Today, I’m talking about using GrapheneOS on my phone. This OS is considered the best Android has to offer, and I’ll be discussing my thoughts on using it. Overall, it’s pretty good. Skip ahead to read my thoughts about GrapheneOS directly.
Context
New phone
Until this May, I was using a Xiaomi Mi 9T Pro with ArrowOS1. Then I broke the device in an unfortunate accident2. I didn’t mention this in the article of me breaking the Xiaomi, but I switched to a Google Pixel 6a.
At $400 for the unlocked phone + a tempered glass screen protector, it was the best deal I could find around me. One year ago, I would have stubbornly tried to find a phone with a headphone jack. I’ve since given up on that feature, thanks to Apple (and all other phone manufacturers for following Apple).
Android ROMs
The code for Android is open source, called the Android Open Source Project (AOSP). Anyone can look at, modify, or fork it. AOSP by itself is bare bones though. Manufacturers add their software, configuration, themes, and anything else on top of AOSP to ship on their phones.
But the OS that the end user gets is often filled with junk. For example, I know that Samsung phones come with Samsung’s own browser. I guess grandma might be fine with using it, but I would prefer to install and use Firefox instead. Manufacturers also add other unwanted stuff, such as resource heavy background services or trackers. If you want better battery life, privacy, and software, most stock Android OSes get in the way.
That’s where custom ROMs come in. These are independent OSes made from AOSP and are typically developed by smaller non-profit groups or volunteers. Custom ROMs tend to be lighter, customizable, and more privacy-friendly than stock Android. Of course, there are some drawbacks. Custom ROMs are unofficial; they aren’t supported by the manufacturer. There’s a small tradeoff for an unofficial OS, but I think it improves the experience overall.
GrapheneOS
Anyone familiar with privacy and Android ROMs should know that the only ROM that should be installed to Pixel phones is GrapheneOS3.
GrapheneOS is one of the best Android ROMs around. It is privacy-oriented and hardens Android considerably, to the point where the project has made upstream contributions to AOSP, the Linux kernel, and many more. GrapheneOS’s biggest drawback is the small number of supported devices. The OS only supports non-EOL Pixel phones.
LineageOS to GrapheneOS
As mentioned above, GrapheneOS is absolutely the best ROM to install on a Pixel phone. There aren’t many reasons to use another ROM. But of course, for some unknown reason, I didn’t think of this while searching for a ROM to install. I have no idea why.
Without much thought, I installed LineageOS4 to my phone. LineageOS is probably one of the most well known Android ROMs. It’s stable, has great device support, and is a well maintained project. There’s one problem with LineageOS though: it doesn’t support microG5.
microG is an open source implementation for proprietary Google services like Google Play Services (GPS). Without GPS, basic things like notifications may not work. GPS is invasive; it deeply integrates with the OS, needs a lot of permissions and elevated privilege, always runs in the background, and frequently pings Google servers. microG tries to reduce some of GPS’s powers and make most phone features work again. I’ve used microG before and it worked as promised. However, LineageOS doesn’t support installing microG.
To get microG, I had to use a LineageOS fork that includes microG by default. Once I got this OS installed, everything was working. Except not really.
Every few days, or maybe once every few weeks, my phone randomly rebooted. I couldn’t reproduce the conditions, and couldn’t find much information in forums and bug reports. It was manageable at first but became a massive annoyance over time.
One day, my phone rebooted again. Being fed up, I went to look for a different OS to install. Finally, I remembered about GrapheneOS.
Using GrapheneOS
As of now, I’ve been using GrapheneOS for about two weeks. Everything works out of the box and I haven’t encountered the random rebooting problem. Overall, I’m happy with how GrapheneOS performs.
Positives
First, GrapheneOS is incredibly simple to install. That’s a very important thing the developers got right. A lot of ROMs require manual installation through a command line. To a normie, it’s a terrifying and cryptic process. They’re going to be intimidated by the command line, unlocking a bootloader and rebooting into fastboot. GrapheneOS has a nearly automatic web installer with simple instructions. It just worksTM.
GrapheneOS has a super cool ability: sandboxed GPS. Remember how GPS is super invasive and microG attempts to help? Well, it only partially works. microG still requires GPS to run with its elevated privileges and permissions. So at the end of the day, you’re still using GPS natively on your phone.
GrapheneOS lets you install GPS and its dependencies, but sandboxes them as regular apps without special permissions. It’s way better than microG because GrapheneOS isn’t trying to mimic GPS, it installs the actual program. This removes compatibility problems and the sandbox removes a lot of power GPS would normally have.
The sandboxed GPS works well. I don’t miss notifications, don’t get a light that GPS is using my location data every 5 minutes, and map location is able to find me. It feels like everything from the stock Pixel OS is working, but knowing that GPS is sandboxed makes it better.
There’s other security/privacy features too. GrapheneOS shows more permission toggles than other OSes and sandboxes apps. You can toggle network access, or enable scoped storage and contacts. Scope storage is an iOS feature that I missed when moving to Android; where you only allow certain files or directories to be accessible by an app. It’s better than Android, where an app that wants to read media has access to all of your media. Scoped contacts prevents a program from reading all of your contacts. GrapheneOS either only exposes the contacts you’ve allowed, or it gives a fake empty list to the program.
Some other notable security features are re-locking the bootloader after installation, and preventing root access. Only a few ROMs do this. Root access and unlocked bootloaders are probably what someone wants when installing a ROM, but they genuinely are security holes.
Since GrapheneOS is all about security, there’s more.
You can enable “LTE only” mode, where 5G and 3G and lower are disabled. The reasoning is that LTE is more battle tested than 5G, and older versions are outdated and less secure. You can turn off Bluetooth after not connecting to anything for a duration, make the phone reboot after not being unlocked for a while, and scramble the PIN pad to prevent someone from guessing by your finger movement. There’s also the lower level security hardening that I have no knowledge to make any claims about. The point is, GrapheneOS is damn secure.
Negatives
The biggest downside to GrapheneOS is battery life. I think I got about 20% more battery life from LineageOS, and idle consumption is most notable. Over 7-8 hours during sleep, the battery drops by up to 5%. It’s not a lot, but I barely used 2% on LineageOS.
GrapheneOS lacks the customization that I had on LineageOS. There is no 2 button navigation (my favourite), you can’t invert the 3 button navigation (my second favourite), can’t change the icon theme, can’t hold the power button from sleep to toggle the flashlight, can’t hide the battery icon (which I find to be almost useless), and can’t enable AMOLED dark mode. These are very trivial complaints, so they don’t make the OS worse in any meaningful way. But at the same time, I think these options are trivial enough that they can be easily included.
Conclusions
GrapheneOS is a good OS. It does what is aims to do. It’s minimal, usable by basically anyone, and has noticeable advantages over other ROMs. If you have a Pixel, GrapheneOS is the best ROM to install. If you’re thinking of getting an Android device to install a ROM, consider a Pixel. The hardware is decent and not too expensive, especially the *a model.
Maybe the biggest downside is that only Pixel phones are supported. It’s the most ironic part about GrapheneOS. Custom ROMs are about “de-Googling” and better privacy, but the most secure and private ROM is only available on Google hardware. Although, I’m not sure what’s worse: secure ROMs on potentially backdoored Google hardware, ROMs on potentially backdoored Chinese hardware, or any other country. If you want to use a smartphone, you need to pick a poison. GrapheneOS makes that poison weaker though.