows users to select which specific contacts or files/folders an app can access.22
A hardened Chromium-based web browser and WebView implementation known as Vanadium is developed by GrapheneOS and included as the default web browser and system WebView.27 It includes automatic updates, process and site-level sandboxing, disabling the V8JavaScriptjust-in-time (JIT) compiler by default for attack surface reduction, and built-in ad and tracker blocking.37 Vanadium enables JIT-less WebAssembly support through the DrumBrake interpreter originally developed by Microsoft and upstreamed into the Chromium project.38
Auditor, a hardware-based attestation app developed by GrapheneOS, which "provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device" is also included.22 The app also includes an optional, scheduled remote verification feature, which runs in the background and performs regular verifications against the GrapheneOS attestation service. It can alert users via email if the device fails to provide valid attestations in time. The remote attestation interval and permitted time before an alert can be configured by the user using the web portal.39 Both the Auditor app and the AttestationServer backend are open source and permissively licensed under the MIT license.40
Apps like Secure Camera and Secure PDF Viewer offer features such as automatic removal of Exif metadata and protection against malicious code in PDF files by opening them within a sandboxed PDF.js environment in the hardened Vanadium WebView.41
GrapheneOS also includes a hardened memory allocator (hardened_malloc) intended to provide substantial defenses against common classes of vulnerabilities such as heap memory corruption.42 In addition, its Chromium-based browser/WebView (Vanadium) enables further exploit mitigations beyond upstream defaults (e.g., type-based control-flow integrity (CFI), stronger stack-smashing protection (SSP), or zero-initialization of variables).2225
Unlike AOSP, the stock Pixel operating system, and other Android-based systems, GrapheneOS heavily makes use of the memory tagging extension (MTE) found in the processor cores of ARM chips using the ARMv8.5-A architecture or newer.4344 The first devices on the market featuring MTE-enabled processors were Google's Pixel 8 and Pixel 8 Pro models, released in October 2023.45 GrapheneOS added support for the feature in November of the same year.46 GrapheneOS developers noted that the feature could especially be of importance for instant messaging applications, such as WhatsApp or Signal, which use large amounts of memory-unsafe code for features like WebRTC and are common targets of attackers.47
In March 2024, the team reported that the use of hardware memory tagging helped it uncover a high-severity memory corruption vulnerability in an Android Bluetooth Low Energy system component.48 The bug was acknowledged by Google and became known as CVE-2024-23694.49 It was fixed in the May 2024 Pixel Update Bulletin.50
The underlying Linux kernel is covered by the hardware tag-based KernelAddressSanitizer (KASan).51
Hardware compatibility
GrapheneOS maintains an extensive list of hardware and OEM support requirements.
These include bootloader requirements, such as Android Verified Boot with rollback protection, the ability to unlock the bootloader, and relock it with a custom signing key.52
A high-quality secure element is required in order to facilitate full disk encryption and storage of sensitive cryptographic secrets. The secure element must provide support for the Android StrongBox key storage mechanism, Weaver API, which handles the throttling of unlock attempts, insider attack resistance, i.e., requiring authentication before firmware updates can be applied to the secure element, and hardware-based key attestation (for example used by the built-in Auditor app).53
The USB controller must be configurable by the operating system via device drivers and must allow completely disabling USB at a hardware level in order to minimize the attack surface.1
The wireless hardware must fully support Wi-Fi anonymity, including MAC address and probe sequence number randomization, and shall not leak unique identifiers in other ways.53
JTAG or other debugging interfaces must be disabled when the device is locked to further reduce the attack surface.1
GrapheneOS mandates a minimum OEM support period of 5 years for smartphones and 7 years for tablets. This includes regular updates to firmware, drivers, hardware abstraction layers, and other device-specific code without delays longer than a week.541
As of March 2026, GrapheneOS is only compatible with Google Pixel devices,55 due to the specific requirements listed above.5613 In October 2025, GrapheneOS said that it was working with a "major" Android OEM on future devices that would support the OS on Qualcomm Snapdragon platforms,
and that they will be the flagship devices, expected to appear in Q4 2026 or Q1 2027.57 In March 2026, it was revealed that this partner is Motorola Mobility, and a device list will be released sometime later that year.14
The operating system can be installed from various platforms, including Windows, macOS, Linux, and Android devices. Two installation methods are available: a web-based installer, recommended for most users, and a command-line-based installer, intended for more experienced users.5859
The web installer makes use of the WebUSBAPI and is based on the fastboot.js library, a JavaScript implementation of the Fastboot utility developed by Danny Lin. It has been inspired by Google's Android Flash Tool, which uses the same API for performing the installation in the browser. It is currently only supported in Chromium-based web browsers.60 Unlike the command-line installation script, it does not require the installation of any additional software.6162
Recommended post-installation steps include disabling OEM unlocking, which is automatically performed by the setup wizard, as well as verifying the Verified Boot hash of the installed OS image. The installation can additionally be verified using the Auditor app, either with the help of a second device or by using remote attestation.62
Jack Wallen of ZDNET described the installation process as follows: "It sounds difficult, but it's really not", and that it took him roughly ten minutes to complete the installation.63
If I were configuring a smartphone today, I'd use @DanielMicay's @GrapheneOS as the base operating system. I'd desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn't need them. I would route traffic through the @torproject network.
