I ditched Google and installed the privacy-focused GrapheneOS on my Pixel

Calvin Wankhede / Android Authority

If you’re privacy-conscious and shopping for a new smartphone, you don’t have many options these days. Some begrudgingly buy an iPhone every single time for Apple’s excellent privacy commitment and track record, while many of us accept Google’s data collection in exchange for the convenience and AI-assisted features that Android has to offer. But what if you could convert an Android phone into a bastion of privacy? That’s exactly what GrapheneOS, an aftermarket custom ROM I recently stumbled upon, aims to achieve.

GrapheneOS offers a simple pitch — it delivers a private and secure Android experience without compromising the usability of your smartphone. You can download apps from the Play Store, get push notifications via Google’s servers, and even sync your data as usual. All of this while preventing Google from gathering data through your smartphone. But how does all of this work and is GrapheneOS even worth using? I took it for a test drive on a Pixel 6 to find out.

Why use GrapheneOS: More than a De-Googled smartphone

Calvin Wankhede / Android Authority

Before talking about my experience installing and using GrapheneOS, I’ll address what you’re probably wondering: what even is a “privacy-hardened” custom ROM? And how does GrapheneOS achieve its privacy-centric goal with Google services installed?

Put simply, GrapheneOS doesn’t take the nuclear approach to Android privacy and security as we’ve seen in the past. Rather than getting rid of Google services entirely, it offers a way to sandbox them.

GrapheneOS doesn't delete Google apps in the name of privacy, it simply makes them behave nicely.

Now, sandboxing isn’t a new concept. On Android, all user-installed apps are intentionally sandboxed or isolated as a security measure. This prevents them from interacting with each other or running malicious code that affects your entire device. However, Google apps get special treatment. Most Android phones ship with Google services pre-installed as privileged apps on the system partition, which essentially gives them unrestricted access before you’ve even set up the device.

To escape this diktat, privacy-conscious users typically install a custom ROM like LineageOS and simply refuse to install any Google apps. Of course, you can do the same thing on GrapheneOS as it doesn’t ship with Google services by default. But what if you want Google services minus the tracking? That’s where GrapheneOS shines and also where the similarities with other custom ROMs end.

While most other ROMs expect you to install Google apps to the system partition, GrapheneOS does the opposite. It lets you install the Google Play Store and Play Services as user apps, forcing them to respect Android’s sandbox. This also allows you to revoke sensitive app permissions like location and file access. Blocking permissions works just as effectively as it would for the Twitter app, for example.

GrapheneOS doesn't give Google's apps and services any special treatment.

In effect, GrapheneOS allows you to reap the convenience and benefits of having Google services on your Android device without compromising your privacy. But that’s still only the tip of the iceberg. In my time using GrapheneOS, I found a number of features that I can only hope make their way to Android in the future.

Storage Scopes

Calvin Wankhede / Android Authority

With Android 13, Google introduced a new photo picker that lets you share only selected photos and videos with an app. This means you no longer have to provide full access to your storage or even all of your media files. It’s a neat privacy feature, but Google hasn’t enforced the new photo picker just yet.

GrapheneOS takes this concept one step further with its own alternative permission system called Storage Scopes. With it enabled, GrapheneOS will fool the app into believing it has access to all of the storage permissions it requested. But in reality, the app will only be able to create files. When I want to share a photo or document with the app, I can specify individual files and folders via the App Info > Storage page (pictured above).

What if you could only expose certain files and folders to apps via the Storage permission?

Even if Google enforces its new photo picker with Android 14 later this year, it won’t work for non-media files. In fact, Storage Scopes seems like a better version and, in my usage, works extremely well for keeping less trustworthy apps from peering into my storage.

A reason to use multiple user profiles

Calvin Wankhede / Android Authority

Android allows you to create multiple user profiles, each with its own set of apps, accounts, and data. I’ve never found the feature useful for anything beyond a separate work or entertainment profile on phones, but you could also use it to share a tablet between multiple users. Apps cannot “see” outside the current profile, making it another effective privacy tool.

With GrapheneOS, I can use multiple user profiles to isolate apps even further. Since GrapheneOS installs Google services as regular apps, we can relegate them to a secondary profile alongside other apps we don’t want running in the background.

