April 22, 2022

—

Tutorials

—

16 min read

What Is GrapheneOS? The Ultimate Guide

A step-by-step installation guide to set up your phone with GrapheneOS, a security and privacy focused mobile OS for Android.

Povilas M.

Security Expert

Ever dreamed about using your phone in near-total security? Did you know that the most popular mobile OS solutions - iOS and Android aren't bulletproof? As a matter of fact, the OS that you're probably using and the apps that run on these operating systems can be exposed to threats and risks from hackers, scammers, and other cybercriminals.

Enter GrapheneOS, a free and open-source operating system designed for security and privacy. It is based on the Android platform and developed by a lot of the same people that worked in Google when they were building Android. GrapheneOS is available for use only on selected devices, including the Google Pixel and Pixel XL smartphones.

In this article, we'll focus on the GrapheneOS operating system itself, the pros, and cons of it, overview the installation guide, and focus on other relevant nuances.

Origins of GrapheneOS - why and how was it created?

The origins of GrapheneOS can be traced to the middle of the last decade. Grapheneos.org website was registered back in 2014. In 2016, the GrapheneOS project was announced on the XDA Developers forum. The original announcement post is no longer available, but you can find it in the Wayback Machine. The person at the helm is a very experienced and well-known mobile privacy/security researcher and engineer - Daniel Micay.

The development was originally a totally solo project. GrapheneOS, then known as CopperheadOS was being built on top of the Android Open Source Project (AOSP).

The goal of the project was to provide a port of OpenBSD's malloc implementation to Android's Bionic libc and a port of PaX kernel modifications to the respective device kernels. In short and simple terms - it wanted to fix a few key vulnerabilities of the Android OS of that time. However, as it is with seemingly every project, the scope and scale expanded with new and more innovative solutions to problems, fixes, and improvements were added. As the GrapheneOS website claims, there were a lot of issues that they label as "low-hanging fruit", e.g. easy to fix ones. Building the only security and privacy-oriented mobile, high-quality OS still wasn't their main objective.

The core idea of this whole project was to build something that was genuinely working to serve the user and not the other way around. A few years later, GrapheneOS is still free and independent, thus the devs definitely succeeded in that regard. There were some tumultuous incidents on the management level of the GrapheneOS developer company, but the project and the operating system itself weren't subject to such events and remained fully capable of increasing the security of the base Android.

As of now, GrapheneOS has partners who collaborate on the project, a handful of talented developers working full and part-time, and also accept donations. They aren't influenced by investors or 3rd parties which is something you definitely want to hear when privacy and security are involved.

Pros and cons of GrapheneOS

As a security and privacy-first operating system for your devices, GrapheneOS has a ton of pros that stock/base Android or even modded Android versions like the one Samsung or Xiaomi offer you, can't provide. We'll list the pros of GrapheneOS and also discuss some drawbacks that prevent some people from installing it on their devices.

But first, some stats.

As you probably know, base Android is very versatile yet it isn't the best optimized OS in the world and often faces crashes, unexpected bugs, and other issues. A lot of times, some of these bugs can be exploited by hackers. As you can see, there are so many bugs to choose from, that hackers can choose different approaches. Hence, adding supplementary protection is crucial.

To further solidify our claims about the existing vulnerabilities:

Did you know?

82% of Android devices were susceptible to at least one of 25 vulnerabilities in the Android operating system

Stock/base Android devices are at a very high risk of being exposed to vulnerabilities. If exposed under the right circumstances, it can result in breaches, leaks, loss of data, etc.

So, let's talk about GrapheneOS and what pros it has.

GrapheneOS advantages

GrapheneOS is an excellent way to increase the security of your device. By installing it, you immediately get a plethora of benefits in terms of privacy and security:

The OS is based on AOSP so it's very clean

. No bloatware or other unnecessary features which can be exploited by hackers. The versions of Android that you have on other phones are likely running skins, other visual and technical additions that eat excess resources and aren't that well-optimized, draining the battery, slowing down processors, leaving less available memory resources.

It's developed for security and privacy

. GrapheneOS is privately-owned and isn't influenced by huge corporations or other trends that might compromise the benefits of the user for the sake of profit, easy development, etc. We can't say that Google (true devs of base Android) is the worst corporation in that regard, yet it still has some gray areas with regards to user data management and bug fixing.

It runs only on Pixel phones with enterprise-grade Titan chips

. All the user data is encrypted by default, hence brute force or even the most sophisticated attacks aren't all that dangerous. GrapheneOS works only on devices that can sufficiently handle the hardware-end of mobile security. The operating system handles the software end, but it has to work in sync with the available hardware.

The OS has numerous features that are meant to improve your privacy

. These include disabling sensors, cameras, microphones on-demand, etc. Some apps take advantage of this to collect overkill personal data, whilst others leave vulnerabilities that hackers can exploit. GrapheneOS eliminates that.

By default, all the apps have very limited permissions

. Whatever app you download, they can't access your data without your consent. No excess or unnecessary risks.

All the network traffic is encrypted and secure by default.

Thus, your digital footprint is automatically decreased. If you want to find out what exactly your footprint is, check out an in-depth guide we wrote on this topic - click here.

