Your complete guide to GrapheneOS, privacy apps, and getting the most out of your Graphene Phone.
GrapheneOS is a privacy and security focused mobile operating system built on the Android Open Source Project (AOSP). It was founded in 2014 and is maintained by a non-profit organization. It is entirely free and open-source — no venture capital, no advertising revenue, no data collection of any kind. Every line of code is publicly auditable.
The OS goes far beyond simply removing Google services. It deploys a hardened memory allocator (hardened_malloc) that defends against heap exploitation, strengthened app sandboxing that isolates processes from one another and from the system, robust exploit mitigations across the kernel and userspace, and hardware-backed Verified Boot that cryptographically verifies the integrity of the entire OS on every startup. These are architectural security improvements — not surface-level privacy tweaks.
Google services are removed entirely by default. No Google Play, no Google location services, no background telemetry. If you need Google app compatibility, Sandboxed Google Play is available as an optional install from the GrapheneOS App Store. It runs Google services inside a fully isolated container with no special system privileges — Google apps cannot access anything beyond what you explicitly permit, just like any other app.
GrapheneOS runs exclusively on Google Pixel devices. This is a deliberate requirement, not a limitation. Pixel phones ship with the Titan M2 security chip, a re-lockable bootloader that supports hardware-backed Verified Boot after installation, and hardware attestation support. These features are foundational to the security guarantees GrapheneOS provides. Pixel devices are also the hardware platform most recommended by security researchers, journalists, and digital rights organizations worldwide.
Your Graphene Phone arrives configured and ready to use. But there are a handful of settings worth reviewing in your first session to get the most out of your device's privacy and security capabilities.
One of the most common questions people have when switching to a Graphene Phone is what happens to their existing phone number and carrier plan. The good news is that GrapheneOS has no impact on your SIM card or carrier compatibility whatsoever. Your phone number, your plan, and your carrier all work exactly as they did before.
If you already have a SIM card with your current carrier — whether that's AT&T, T-Mobile, Verizon, or any MVNO — simply insert it into your Graphene Phone and your number works immediately. GrapheneOS does not interfere with carrier communication in any way. Calls, texts, and mobile data all function normally. You do not need to contact your carrier, port your number, or make any changes to your account.
Physical SIM cards are the most straightforward option and are strongly recommended for privacy-conscious users. Unlike eSIMs, a physical SIM can be moved between devices instantly without involving your carrier or any app. You are never locked to a specific device, and switching phones requires nothing more than popping the SIM out and inserting it into your new phone.
If you want a fresh phone number — whether for privacy, compartmentalization, or simply because you're starting fresh — you can purchase a new SIM card from any carrier and insert it into your Graphene Phone. Prepaid SIM cards are available at most grocery stores, pharmacies, and electronics retailers. For maximum privacy, consider purchasing a prepaid SIM with cash in person so the number is not linked to your identity.
Privacy-focused MVNO carriers like Silent Link, JMP.chat, and Calyx Institute's mobile service offer additional anonymity options. Some allow you to sign up without providing personal identifying information, pay with cryptocurrency, and route your calls and texts through encrypted channels. For most users, a standard prepaid plan from a major carrier purchased with cash provides a meaningful privacy improvement over a carrier-linked postpaid plan tied to your name and credit card.
eSIMs are supported on all Pixel devices that Graphene Phone sells and work normally with GrapheneOS. If you want to use an eSIM, you will activate it yourself after receiving your phone, just as you would with any new device — simply follow your carrier's standard eSIM setup process in your phone's Settings. One important note: if you ever plan to install GrapheneOS yourself on a different device in the future, activate any eSIM before flashing, since carrier eSIM provisioning apps are invasive and you would not want them on a device after GrapheneOS is installed. For maximum privacy and flexibility, physical SIM cards remain the preferred option — they require no carrier app, are not linked to a specific device, and can be swapped freely between phones without any carrier involvement.
Graphene Phones work with all major US carriers and their MVNOs. Since the underlying hardware is a Google Pixel — one of the most widely supported phones on the market — carrier compatibility is universal. The following are confirmed compatible:
If you are unsure whether your specific carrier or plan is compatible, contact us at [email protected] and we will confirm before you order.
One of GrapheneOS's most powerful — and most underused — features is multi-user profile support. Every profile is a completely isolated environment: separate apps, separate data, separate accounts, separate encryption keys. Apps in one profile cannot see or access anything in another profile. The separation is enforced at the OS level.
This is not like Android's work profile, which is a partial separation hosted within your main profile. GrapheneOS user profiles are full, independent OS environments. Switching between them is instantaneous. Each profile can have its own lock screen PIN, its own set of installed apps, and its own network settings.
To create a new profile, go to Settings → System → Multiple users → Add user. You can switch between profiles from the quick settings panel. Each profile encrypts its data independently — a profile that is not currently logged in has its data encrypted with a key that is not in memory, providing strong protection even against a sophisticated attacker with physical access to the device.
For maximum security, enable the "Allow guest to call" and review the "Show on lock screen" options in your multi-user settings. You can also configure profiles to be automatically deleted on logout — useful for the burner profile use case.
Every app below is selected for its open-source transparency, minimal data collection, and practical quality. All are available through F-Droid, Aurora Store, Obtainium, or direct APK from the developer. These are the apps our own team uses daily.
One of the first questions new GrapheneOS users have is how to install apps without a Google account. The answer is: you have several excellent options, and most users combine two or three of them depending on the app.
