GrapheneOS is a privacy-focused, security-hardened Android operating system built for Google Pixel hardware. It delivers a stock Android experience — apps, cameras, notifications — while stripping out Google’s telemetry, tightening sandboxing, and giving users granular control over sensors and network access. If you carry a Pixel phone and care about what your device reports back to Google, GrapheneOS is the most practical upgrade you can make.
Supported Devices (2026)
GrapheneOS officially supports the following Pixel models:
| Device | Status |
|---|---|
| Pixel 9 Pro XL | Supported |
| Pixel 9 Pro | Supported |
| Pixel 9 | Supported |
| Pixel 8 Pro | Supported |
| Pixel 8 | Supported |
| Pixel 8a | Supported |
| Pixel Fold | Supported |
Older devices like the Pixel 6 series have reached end-of-life for GrapheneOS support due to expiring vendor security updates. Always check grapheneos.org/faq for the current device support list before purchasing hardware.
Why GrapheneOS Over Stock Android?
Stock Android on Pixel phones includes Google Play Services running with near-unrestricted system privileges — it can read your contacts, location, sensor data, and network activity without typical app permission controls applying to it. GrapheneOS removes this privileged access and offers sandboxed Google Play instead, which runs Google’s apps in a restricted environment like any other app.
Additional hardening includes:
- Hardened memory allocator (hardened_malloc) to resist exploitation
- Verified boot all the way through the OS
- Network and sensors permission toggles for every app
- Auto-reboot after a configurable idle period
- USB-C port control (charge-only mode when locked)
Installing GrapheneOS via the Web Installer
The easiest and recommended method is the web installer at flash.grapheneos.org, which runs entirely in your browser using WebUSB.
Prerequisites
- A supported Pixel device
- A USB-C cable (not a charge-only cable)
- Google Chrome or Chromium browser (WebUSB required)
- The device’s OEM unlock option enabled
Step 1: Enable OEM Unlocking
- Open Settings > About phone and tap Build number seven times to enable Developer options.
- Go to Settings > System > Developer options.
- Enable OEM unlocking (requires a SIM card or Wi-Fi with Google verification on some models).
Step 2: Use the Web Installer
Navigate to flash.grapheneos.org in Chrome. The installer walks you through:
- Connect device — Plug in via USB and select your device from the WebUSB dialog.
- Unlock bootloader — The installer issues the
fastboot flashing unlockcommand automatically. - Download and flash — Factory images are fetched and verified with cryptographic signatures before flashing.
- Lock bootloader — Critical step. After flashing, the installer re-locks the bootloader so verified boot enforces the GrapheneOS image.
Do not skip the bootloader re-lock. An unlocked bootloader disables verified boot and significantly weakens device security.
Step 3: Initial Setup
After the first boot, skip all Google account prompts. GrapheneOS does not require a Google account. Connect to Wi-Fi and proceed through the standard Android setup.
Configuring Sandboxed Google Play
If you need apps that require Google Play Services (banking apps, Maps, etc.), GrapheneOS offers sandboxed Google Play — a compatibility layer that gives Google Play Services no more permission than any other app.
Install it from the GrapheneOS App Store (pre-installed):
- Open the Apps app (GrapheneOS’s curated store).
- Install Google Play Store — this also pulls in sandboxed Play Services.
- Sign in to your Google account inside the sandboxed Play app.
Sandboxed Google Play cannot access your contacts, location, or other sensors unless you explicitly grant it permission — the same rules that apply to any app.
Hardening Your GrapheneOS Settings
Network Permission Toggle
GrapheneOS adds a Network permission to every app, including system apps. To revoke it:
Go to Settings > Apps > [App Name] > Permissions > Network and toggle it off. Apps without network access cannot phone home, exfiltrate data, or load trackers.
Sensors Permission
Similarly, a Sensors toggle prevents apps from reading the accelerometer, gyroscope, and other motion data — a known fingerprinting vector.
Auto-Reboot
Settings > Security > Auto reboot lets you configure a timer (e.g., 8, 16, 24, or 72 hours) after which the device reboots automatically if it has not been unlocked. This returns the device to a Before First Unlock (BFU) state where encryption keys are not loaded into memory, significantly raising the bar against physical forensic attacks.
USB-C Port Control
Settings > Security > USB accessories — set to “Disallow new USB accessories” while locked. This prevents USB attack tools from interacting with a locked device.
Recommended Apps for GrapheneOS
Vanadium — GrapheneOS’s hardened Chromium browser, pre-installed. It includes stricter process isolation and removes telemetry present in upstream Chrome. Use it as your default browser.
Auditor — A remote attestation app that cryptographically verifies your device is running unmodified GrapheneOS. Useful for confirming your device’s integrity and sharing proof with others.
Organic Maps — An offline maps app with no Google dependency, good for navigation without sending location queries to external servers.
Obtainium — An app installer that pulls APKs directly from GitHub releases, bypassing the Play Store entirely for apps that publish there.
What GrapheneOS Does Not Protect Against
GrapheneOS hardens your device significantly, but it is not a magic shield:
- App-level surveillance — If you install an app and grant it permissions, it can use them. GrapheneOS gives you better controls, but you still make the decisions.
- Network traffic analysis — Your ISP and carrier can still observe metadata about your connections. Pair with a trusted VPN or route traffic through Tor using Orbot.
- Physical access with a known exploit — No OS fully eliminates hardware-level attack risk.
- SIM card tracking — Your phone number and IMEI are still visible to carriers.
Final Thoughts
GrapheneOS is the most credible hardened Android distribution available today. The web installer makes it accessible even to non-technical users, and sandboxed Google Play removes the largest practical barrier to adoption. For Pixel owners serious about mobile privacy, it is the logical default rather than a fringe option.
Start at grapheneos.org for installation documentation, and join the community on the official Matrix server for support.