GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.
Well I just replaced my aging LG G6 with a new Google Pixel 8a running GrapheneOS. The G6 was based on Android 9 which was initially released in August 2018, and my last update was January 2019. The big issue, after 6 years since OS initial release, apps are starting to not support Android 9. Add to that, my USB-C plug was getting questionable in terms of retaining charging cables and my fingerprint reader has not worked for years.
So how to replace the G6? Well I choose a new Google Pixel 8a and GrapheneOS. The Google Pixel is one of the better supported hardware devices in the after market ROM landscape and GrapheneOS seems to be one of the most popular ROMs.
It took me about a week to do the transition. Lot of that was just normal when moving everything to a new phone and not using the vendors automatic tools. The actual initial setup and flashing though was pretty straight forward. It was a bit emotionally difficult to take new $400 hardware and then just simply re-flash it risking say bricking. This turned out to be a non-issue.
Benefits I see from doing this:
Lack of Cruft. The lack of all the vendor loaded cruft was very nice. My old G6 has about 17 apps that I could never really delete because they were flashed into the ROM. Many of them fairly large Google suite apps.
Profiles. The new phone can fully use user and work profiles, plus with Android 15 it has the Private Space feature. GrapheneOS also supports up to 31 user profiles, not the 4 supported by most distributions. I actually use the Private Space to contain my Google Play Services and Google Play Apps and otherwise just the owner profile. Might have been better to look at some of the other options, not sure.
Storage Scopes are really useful. One can restrict App access to only certain folders. I have already used that a few times, probably more in the future.
Backup. GrapheneOS allows one to do App backups to your own media or cloud storage. For stock systems normally only Google Drive is allowed, which I would never use.
Sandboxed Google Play. I like the idea of sandboxing Google play. Presumably it should be more compatible then MicroG and some Apps require Google play. Interestingly the number that do seems fairly small. I actually further placed all my Play Services related stuff in a Private Space so I know what apps can actually use it.
Device Integrity Check. Verified boot and some other device integrity checks are properly supported and so many apps that required them should run, though not all. This is not always the case with third party ROMs.
Wifi Calling and Messaging seems more stable then my old G6. Maybe just the difference between Android 9 and 15.
Updates should be supported for a full 7 years from initial device release which as of late 2024 is about another 6.5 years. My original G6 had about 1 year of updates.
Hardening. Graphene has a bunch of hardening features not in typical distributions. Storage Scopes and really good Profile support are a couple I've mentioned, but there are many others.
One question that took me a while to consider is where to get Apps from. There are pros and cons and a lot of discussions about this. In the end, I used the GrapheneOS App Store, F-Droid, Accrescent, Obtanium, and the Aurora Store in that order for my owner profile, then installed sandboxed Google Play Services and the Google Play app in my Private Space.
As of now my limited experience with GrapheneOS has all been positive. The one App that I have had issues with is the UPS app for some reason. For that I'll just use their website for now. Not sure if the UPS app can be made to run or not. My understanding too is that Google Wallet may not fully function though I have not tried it and have never used it before anyway.
If your interested in GraphneneOS and have any specific questions, feel free to ask. All the best.
I bought my Pixel 8a like a month ago for 380 euros and the first thing I did was install GrapheneOS
I only stayed on the stock system long enough to pull all the updates and make sure all the hardware worked just fine so I don't know what I'm missing out versus stock ROM but so far it works absolutely perfect.
I compiled the system and kernel myself since it makes sense when you are installing a security/privacy centered OS and it instructions worked without a hiccup.
I have three users for compartimentation in my setup.
Owner user only has source available apps compiled by myself barring Firefox because its a pain. I run Shelter to create a work profile where I have the sandboxed Play Services for some critical proprietary apps that I need notifications from.
Games user is self explanatory. It's not allowed to run any applications in the background and I am just there logged on my google account so I can get some of the subscriptions I pay.
"Swamp" user. It's not allowed to run any applications in the backgrouns either and I just use it for bottom of the barrel apps like Discord, Instagram... to stay in touch with some irl friends.
I just made the switch (from s22u to pixel 9 pro fold) over the weekend, the debloating and basic common sense security features are such a huge improvement.
Gonna give the whole "folding phone" thing a try for a while before I make any judgements on it, but im absolutely set on sticking with grapheneos.
Regarding folding phone, I admit I'm a little scared of that tech for now. Not saying bad, I have no experience to say either way. I'll be interested in how that works out. In another life I use to work with some people that were trying to develop this sort of tech a decade or two ago. Never heard where their work went, and no idea if same.
I'm a bit undecided on it even with it in my hands. Not a fan of how cases have to be more or less glued onto the device, and that hinge is a major physical weak point (I've got a Ghostek case with hinge armor right now). So when I finish getting the device set up how I want and finally swap my sim over, I'll need new adhesive (the sim card slot is not accessible with the case).
That said, the crease isn't that bad. I anticipate being able to view manuals on the bigger screen to be very nice. The outer screen is apparently the same display panel as the pixel 9 pro, so it's not an ultra narrow display like the samsungs.
It's physically about the same size as my s22u, just slightly thicker
Edit: honestly, the more I think on it, I'm leaning towards returning the fold in favor of a regular 9 pro. I just don't feel comfortable carrying around a nearly $2K device in my pocket. It's a very nice device, but for a bigger screen, there are much cheaper options (actual tablets), and there's much better case options for more main-line phones anyway.
The deboating was a huge reason I decided to go the GrapheneOS. I had like 17 apps on my old G6 that were taking up space but were not removable in the normal way since they came baked in.
