Smartphones have become the most widely adopted gadget we use today, bringing significant security and privacy concerns in recent years. Because we live in an always-connected and online society, social media giants, third-party entities, and various big-name companies can snoop on your personal data. To the average smartphone user, shielding themselves from the constant data harvesting in the background by their apps and accounts may be challenging. And unlike some of the best Android phones from popular device manufacturers, GrapheneOS is built to reduce user data tracking.
But you should know what you’re getting into. Using GrapheneOS and taking advantage of the enhanced privacy features requires some background knowledge. It may not be for everyone since it involves a learning curve and a lifestyle change in how you use your smartphone. In the guide below, we go over everything you need to know about this custom version of Android and how it can benefit your privacy and security.
What is GrapheneOS?
Founded in 2014 as CopperheadOS, the privacy-focused operating system was briefly known as the Android Hardening project in 2018. Afterward, it officially became GrapheneOS. Based on the open source Android code (AOSP), GrapheneOS improves the privacy and security of the OS by mitigating classes of vulnerabilities. This makes it more challenging for outside threats to exploit code in the operating system. Additionally, GrapheneOS enhances the security of the OS and the apps running on it by providing more granular control of system-level permissions. The app sandbox and other security boundaries are also fortified.
From an organizational standpoint, GrapheneOS is a nonprofit and intends to remain that way. The approach allows the developers to focus on improving privacy and security without building a business model that doesn’t conflict with the open source project’s success.
According to the developers, many of GrapheneOS’s past features were contributed to AOSP. They then became part of its code for implementation by anyone developing Android ROMs based on AOSP. For context, these features will not be mentioned below as they are now part of the AOSP code. They can be found in most modern ROMs by popular smartphone device manufacturers and various independent developers from the open source community.
As mentioned by the GrapheneOS developers, the new CopperheadOS project is closed source and not associated with the original project.
What are the features of GrapheneOS?
Several steps can be taken to enhance privacy and security on Android devices. At the same time, in a world of ever-growing cyber threats and social media companies hungry for user data, some individuals need an extra layer of protection to safeguard their online digital lives from danger. GrapheneOS is a custom operating system (OS) based on Android, designed to appeal to users who demand more from their devices. It focuses on the research and development of privacy and security technologies. These include improvements to sandboxing, exploit mitigations, and the OS’s overall permission model.
Protection against zero-day vulnerabilities, along with additional user and network features
GrapheneOS looks to protect its users against zero-day vulnerabilities. To do so, GrapheneOS believes the first line of defense is attack surface reduction, meaning removing unnecessary code from the OS. This includes stripping out potentially unsafe system features and keeping certain built-in apps, including core Google apps, off the device.
In this regard, GrapheneOS includes Network and Sensors permission toggles that are generally unavailable on AOSP-based custom ROMs. The OS also supports per-connection MAC randomization, a private screenshot feature that disables the inclusion of sensitive metadata, and an LTE-only mode to reduce cellular radio attack surface by disabling legacy code (2G, 3G) and bleeding edge code (5G). Wi-Fi and Bluetooth can also turn off automatically if not connected to a device, saving battery life and avoiding potential outside wireless attacks.
Safeguarding against memory corruption bugs and sandboxing the OS, apps, and processes
The ROM also aims to prevent attackers from exploiting a vulnerability by making it impossible (or at least more challenging) to develop. GrapheneOS dedicates substantial resources to developing memory-safe languages and libraries, static and dynamic analysis tooling, and more.
The GrapheneOS developers strongly believe in sandboxing at various levels via fortifying the kernel and other base OS components. This means sandboxing within a specific Android codec, app, or user profile. Doing so allows all app permissions and processes to remain separate, protecting them from malware and other potential security threats.
GrapheneOS apps
GrapheneOS offers a series of built-in specific and fortified apps for basic tasks. Some are available on the Google Play Store, while others are not. First and foremost, there’s the Vanadium WebViewer and browser. The app is a hardened variant of Chromium, providing enhanced privacy and security features. Vanadium is unavailable on non-GrapheneOS ROMs, but if you’re looking for a new browser, we can help you choose one.
GrapheneOS also offers a camera app called Secure Camera on the Google Play Store. It’s built by the GrapheneOS team (not based on AOSP code) and supports most traditional shooting modes. Aside from this, it includes a raft of privacy and security features that may be helpful for most users. These include a dedicated QR scanning mode without Network and Media/Storage permissions and the optional stripping of EXIF metadata from photos and videos.
Additionally, the GrapheneOS team developed the Secure PDF Viewer app, a sandboxed PDF reader to block an additional attack vector. There’s also the Auditor app that provides hardware-based verification to ensure the device’s software and firmware are safe and authentic. Both of these apps are available on the Google Play Store.
Can you use Google apps and services on GrapheneOS?
GrapheneOS tries to avoid impacting the user experience by including its unique privacy and security system-level features mentioned above. GrapheneOS doesn’t come with the typical Google apps and services you’re used to using all the time, including the Google Play Store. As such, you’ll likely be looking into reliable third-party open source alternatives. The team clarifies that they aren’t against users using Google services. However, they say Google services shouldn’t be integrated into the OS in an invasive way. The idea is to keep background-tracking apps and services to a minimum at all times.
Because of this, Google apps can be installed on GrapheneOS through a dedicated compatibility layer that strips them of the special access or privileges they typically have on AOSP-based custom ROMs. In short, you can use Google apps and services if you want, but they will be modified in a way that follows the motto of GrapheneOS. Above all else, they strive to provide their users with increased privacy and security.
What devices does GrapheneOS support?
GrapheneOS currently only supports the Google Pixel smartphones, often the best devices for developers because it meets the high-quality standards required from such a project. These include support for installing other operating systems, standard hardware-based security features (for example, hardware-backed keystores, verified boot, and attestation), and input-output memory management units (IOMMUs). With IOMMUs, the system can isolate components like the GPU and radios. The GrapheneOS developers ensure that all standard functionality works correctly and is tested for each of the releases. This allows the public builds for all supported devices to be as robust and stable as possible.
GrapheneOS supports the Google Pixel 4 and above, including the newly released Google Pixel 7 and Pixel 7 Pro models. The Pixel 3 line is at its end-of-life cycle and no longer receives proper monthly security updates. The Pixel 4 and 4 XL are currently on extended support only, which means they will eventually lose official releases for GrapheneOS. That’s not to say a third-party developer won’t continue the project unofficially elsewhere. However, it will become obsolete by the official team soon enough.
Installing GrapheneOS can boost your privacy and security
Although GrapheneOS only works on a handful of Google Pixel smartphones, it’s a great way to breathe new life into an aging device. At the same time, you can install GrapheneOS on one of the latest Google Pixel devices, such as the Pixel 7 or Pixel 7 Pro. This ensures you get the best modern hardware experience from Google while getting all the software, privacy, and security features of GrapheneOS. Using Android without the core Google apps and services may be extreme for the average user. Still, it can help to reduce background data tracking.
If you have a Google Pixel smartphone and want to use your device without the Google apps and services, check out our guide on how to install GrapheneOS. We cover everything you need to know, including an initial checklist, the setup process, and some tips to help you along the way.
Conclusion on The privacy-focused Android fork explained
If you have any query let me know in comment section.
0 Comments