Jump to content

GrapheneOS: the private and secure mobile OS


Recommended Posts

With the recent news of

I thought it would be interesting to further explore mobile operating systems that value privacy and security. Although smart phones don't generally offer a beacon of security, there is still a sliding scale at the end of the day.

Which lead me to GrapheneOS.

A description about their project states:


GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.

GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.

Some of the features that stood out to me include:

  • Stronger app sandbox
  • Hardened app runtime
  • Hardened libc
  • Hardened memory allocator
  • Hardened kernel
  • Reduced attack surface on their enhanced verified boot
  • Disable ptrace (optionally)
  • Improvements made to the fs full disk encryption
  • LTE-only mode if you want to reduce cellular radio attack surface
  • Per-connection MAC randomization
  • Hardened WebView
  • Apps avoid sharing address space layout and secrets
  • Local build and signing infrastructure
  • De-Googled

And a lot more.

You can learn more about the rest of the features and services at the following URL: https://grapheneos.org/features

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...