I did the same thing a few days ago. Just that I switched from an old Pixel with GrapheneOS to the 8a. It's really come a long way and it's ridiculously easy to flash GrapheneOS with their "web installer". Took a few minutes of clicking on the next button. I'm always excited and eager to replace some firmware or operating system with a more free counterpart... But I still need to move a lot of stuff. I decided to clean up and not to move all my mess... Guess it'll take a few more days until I'm done with that.
Yes. The actual move of apps and data takes a long time. Number of Apps on a phone tend to multiply over the years. Then there is the moving of app data if you don't do App backup/restore. My old phone probably had about 130 apps on it which was nuts. I dropped about 50 apps on the transition though half of those will probably seep back in over time. I had to switch apps in about 20 cases, either app discontinued, deprecated, or just preferred to find a FOSS alternative. I also want to see if I can use the web and/or PWAs more rather then always installing an app for everything.
By the way, to move data, I found it helpful to setup syncthing-fork between the two phones.
Thanks. And good call, seems we're doing similar things. I also had 100 more Free Software apps from F-Droid that sounded useful, or I wanted to try them and never did... These were easy to "clean up".
The app for my password manager (pass) isn't being developed any longer. Guess I have to tackle a few more things.
Btw, do you happen to know how I'm supposed to move apps which are paired to Bluetooth devices? I got a body weight scale and a fitness tracker, and I'm not sure if I can just copy it to the new phone and it'll continue to work with the paired device...
I had been intending to replace my OS with GrapheneOS since last week but have been delayed—need to back up some stuff I haven't done yet—and this post comes at a good time for me. Thank you for making it.
It was a bit emotionally difficult to take new $400 hardware and then just simply re-flash it risking say bricking.
This is a not-insignificant part of why I buy older (flagship) models. My most recent upgrade was to a Pixel 5, I bought 2 for that same $400, and another for $150.
Flashing has gotten so much easier, especially with Pixel (or not Samsung, and a few others). Motorola has been pretty good forever, generally, though some models have been tricky.
I'm not using Graphene (I disagree with their attitude about some things), but DivestOS - a fork of Lineage. Running MicroG for now, but working away from Google Store apps.
Check out NativeAlpha - it's a browser which presents websites like an app. A big plus is it uses the phone's own web engine, so it's really just an app/UI config. I use it for my library, bank, hospital/doctors, etc. It seems to be good at replacing dedicated apps (with their issues). I tjin
Hermit is an app on Google Play that's similar, but doesn't seem to require Google Services (not that Native Alpha does, just surprising for a Play app). I've been finding so many apps that have GServices dependencies for no apparent reason, like simple offline dictionaries (what the hell??)!
Be the way, I tried NativeAlpha. Really like it. One strange thing, F-Droid does not have it, IzzyOnDroid does but says not compatible. Finally grabbed it directly from Github with Obtainium.
By the way. Just curious. What were your issues with GrapheneOS or their team?
One thing I saw that I was not crazy about was moving away from Linux as a major goal. Micro Kernel... sounds like GNU Hurd like idea. Not that against it but why do it?
I had an error flashing it to a Pixel, and dev response was classic "what did you do wrong" instead of addressing the error message, they criticized me. Well, fuck you then.
Mind, I've been flashing phones since 2010, I've done hundreds of flashes, so I have extensive notes for every phone. My current approach is to use a project management app (MS Project), so I don't miss anything. I'm meticulous - if a step doesn't work as expected, I start over from the beginning, including re-flashing the factory image, until my documentation is spot on (I built desktop deployment images in a former life).
I'd read other comments about their behaviour, but thought I'd give it a try anyway. Sorry, if support is like that to me while just setting up, what it like if I had a real problem?
I've also seen the same behaviour when they discuss how their approach is different from other people - they don't seek to clarify how their approach is different, but only to say their way is right, and to denigrate anyone else.
Graphene is useless to me with attitudes like that.
The only issue I had with flashing was on the first go around I forgot to confirm the boot loader unlock on the actual phone. I used the CLI method and the CLI script that GrapheneOS provides just crashes in this rather then actually checking for it. Other then my own stupidity, there were no issues. Really easy and educational to do this the first time.
We'll I guess the other issue is that I had to look around in my cable collection to find the best cable for the flashing. I needed a USB-A to USB-C cable in my case, not the USB-C cable that Google provides.
Regarding Google Play Services. Lot seem to have dependencies but may not require them. Some complain they need it and then go on to work just fine. Some like Signal say they will affect how they work -- i.e. without Google Play Services, Signal has to run all the time in the background. Some say nothing and just work.
Interesting Lyft and Uber at the only two apps I know for certain require Google Play Services in my case. There are a few more I installed that may but those I wanted in the Private Space together with Google Play Services for other reasons. Otherwise I pulled more Apps (about 16 apps) from Google Play via the Aurora Store and they did not seem to need Play Services. Probably depends on the kind of apps your looking at.
The work profiles are meh (due to employers, not Graphene). My employer restricts what can be installed in the work profile. So I can't install sandboxed GPS. Therefore, none of my work apps can run.
I'm sure there are ways to make it work (e.g., shelter). Decided to tell them to provide me a work phone instead.
Presumably one could install regular Google Play Services. One could just use a separate user if they allow that too. Separate phone is really cleaner.
Do they have their own app? If so try that. I know my city bus system has their own app. I think it will work with GrapheneOS, but I guess I'll have to try someday.
They do have an app but it's only good for loading it. Their only currently supported way of a having a digital card is Google wallet (oddly not even apple wallet is supported yet)