GrapheneOS — What is it?

Ben Lee
3 min readMar 24, 2021

--

GrapheneOS is a privacy, security focused mobile OS which is open source and is made by Daniel Micay. If both privacy and security is your niche, or if you’re just paranoid about google and other corporations tracking your every move then this is the OS for you! PS: It’s also the Mobile OS that Snowden Recommends.

With surveillance, tracking and security threats on the rise each day, it gets continuously harder to stop our private data getting leaked or tracked by major companies such as google or amazon for user habits, marketing or advertisements.

Daniel has done a great job on hardening the kernel, libc, malloc and compiler toolchain, mitigating vulnerabilities and stopping the omnipresent tracking of google, removing preinstalled google apps, API’s and services when you first install the OS as the OS is only available on Google Pixel phones such as the 3a , 4, 4a and 5.

Updates are also OTA and are automatically downloaded whenever and wherever you are when you are on a connection, making it very simple to update and upgrade your device. Each update has an internal signature verified by the update client and is hence not susceptible to downgrade attacks. Releases are also tested by the developers before release.

As the project is open source and transparent to users, it means their is less susceptibility for secret back-doors as well. GrapheneOS also comes with seedvault for backups.

It is one of the best and secure, privacy-orientated smartphone OS to date. The only other i would recommend trying is CalyxOS which is from the Calyx Institute.

For installation i would recommend checking out the official Graphene website for instructions at https://grapheneos.org/. I would also highly recommend trying to install the OS on a Linux distribution such as Ubuntu, Linux Mint or Arch Linux. I have installed GrapheneOS on a few phones and Windows never seems to work for me when i try to unlock the boot-loader no matter how many times i tried to make it work.

Make sure you also verify the digital signature of the zip file for the version you want to download to make sure integrity has not been compromised if you are targeted :). It should be similar to something like this:

Verification of GrapheneOS Image

Once you have verified the authenticity of the image and follow the instructions on the official GrapheneOS website, connect your phone to your laptop with a USB cable, unlock the boot loader and flash the image with your device. After flashing, lock your bootloader with ‘fastboot flashing lock’ command. If your flash is successful, it should look something like this:

Flash image

If you do not get something like this contact contact@grapheneos.org or their IRC for help. Make sure your phone is carrier unlocked and you are installing it on a google pixel phone that is compatible with the version you are downloading.

For apps to install i would recommend visiting: https://redandblack.io/blog/2020/how-to-set-up-grapheneos/, as they have a great deal of information on what you should do after install.

For me personally i use F-Droid as a platform for downloading most of my apps.

Some apps that i personally recommend: Markor, Briar, Signal, Orbot, NewPipe, QR and Barcode Scanner, Termux, VLC, Tor Browser and Trail sense

I also use Vanadium, the browser that is bundled with GrapheneOS as my daily browser but Bromite is also a viable option as well.

That’s it! Hope you enjoy my first blog post!

GrapheneOS has been a great experience. I have been using it for the past few months and i have never looked back on that decision after my last phone bent!

--

--

Ben Lee

I focus on Malware, RE, DFIR. This blog is used to improve my understanding of these concepts and show my progress.