I've been using GrapheneOS on my Google Pixel 9 Pro XL for about six months now, and it's been great. It's considerably better than standard Android 15. Plus, unlike Google's Android 15 flavor, it's completely FOSS (Free and Open Source Software).
What is GrapheneOS?
GrapheneOS is a custom high-security version of the AOSP (Android Open Source Project). It comes with far more granular permission control than standard Android, including the ability to disable internet access for specific apps, which is one of the features I love most about it. It also includes some of the most extensive exploit protections for both apps and hardware that I’ve seen.
For example, you can set a reboot timer for your phone. If it’s not unlocked within a user-selected time (15 minutes to 72 hours), it will reboot and return to BFU (Before First Unlock) mode, making it nearly impossible to unlock without the PIN (GrapheneOS also supports passwords). Additionally, you can disable USB data transfer completely or only when the phone is locked.
Another cool feature that I don’t personally use but could be useful is a "duress password." This is a different password from your main one, and when entered, it securely wipes your phone. This is particularly helpful if you're worried about physical attacks.
App-wise, GrapheneOS comes with a host of unknown exploit mitigations. Some of the main ones include:
Hardened memory allocator to mitigate heap buffer overflows.
Restricting DCL (Dynamic Code Loading) to prevent tampering of loaded code.
Memory tagging to mitigate use-after-free vulnerabilities and cache exploits.
And much more.
Some apps may not work if certain protections are enabled, but GrapheneOS will notify you if it detects issues and allows you to selectively disable one or more mitigations for specific apps.
Pros and Cons
Pros
Incredibly secure.
Great community.
Extensive documentation.
100% FOSS.
Allows you to use sandboxed Google Play Services if you wish.
Unlike LineageOS, it allows you to lock the bootloader after installation.
Cons
Only supports Google Pixel devices.
Requires tweaking exploit protection settings for some apps to work (not a huge issue—it usually takes just a few minutes).
Suggestions for a Better Experience
If you choose to install GrapheneOS or are already using it, I recommend trying these apps and services for an enhanced experience:
Use the Fossify suite of apps, especially their camera, gallery, calendar, and launcher, for a better user experience.
Use the Attestation service (or self-host it) alongside the Auditor app to automatically verify your phone's authenticity and ensure GrapheneOS hasn’t been tampered with.
Use the F-Droid app store to access a wide variety of FOSS apps.
Follow me on X and Mastodon
I’ll be more active on X (with posts mirrored from Mastodon) and on Mastodon. Don’t forget to follow me! 🙂