GrapheneOS is one of the most privacy-centric mobile operating systems available today. It is developed by a team of security researchers and engineers with the sole purpose of keeping your data safe and secure. The OS is based on the Android Open Source Project (AOSP) and comes with a plethora of features that make it much more secure than stock Android.

GrapheneOS - it’s great, but not perfect

It wouldn't be right to claim that GrapheneOS is absolutely perfect. It's great, don't get us wrong, and it's the best upgrade Android users can take advantage of right now. But, if it would be perfect, everyone would be using it. So, why aren't they? Well, mostly because of a few drawbacks or cons so to speak. Certain nuances of GrapheneOS that can create some challenges:

The development team is small.

This is an advantage and also a con at the same time. The fact that the team is small means they can react faster, be more agile, and fix bugs/release new features much quicker than huge companies like Google or Samsung. On the other hand, it also means that they don't have the same resources to tackle major problems or develop new features on the same scope. But the team is well aware of this and focuses on quality and depth rather than quantity. The result is a software that does almost everything really, really well.

GrapheneOS can only be installed on Google Pixel devices.

This is a bit of a limiting factor as not everyone can afford a Pixel phone. Not just because of the price, but also preferences. If it would be available Android-wide, users might be more willing to give it a try.

Some features are still in development and haven't been released yet.

This is to be expected with any new software but it's still worth mentioning.

Takes time and effort to install.

When you buy an Android phone, the OS is already set-up and running. All you have to do is log in and complete the easy setup. With GrapheneOS, it isn't super difficult to install it (takes about 10 minutes), yet it still requires some preparation and will likely void your warranty.

GrapheneOS installation guide (10 steps)

If you're interested in having a much more secure mobile phone, you should definitely consider installing GrapheneOS on your Pixel phone. We have a separate and recommended installer (Kraden GrapheneOS installer), but we'll give a short rundown of how things work. With our guide, it will only take around 10 minutes of your time.

For the smoothest install experience we recommend using guided Kraden GrapheneOS installer (kraden.com/install).

1. Preparation

The initial phase of the installation process begins, of course, with the preparation. You'll need to have your Google Pixel phone ready for this. Also, prepare your USB cable to connect to your PC (the original cable from the packaging works). Then, make sure that your phone is fully charged and charge it to 100%, if necessary.

Keep in mind that this process will take around 10 minutes and will require you to have a stable internet connection throughout.

2. OEM Unlocking

Android phones offer a lot of customizability and versatility when it comes to 3rd party installs. This is why installing GrapheneOS isn't all that difficult. Open up your Google Pixel phone's settings.

Find "About phone". In that menu, look at the build number. Tap the number 7 times repeatedly. Once you do that, this will enable 'Developer mode'.

After that, go back to the 'Settings' tab and click on 'System'. In that tab, find 'Developer options' and look for the toggle switch that says 'OEM unlocking'. Toggle it so that it's on. If you prefer visual guides, the Kraden GrapheneOS installer guide will guide you throughout the process step-by-step and will also give visual aids.

3. Turn off your device

To progress further, you need to turn off your Pixel device. Make sure you complete all of your tasks and all of the things mentioned before and turn off the Google Pixel phone.

4. Launch the Bootloader interface

Once your Pixel is off, do not turn it on in a regular way. Instead, try to launch the Bootloader interface. This is done by holding the Power and the Volume down buttons simultaneously, for a few seconds.

5. Connect your device to your computer

Now it's time to link up your Pixel device with your PC. Use the USB to establish a connection. You'll also be needing Fastboot for this step, so Windows users should look at "View optional updates" and install the driver for the Android bootloader interface.

6. Allow the Kraden site to establish a direct connection

Don't worry, this is secure, safe, and simple. Select your connected device and proceed to the next step.

7. Download GrapheneOS

In this step, you will download the boot image file for GrapheneOS. This is the main operating system file. Download speeds depend on your connection. It usually takes a few minutes over a regular Wi-Fi or ethernet connection.

Once the download is complete and your progress bar turns green to indicate completion, click 'Next'.

8. Unlock the bootloader

Once the previous steps are complete, click the prompt button on your browser window to unlock the bootloader on your PC. On your smartphone, click the volume buttons to navigate to 'Unlock bootloader' and press the Power button to confirm the 'Unlock bootloader' feature. Wait for this to finish.

9. Install GrapheneOS

On the web, press the 'Install GrapheneOS' button to install the software. Do not unplug or turn on or do anything else with your Pixel smartphone whilst this is happening. Your device may restart a few times and the screen might flash as well.

Once everything is fully done and your device is back to the 'bootloader' interface, you can move forward.

10. Finalize setup by locking the bootloader

On the website, click the 'Lock bootloader' button. Then, on your phone, navigate to 'Lock bootloader' by using the volume up or down keys. Once on the correct selection, press the power button to confirm.

That's it. You can now launch your phone and make the most of the newly installed, privacy-first focused GrapheneOS. After the installation is complete, go back to the 'About phone' part of the settings, enable developer mode by tapping on the build number and toggle off the 'OEM unlocking' in 'System'.

