GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.
GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB-C and pogo pins, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.
No Google apps or services
GrapheneOS will never include either Google Play services or another implementation of Google services like microG. It's possible to install Play services as a set of fully sandboxed apps without special privileges via our sandboxed Google Play compatibility layer.
They strongly recommend only purchasing one of the following devices for GrapheneOS due to better security and a long minimum support guarantee from launch for full security updates and other improvements:
Pixel 10a (experimental)
Pixel 10 Pro Fold
Pixel 10 Pro XL
Pixel 10 Pro
Pixel 10
Pixel 9a
Pixel 9 Pro Fold
Pixel 9 Pro XL
Pixel 9 Pro
Pixel 9
Pixel 8a
Pixel 8 Pro
Pixel 8
8th generation and later Pixels provide a minimum guarantee of 7 years of support from launch instead of the previous 5 year minimum guarantee. 8th generation and later Pixels also have support for the incredibly powerful hardware memory tagging security feature as part of moving to new ARMv9 CPU cores. GrapheneOS uses hardware memory tagging by default to protect the base OS and known compatible user installed apps against exploitation, with the option to use it for all apps and opt-out on a case-by-case basis for the few incompatible with it. Pointer authentication, branch target identification and other ARM security features were also introduced at the same time as hardware memory tagging.
The expectation is for people to buy a secure device meeting our requirements to run GrapheneOS. Broad device support would imply mainly supporting very badly secured devices unable to support our features. It would also take a substantial amount of resources away from our work on privacy and security, especially since a lot of it is closely tied to the hardware such as the USB-C port control and fixing or working around memory corruption bugs uncovered by our features. We plan to partner with OEMs to have devices produced meeting all our requirements, providing additional privacy/security features beyond them and ideally shipping with GrapheneOS rather than massively lowering our standards.
Just because someone is from Ukraine doesn't make them evil. The man was forcibly conscripted into the war for fucks sake. He's not exactly a fan of the government.
Secondly The founder is Canadian (Not that that should make any difference at all)
Lastly it's open source. Can you point out any issues you have with the code that is regularly poured over by security conscious individuals from all over the world?
Highjacking top comment to make a better recommendation thats not a potential honeypot
This is pretty much the best option for anyone:
https://grapheneos.org/
GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.
GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB-C and pogo pins, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.
No Google apps or services GrapheneOS will never include either Google Play services or another implementation of Google services like microG. It's possible to install Play services as a set of fully sandboxed apps without special privileges via our sandboxed Google Play compatibility layer.
They strongly recommend only purchasing one of the following devices for GrapheneOS due to better security and a long minimum support guarantee from launch for full security updates and other improvements:
Pixel 10a (experimental) Pixel 10 Pro Fold Pixel 10 Pro XL Pixel 10 Pro Pixel 10 Pixel 9a Pixel 9 Pro Fold Pixel 9 Pro XL Pixel 9 Pro Pixel 9 Pixel 8a Pixel 8 Pro Pixel 8
8th generation and later Pixels provide a minimum guarantee of 7 years of support from launch instead of the previous 5 year minimum guarantee. 8th generation and later Pixels also have support for the incredibly powerful hardware memory tagging security feature as part of moving to new ARMv9 CPU cores. GrapheneOS uses hardware memory tagging by default to protect the base OS and known compatible user installed apps against exploitation, with the option to use it for all apps and opt-out on a case-by-case basis for the few incompatible with it. Pointer authentication, branch target identification and other ARM security features were also introduced at the same time as hardware memory tagging.
The expectation is for people to buy a secure device meeting our requirements to run GrapheneOS. Broad device support would imply mainly supporting very badly secured devices unable to support our features. It would also take a substantial amount of resources away from our work on privacy and security, especially since a lot of it is closely tied to the hardware such as the USB-C port control and fixing or working around memory corruption bugs uncovered by our features. We plan to partner with OEMs to have devices produced meeting all our requirements, providing additional privacy/security features beyond them and ideally shipping with GrapheneOS rather than massively lowering our standards.
Lead/main Graphene developer is Ukranian.
Might be no reason for concern but it made me pause my phone OS plans....
What sort of "Ukrainian" ?
That's a genetic logical fallacy first of all.
Just because someone is from Ukraine doesn't make them evil. The man was forcibly conscripted into the war for fucks sake. He's not exactly a fan of the government.
Secondly The founder is Canadian (Not that that should make any difference at all)
Lastly it's open source. Can you point out any issues you have with the code that is regularly poured over by security conscious individuals from all over the world?
Oh, the founder is Canadian! Those people are notorious for being all polite and apologizing all the time!
Seriously to your point, the fact that it is open source and a bunch of paranoid developer types are using it, it's as safe as it can get.