In 2019, Georg Pichler of Der Standard, and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."656667
In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.68
Svět Mobilně and Webtekno repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.6970
In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android systems, while enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be." They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest", but "it can better secure the devices during their remaining life while protecting privacy."7
Jack Dorsey, founder of Twitter and Bluesky, promoted GrapheneOS in January 2021.71 According to the GrapheneOS Foundation, he later donated US$1 million to the project as part of his StartSmall initiative.72
In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security." However, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said, "it might take two full seconds for an app—even if it's just the Settings app—to fully load."73
In March 2022, writing for How-To Geek, Joe Fedewa said that Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.16
In 2022, Jonathan Lamont of MobileSyrup reviewed GrapheneOS installed on a Pixel 3 after one week of use. He called the GrapheneOS install process "straightforward" and concluded that he liked GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.17
In his initial impressions post a week prior, Lamont said that after an easy install, there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."74
In July 2022, Charlie Osborne of ZDNET suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.75
In January 2023, a Swiss startup company, Apostrophy AG, announced AphyOS, which is a subscription fee-based Android operating system and services "built atop" GrapheneOS.7677 The GrapheneOS team dismissed the project being based on GrapheneOS as misleading marketing due to AphyOS being based on an earlier version of Android, using the LineageOS update client and other inconsistencies.78
European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they're something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
Vitalik Buterin, developer of the Ethereum cryptocurrency, made two large donations to the GrapheneOS Foundation in July and December 2023. He donated 55 ETH, at the time worth around $110,000 USD, and 150 ETH, worth around $300,000, respectively. 8182 Buterin recommended GrapheneOS on multiple occasions, including a tweet in July 2025.83
GrapheneOS is a popular choice within the DeGoogle movement.848532
The operating system was reviewed by Jesse Smith of DistroWatch and by Jonathan Corbet of LWN.net in March and July 2025 respectively.8687
Jack Wallen of ZDNET reviewed GrapheneOS in November 2025 in an article titled "I finally tried GrapheneOS on my Pixel, and it's the secure Android alternative I've been waiting for". He described that the development team "takes usability seriously", and that the operating system looks and feels like Android.63
In late 2025, GrapheneOS moved its infrastructure away from servers hosted by French provider OVHcloud over privacy and security concerns.8889 This not only applies to servers located inside France but also to servers in Canada and abroad owned by the company. The project stated, "France isn't a safe country for open sourceprivacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed (in France)."
France voted in favor of a proposed, controversial EU measure commonly referred to as Chat Control, which could require providers to create and open a backdoor to their services to enable authorities to scan user content.9091
GrapheneOS gained attention in the media in March 2026 after stating the project would not comply with planned and heavily criticized age verification laws such as the California Digital Age Assurance Act (Assembly Bill 1043) or Brazil's Digital Statute for Children and Adolescents (Law No. 15,211/2025), even if it meant that future Motorola devices that will come with the OS preinstalled couldn't be sold in these regions.92
Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" [GrapheneOS: A hardened Android without Google, please]. Golem.de (in German). pp. 1–3. Archived from the original on 15 November 2021. Retrieved 20 July 2022.
Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" [Android Hardening becomes GrapheneOS]. Pro-Linux (in German). Archived from the original on 21 September 2019. Retrieved 17 September 2019.
"GrapheneOS (@GrapheneOS@grapheneos.social)". GrapheneOS Mastodon. 19 July 2025. Retrieved 10 April 2026. We're working with a major OEM towards a subset of their future devices meeting our hardware security and update requirements. The goal is for those to have official GrapheneOS support. Initially, these will only be flagship devices because SoC security features we care about are only on flagship SoC chips for now.
"GrapheneOS (@GrapheneOS@grapheneos.social)". GrapheneOS Mastodon. 10 November 2023. Retrieved 12 April 2026. GrapheneOS on the Pixel 8 is the first platform using ARM MTE in production and it's such a massive improvement for exploit protection that it has to be considered a hard requirement going forward.
The developers have been referred to as the "GrapheneOS developers" or the "GrapheneOS project" on GrapheneOS' frequently asked questions page.1 The Canadiannonprofit organization "GrapheneOS Foundation"2 was created "in March 2023 to handle the intake and distribution of donations".3
Briefly known by the working title Android Hardening or AndroidHardening during development