GrapheneOS also has the ability to forward notifications from one profile to the one I’m currently using. On other Android devices, I’d have to log into each user profile to check for missed notifications — hardly convenient.

Per-app network access

Calvin Wankhede / Android Authority

Have you ever wondered why a flashlight app needs internet access? With GrapheneOS, I can simply block apps from accessing the internet. Whenever I install a new app, a confirmation prompt shows up asking if I want to enable network access.

Admittedly, you can use a firewall like Netguard to accomplish the same thing on any other Android device. But it’s arguably more convenient and effective to block internet access before you’ve even installed a new app on your device. Not to mention, firewall apps like Netguard create an on-device VPN to filter network traffic. This approach prevents you from connecting to an actual VPN.

With GrapheneOS, you don’t have to choose between blocking network access to certain apps and connecting to a genuine VPN — you can have both. I bring this up because most people concerned with their device’s security likely rely on a VPN.

Other security and privacy bonuses

Calvin Wankhede / Android Authority

Installing GrapheneOS on a Google Pixel: Unexpectedly easy!

C. Scott Brown / Android Authority

If you’re like me in that you spent most of the early 2010s experimenting with Android mods like CyanogenMod and Xposed, you’ll probably be surprised to learn just how easy it is to get GrapheneOS up and running.

While installation is still a multi-step process, most of it takes place entirely within a web browser. Even better — I didn’t have to worry about downloading the wrong zip file or flashing something that could potentially brick my phone. GrapheneOS’ documentation offers an excellent step-by-step guide. And even that’s mostly just distilled down to clicking a few buttons on a computer and agreeing to the prompts that showed up on my connected phone.

Installing GrapheneOS takes remarkably little effort and most of it is done through a web browser.

Going back to the stock ROM doesn’t take much work either — you only have to use Google’s web flashing tool instead. All in all, it’s a major upgrade over what used to be a fairly laborious and risky process.

You can install GrapheneOS via the command line too, but the WebUSB method should work just as well. And once you boot into GrapheneOS, installing sandboxed Play Services takes little effort. The “Apps” app has all of the essential Google apps covered.

The downsides to GrapheneOS: What doesn’t work?

Edgar Cervantes / Android Authority

So far, I’ve mostly just extolled the virtues of GrapheneOS without elaborating on the downsides. But admittedly, there are a few of them — some of which are more significant than others.

For starters, you can only install GrapheneOS on recent Pixel smartphones. This may sound counter-intuitive since you have to buy a Google-branded phone only to rip everything out and start from scratch. But there are a few good reasons for this juxtaposition, starting with the fact that Google doesn’t discourage you from installing alternative operating systems. The company also keeps its kernel source code, device tree, and factory images consistently up to date.

Even if you stomach the Pixel-only requirement, however, GrapheneOS only supports devices for as long as they still get Android security updates. This means that the Pixel 3 series, for example, will no longer receive new updates from either Google or the GrapheneOS project. According to the developers, keeping older devices secure isn’t feasible after the “firmware, kernel, and vendor code is no longer actively maintained.”

GrapheneOS only supports modern Pixel phones that still receive security updates.

Then there’s the elephant in the room — app compatibility. Even though the vast majority of Google apps work without a problem, some like Android Auto are incompatible with GrapheneOS’ sandbox model. That said, GrapheneOS excels at compatibility compared to running a de-Googled smartphone. Even third-party apps like Uber that rely on Google Maps work without a hitch.

However, GrapheneOS cannot pass all SafetyNet compatibility checks without Google’s certification. This means that NFC payments in Google Pay and a handful of third-party apps will likely never work. Having said that, most apps don’t mandate SafetyNet. GrapheneOS also supports AOSP’s hardware attestation feature but it’s up to app developers to embrace it.

But if you’re willing to stomach those two compromises, I can confidently say that you can use GrapheneOS as your daily-driver smartphone operating system. Throughout my time using it, I never felt inconvenienced. On the contrary, the phone looked and behaved like any other Pixel 6. That’s high praise for any custom ROM, given their reputation for being buggy at best and unreliable at worst.