GrapheneOS
GrapheneOS Logo.svg
GrapheneOS home screen
GrapheneOS home screen
DeveloperGrapheneOS team
OS familyAndroid (Linux)
Working stateCurrent
Source modelOpen source
Initial releaseApril 2019; 3 years ago (2019-04)
Latest release2022102800[1] Edit this on Wikidata / 28 October 2022
Repository
Marketing targetPrivacy/Security-focused smartphones
Update methodOver-the-air (OTA) or locally
Package managerAPK-based
Kernel typeMonolithic (Linux)
LicenseMIT, Apache License, various permissive open-source
Official websitegrapheneos.org Edit this at Wikidata

GrapheneOS (formerly Android Hardening or AndroidHardening) is an Android-based, open source, privacy and security-focused mobile operating system[2] for selected Google Pixel smartphones.


History

See also: CopperheadOS § History

The main developer, Daniel Micay, originally worked on CopperheadOS, until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.[3] After the incident, Micay continued working on the Android Hardening project,[3][4] which was renamed as GrapheneOS[4] and announced in April 2019.[3]

According to Damien Wilde of 9to5Google, sourced to GrapheneOS Twitter, in March 2022, GrapheneOS released Android 12L for Pixels before Google did, second to ProtonAOSP.[5][6] According to Skanda Hazarika of XDA Developers, sourced to GrapheneOS Twitter, GrapheneOS apps "Secure Camera" and "Secure PDF Viewer" (based on pdf.js) were released to the Google Play Store and GitHub.[7]

Features

GrapheneOS Default Apps Screen
GrapheneOS Default Apps Screen

By default Google apps are not installed with GrapheneOS,[8][9] but users can install a sandboxed version of Google Services from the 'Apps' app, which is installed with GrapheneOS.[9] The sandboxed Google services should allow access to the Google Play Store and apps dependent on Google Services, along with features including push notifications and in-app payments.[9][10]

GrapheneOS develops a hardened Chromium-based web browser and WebView implementation, known as Vanadium.[11]

GrapheneOS also develops a hardened low-level kernel memory allocator, known as "hardened_malloc".[12]

GrapheneOS introduces revocable network access and sensors permission toggles for each installed app,[8][11] GrapheneOS also supports disabling connectivity checks,[13] GrapheneOS also randomizes MAC address per-connection by default.[3][14] and includes a PIN scrambling option for the lock screen,[15] a hardware-based attestation app known as Auditor is also included.[citation needed]

Compatibility

According to Alessandro Mascellino writing for Android Police in March 2022, "Currently, GrapheneOS only supports Google Pixel phones starting from the Pixel 4"[16]

Incidents

Dirty Pipe security exploit

In February 2022, a high-severity security exploit named "Dirty Pipe" (CVE-2022-0847) was disclosed in the Linux kernel by researcher Max Kellermann of Ionos, also affecting Android-based distributions based on a vulnerable Linux kernel version.[17] Google fixed the vulnerability in the Android codebase on 23 February, and "many third-party ROMs like GrapheneOS"[a] reportedly applied the patch in early March 2022.[18][b]

ANOM sting operation

See also: ANOM

According to Joseph Cox writing for Vice Motherboard in July 2021, Pixel phones with GrapheneOS or a fork of GrapheneOS may have been used or advertised in the ANOM FBI honeypot, sting operation; however, it is not known with certainty. An analysis of an Anom phone and an investigation of forum posts online by Motherboard found Anom phones display a boot logo for an operating system named ArcaneOS. Daniel Micay reportedly received photos of a Pixel 3a phone with Anom software, which he shared with Motherboard. Micay reportedly heard claims Anom used GrapheneOS, but Micay said "it sounds like" Anom may have been advertised to use GrapheneOS, "but it has no basis." Motherboard also reported encrypted phone firms such as EncroChat and Phantom Secure used by organized criminals in the past offered devices similar to an Anom device; Micay said, "[it] sounds like people have heard of GrapheneOS so these companies either use" actual GrapheneOS or a fork in some way, or "claim they did when they didn't."[20][21]

Reception

In 2019, Georg Pichler of Der Standard, and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."[22][23][24] In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.[25] Svět Mobilně and Webtekno repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.[26][27] In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android, but enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be." They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest", but "It can better secure the devices during their remaining life while protecting privacy."[3]

In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS, were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security," however, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said "it might take two full seconds for an app—even if it’s just the Settings app—to fully load."[28]

In March 2022, writing for How-To Geek Joe Fedewa said, unlike standard versions of Android, Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.[8] In a review of GrapheneOS installed on a Pixel 3, after a week of use, Jonathan Lamont of MobileSyrup opined GrapheneOS demonstrated Android's reliance on Google. He called GrapheneOS install process "straightforward" and concluded to like GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.[9] In his initial impressions post a week prior, Lamont said after an easy install there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."[29] In July 2022, Charlie Osborne of ZDNet suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.[30]