Aurora Store is your access point to the full Google Play catalog — without any Google account. It authenticates using anonymous session tokens, so you can browse and download any Play Store app without Google ever associating the download with your identity. Aurora Store itself can be installed via F-Droid or as a direct APK sideload. Use it for apps that are only distributed through the Play Store.
F-Droid is a curated repository of free and open-source apps. If an app you want is available on F-Droid, always prefer installing it from there. F-Droid builds are independently reproducible, meaning the APK you download verifiably matches the source code. Thousands of high-quality privacy tools, utilities, and productivity apps are available — and F-Droid itself is available as a direct APK download.
Obtainium lets you track and install apps directly from GitHub releases, GitLab, or a developer's own website. This is the freshest possible update channel for apps that publish direct APKs. Configure Obtainium with the apps you want and it will automatically check for and prompt you to install updates. It's the preferred source for apps like Signal, which publishes its own APK independently of the Play Store.
Sandboxed Google Play is available through the GrapheneOS App Store for anyone who needs it. Open the App Store, install Google Play Services, Google Play Store, and Google Services Framework, and you'll have access to the full Play Store ecosystem — running in a fully isolated sandbox with no special system access. You can grant it a Google account in that profile without affecting anything in your owner profile or other profiles.
The most common concern people have before switching to GrapheneOS is whether their banking app will work. The short answer is: yes, for the vast majority of users. Most major US and international banking apps function without issues when Sandboxed Google Play is installed, because they receive the Play Integrity API signals they check for.
Banking apps use Play Integrity to verify that the device passes Google's safety checks. Because Sandboxed Google Play on GrapheneOS receives a MEETS_BASIC_INTEGRITY response, most apps are satisfied and operate normally. This includes Chase, Bank of America, Wells Fargo, Citi, Navy Federal, Capital One, and the majority of other major US banking institutions.
A smaller number of apps perform additional integrity checks beyond basic Play Integrity. The most common fix is enabling Exploit Protection Compatibility Mode for that specific app: go to Settings → Apps → [App Name] → and toggle the setting. This relaxes certain memory exploit mitigations for that individual app while leaving all other apps fully protected. It is a surgical, per-app setting — your security posture everywhere else is unchanged.
A very small number of apps use extreme anti-tampering techniques and may not work even with compatibility mode enabled. These represent a small minority of apps, and the list shrinks with each GrapheneOS update. If you have a specific app you depend on, contact us before ordering — we can confirm whether it's known to work. Our team uses GrapheneOS daily with full banking access and no issues.
For the strongest banking setup: install Sandboxed Google Play inside a dedicated secondary profile, keep your banking apps there, and keep your primary profile entirely Google-free. This gives you full banking functionality while ensuring Google services can never access your personal data, contacts, or other apps.
Every default Google app has a privacy-respecting alternative that is equally capable — and in many cases, better. This is a complete reference guide for replacing the entire default Android app suite.
GrapheneOS ships its own over-the-air (OTA) update system, completely independent of Google, carriers, and device manufacturers. Updates incorporate Google's monthly Android Security Bulletin patches — and GrapheneOS typically publishes them within 24 to 72 hours of Google's official release. That is faster than every major Android manufacturer, and far faster than any carrier-modified device.
Updates cover every layer of the stack: firmware, device drivers, the Android base, and all GrapheneOS-specific security improvements. There is no manufacturer bloatware slowing down approvals, no carrier review process adding weeks of delay. You get the update as soon as it's ready.
Updates are downloaded automatically in the background while you use your phone and applied on the next restart. There is no disruption to your workflow. You can review update behavior and check the installed version in Settings → System → System update. GrapheneOS also performs streaming OS updates, meaning the full download is not required before installation begins — updates are applied progressively.
Pixel 8 and newer devices carry a 7-year hardware security update guarantee from Google. This means GrapheneOS can commit to long-term support on these devices well into the future. Pixel 9 series phones purchased today will receive GrapheneOS updates through 2031. For anyone concerned about long-term viability, the Pixel 8a, 8 Pro, 9a, and 9 Pro are the strongest choices for support longevity.
GrapheneOS is not the only privacy-focused Android alternative. Here's how it compares to the two most discussed alternatives: CalyxOS and LineageOS.
| OS | Security Level | Google Services | Device Support | Update Speed | Best For |
|---|---|---|---|---|---|
| GrapheneOS | Extremely high — hardened kernel, hardened memory allocator, full exploit mitigations, hardware Verified Boot | Optional Sandboxed Google Play — fully isolated, no special privileges | Google Pixel only | Within 24–72 hrs of Google patches | Security-first users, journalists, professionals |
| CalyxOS | High — AOSP base with security patches, fewer hardening additions | microG — partial Google replacement, less isolated than Sandboxed Play | Pixel, some Motorola | Regular monthly cadence | Users wanting balance of privacy and Google compatibility out of the box |
| LineageOS | Moderate — security depends heavily on device and community maintainer | None by default — can be added manually with reduced isolation | 100+ devices | Varies widely by device | Users needing support for older or non-Pixel hardware |
For any new phone purchase, GrapheneOS is the clear choice. It leads every other privacy OS on security metrics, has the most active development team, and ships the fastest security updates. CalyxOS is a reasonable option for users who want a simpler Google compatibility story out of the box. LineageOS is appropriate only when you need to run a privacy-focused OS on hardware that GrapheneOS and CalyxOS don't support — typically older devices.
GrapheneOS is the best privacy phone platform available. It is also honest software — its project has never oversold what it can do. Here are the real-world tradeoffs to understand before switching, so there are no surprises.