Our boot assistance tool can also help by installing the most secure apps for your daily needs, including the world's most secure messenger - Kraden!

We can help by installing Kraden, Apptoide, ProtonMail, ProtonVPN, Samourai Wallet, Ishreder, Locker App and many more. Choose whether you want Kraden-only or a fully versatile and secure experience.

Why does GrapheneOS only run on Google Pixel phones?

The Google Pixel phone is (as of now) probably the most advanced option (in terms of privacy and security) on the market that's running Android.

GrapheneOS runs on Pixel phones because the developers believe that as of now, the Google Pixel phones are the only Android devices that provide a good enough security baseline that can be further enhanced with our hardening and features. It is mostly concerned with underlying hardware and software solutions like data encryption, data storage, etc.

Google Pixels also has the option to use an unlocked bootloader which is necessary to install GrapheneOS.

Titan and Tensor chips

. Newest Pixel phones use the enterprise-grade Titan M2 Security chips and the custom-built Tensor chips to make your user experience not just more secure, but better and richer, overall. In collaboration, these chips work together to protect the data on your phone.

Updated and genuinely streamlined privacy and security

. Opposed to most other tech companies that build smartphones, Google takes its security seriously. By default, whatever data you have on your phone, whether it be contacts, messages, photos, or other items, is encrypted by default.

Industry-leading security standards

. When research, with regards to flagship mobile device security was conducted, the Google Pixel 6 phone, running on Android 12, outperformed the iPhone 12 Pro, Samsung Galaxy S21 Ultra, and the Xiaomi Mi 11 5G - its main competitors. The device has a very strong edge over these rivals in:

Anti-phishing
Hardware security
Network security
Secure backup storage

In terms of user fears and common threats, users state that identity protection is their highest priority. The Pixel phone has the highest weighted score, compared to aforementioned flagships. In addition, if you install GrapheneOS on top of that, it should be even better.

Why should you consider installing GrapheneOS right now

Ralph Nader, an American political activist, once said:

"There is no such thing as a consumer, there are only victims and beneficiaries." This quote, while dark, is greatly applicable to the realities of the technological and digital landscape of our world.

If we look at the smartphone industry, it's very clear that most people could be labeled as 'victims' or targets for exploitation. They're being tracked 24/7 by various entities, their data is being harvested and sold or used to help advertisers and businesses without prioritizing user experience and security. No one wants to be the victim, so GrapheneOS is a great choice for every Pixel phone owner. But why are operating systems so important in the first place?

Roughly speaking, there are 3 types of phone OSs that we can find on most smartphones today:

Stock Android (AOSP)
Forks of AOSP (GrapheneOS, MIUI, OxygenOS, OneUI, etc.)
Proprietary (iOS, Windows Phone, BlackBerry OS, etc.)

All of these have their own advantages and disadvantages.

Stock Android

Stock Android can be dedicated to "rougher around the edges" category.

No bloatware
Updates directly from Google

However, it is quite obvious that stock Android still should offer better performance than custom skins and versions. That being said, there might be some features lacking when compared to a custom Android distribution and fewer consistencies when using different tools like the camera or recorders, etc.

AOSP forks - Custom Android distributions

To this category, we assign GrapheneOS, FireOS by Amazon, Xiaomi's MIUI, OnePlus' OxygenOS, OneUI by Samsung, etc. It is mostly:

Usually more polished than stock Android
Can include bloatware
May or may not get timely updates

Huge developers usually focus on creating a user experience that's unique. So you can see manufacturers like Samsung, Xiaomi, and others making their own versions of the Android operating system. It isn't all that different but there are some tweaks and changes here and there. It can be both good and bad for your experience. Some users just won't prefer whatever user experience that they have, whilst others can like and love what an individual developer has done.

But, you also have custom-built AOSP forks like GrapheneOS that genuinely improve on specific areas of stock Android. Security in this case.

Proprietary

This category has all the phones that are basic iOS, Windows Phone, BlackBerry OS, etc. All in all, we can find these advantages and disadvantages:

Closed source
Usually not a lot of bloatware
Updates directly from the manufacturer
Usually more polished than AOSP (but not guaranteed)
Heavily locked down and restricted for modding, customizing

GrapheneOS - versatile and robust

GrapheneOS is a fork of Android that was created with three main goals in mind: security, privacy and ruggedness.

Security:

GrapheneOS includes multiple features that make it more secure than other Android forks. For example, it uses verified boot to ensure that the device hasn't been tampered with.

Privacy:

GrapheneOS includes features that make it more private than other Android forks. For example, it uses microG instead of Google Play Services to avoid remote monitoring and tracking.

Ruggedness

: GrapheneOS is designed to be more rugged than other Android forks. For example, it uses lower-level system interfaces to avoid high-level system vulnerabilities.

Conclusion

GrapheneOS is a great choice for people who want more security and privacy. It's also a good choice for people who want a more optimized phone that prevents the exploitation of their personal data for the gain of tech or other companies. Kraden has a helpful and super simple guide to aid in installation of this operating system on your Pixel phone. Hope this was useful and informative!