See also

References

  1. ^ "Releases". Retrieved 4 November 2022.
  2. ^ "Doing these 6 difficult things may make your smartphone 'hack proof'". The Times of India. 23 September 2019. Retrieved 30 September 2019.
  3. ^ a b c d e Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" [GrapheneOS: A hardened Android without Google, please]. Golem.de (in German). pp. 1–3. Archived from the original on 15 November 2021. Retrieved 20 July 2022.((cite web)): CS1 maint: unfit URL (link)
  4. ^ a b Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" [Android Hardening becomes GrapheneOS]. Pro-Linux (in German). Retrieved 17 September 2019.
  5. ^ Wilde, Damien (11 March 2022). "Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta". 9to5Google. Retrieved 28 June 2022. After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google.
  6. ^ Wilde, Damien (10 March 2022). "ProtonAOSP 12.3.0 brings Android 12L to Pixel 6 and 6 Pro ahead of Google rollout". 9to5Google. Retrieved 22 August 2022.
  7. ^ Hazarika, Skanda (4 March 2022). "GrapheneOS brings its camera and PDF viewer apps to the Play Store". XDA. Retrieved 22 June 2022.
  8. ^ a b c d Fedewa, Joe (23 March 2022). "What Is GrapheneOS, and How Does It Make Android More Private?". How-To Geek. Retrieved 4 July 2022.
  9. ^ a b c d Lamont, Jonathan (20 March 2022). "A week with GrapheneOS exposed my over-reliance on Google". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
  10. ^ "South Korea to probe Apple and Google over in-app payment rule break". TechCrunch. Retrieved 20 August 2022.
  11. ^ a b Mascellino, Alessandro (16 June 2022). "What is GrapheneOS and how does it improve privacy and security?". Android Police. Retrieved 17 August 2022.
  12. ^ Schoon, Ben (5 September 2021). "'NitroPhone 1' is a Pixel 4a with security-focused 'GrapheneOS' that costs twice as much". 9to5Google. Retrieved 15 August 2022.
  13. ^ "Android leaks connectivity check traffic - Blog". Mullvad VPN. Retrieved 21 October 2022.
  14. ^ Valeri, Vitor (17 June 2022). "O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular?". Oficina da Net (in Brazilian Portuguese). Retrieved 5 August 2022.
  15. ^ "This is why James Bond doesn't use an iPhone". Wired UK. ISSN 1357-0978. Retrieved 17 August 2022.
  16. ^ Mascellino, Alessandro. "How to install GrapheneOS". Retrieved 23 November 2022.
  17. ^ Goodin, Dan (7 March 2022). "Linux has been bitten by its most high-severity vulnerability in years". Ars Technica. pp. 1–2. Archived from the original on 8 March 2022. Retrieved 29 July 2022.
  18. ^ Amadeo, Ron (5 April 2022). "Fixing Dirty Pipe: Samsung rolls out Google code faster than Google". Ars Technica. Retrieved 25 July 2022. So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March.
  19. ^ Amadeo, Ron (3 May 2022). "Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22". Ars Technica. Retrieved 25 July 2022.
  20. ^ Cox, Joseph (8 July 2021). "We Got the Phone the FBI Secretly Sold to Criminals". VICE. Retrieved 3 August 2022.
  21. ^ "The FBI's phone for criminals included a custom version of Android". Engadget. Retrieved 21 November 2022.
  22. ^ Pichler, Georg (24 September 2019). "Wie Edward Snowden sein Smartphone einrichten würde" [How Edward Snowden would set up his smartphone]. Der Standard (in Austrian German). Retrieved 29 October 2019.
  23. ^ "Edward Snowden da a conocer las condiciones de seguridad para usar su smartphone" [Edward Snowden reveals the security conditions to use his smartphone]. La República (in Spanish). 2 October 2019. Retrieved 29 October 2019.
  24. ^ Rall, Philipp (23 June 2022). ""Ich würde zu Hause kein WiFi benutzen": Edward Snowden empfiehlt Alternativen" ["I wouldn't use WiFi at home": Edward Snowden recommends alternatives]. Futurezone (in German). Retrieved 3 August 2022.
  25. ^ Mühlenmeier, Lennart (19 July 2019). "Warum Post, Bank und Co. ihre Kunden nicht zwingen sollten, Apps zu benutzen" [Why Post, Bank and Co. shouldn't force their customers to use apps]. netzpolitik.org (in German). Retrieved 18 November 2019.
  26. ^ Šlik, Jáchym (6 April 2019). "GrapheneOS chce napravit bezpečnostní prohřešky Androidu" [GrapheneOS wants to fix Android security violations]. Svět Mobilně (in Czech). Retrieved 17 September 2019.
  27. ^ Kalelioğlu, Eray (3 April 2019). "Android Tabanlı İşletim Sistemi 'GrapheneOS' ile Tanışın" [Meet the GrapheneOS Android-Based Operating System]. Webtekno (in Turkish). Retrieved 17 September 2019.
  28. ^ Diane (28 June 2021). "GrapheneOS: A Hardened Android Alternative (Review)". CellularNews. Retrieved 4 July 2022.
  29. ^ Lamont, Jonathan (13 March 2022). "I replaced Android on a Pixel 3 with an Android-based privacy OS". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
  30. ^ "How to find and remove spyware from your phone". ZDNET. Retrieved 20 August 2022.

Notes

  1. ^ According to Joe Fedewa of How-To Geek, GrapheneOS is not technically a ROM residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.[8]
  2. ^ Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.[19]