Key Takeaways
- The most private Android you can run. GrapheneOS removes all Google services and telemetry at the OS level, applies dozens of security hardening patches not in standard Android, and gives you per-app control over network access, sensors, and permissions that stock Android cannot match.
- Sandboxed Google Play is the breakthrough. GrapheneOS lets you optionally install Google Play Services in an isolated sandbox — meaning you can run apps that require it without giving those services system-level access to your device.
- Web installer makes it accessible. You do not need ADB command line knowledge. The web installer at grapheneos.org/install/web handles everything in about 20 minutes.
- Only works on Pixel phones. GrapheneOS specifically targets Google Pixel devices (6 through 9 series) because they have the hardware security foundations (Titan M chip, verified boot, hardware attestation) required for the security model to work.
Why GrapheneOS in 2026
Stock Android — even on a non-Samsung device — reports your location, app usage, device identifiers, and behaviour patterns to Google continuously. This is not a theory — it is documented in research studies and Google’s own privacy disclosures.
The standard de-Google guides (disable Google account, turn off location, install DuckDuckGo) reduce telemetry but do not eliminate it. Google Play Services, which runs at the system level on all stock Android devices, has permissions that no user-installed app can match — it can access sensors, network data, and device identifiers that standard apps cannot reach.
GrapheneOS removes Google Play Services entirely from the operating system. It then offers sandboxed Google Play as an optional user-installed application — meaning if you need Google Pay or an app that requires it, you can install it in a restricted container that cannot access your system the way it normally would.
In 2026, GrapheneOS is the only mobile operating system that combines:
- Stock Android compatibility (most apps work as-is)
- Hardware-enforced security (leveraging Pixel’s Titan M chip)
- Optional Google Play in a sandboxed environment
- Regular security updates with faster patch turnaround than stock Android
- No Google telemetry at the OS level
Direct Answer: What is GrapheneOS and should I install it? GrapheneOS is a security-hardened, privacy-focused version of Android maintained by the non-profit GrapheneOS Project. It removes all Google services from the operating system, applies additional security hardening not present in stock Android, and gives users granular per-app control over permissions, network access, and sensors. It requires a Google Pixel phone (6 through 9 series). Installation takes about 20 minutes using the web installer. If you use a Pixel phone and care about mobile privacy, GrapheneOS is the best available option. If you use a non-Pixel Android phone, CalyxOS or DivestOS are alternatives with varying compatibility.
Compatible Devices (March 2026)
GrapheneOS officially supports:
| Device | Status | Notes |
|---|---|---|
| Pixel 9 Pro XL | ✅ Fully supported | Best hardware security, recommended |
| Pixel 9 Pro | ✅ Fully supported | Excellent choice |
| Pixel 9 | ✅ Fully supported | |
| Pixel 9a | ✅ Fully supported | Best value in 2026 |
| Pixel 8 Pro | ✅ Fully supported | Still excellent |
| Pixel 8 | ✅ Fully supported | |
| Pixel 8a | ✅ Fully supported | |
| Pixel 7 Pro | ✅ Fully supported | |
| Pixel 7 | ✅ Fully supported | |
| Pixel 7a | ✅ Fully supported | |
| Pixel 6 Pro | ✅ Supported | Older hardware security |
| Pixel 6 | ✅ Supported | |
| Pixel 6a | ✅ Supported | |
| Pixel 5 and older | ❌ End of life | No longer maintained |
Best recommendation for new buyers in 2026: Pixel 9a. Good value, full hardware security support, Tensor G4 chip with on-device AI features.
What You Need Before Starting
- A compatible Pixel phone with at least 50% battery
- A USB-C to USB-A or USB-C to USB-C cable (not a charge-only cable — data transfer required)
- A computer with Chrome or Firefox browser
- 20–30 minutes
- Your phone’s SIM PIN if you have one (you will need to re-enter it after installation)
Back up your data first. Installation replaces your operating system. All data on the phone will be erased. Back up contacts, photos, and app data before proceeding.
Installation: The Web Installer Method
GrapheneOS provides a web-based installer that handles everything — no ADB, no command line, no complex steps. This is the recommended method for most users.
Step 1: Go to grapheneos.org/install/web Open Chrome or Firefox on your computer. Navigate to the web installer. The installer requires WebUSB — Chrome works best, Firefox also works.
Step 2: Enable OEM Unlocking on your phone On your Pixel:
Settings → About Phone → tap Build Number 7 times (enables Developer Options)
Settings → System → Developer Options → OEM Unlocking → EnableStep 3: Boot into Fastboot mode
Power off your phone completely
Hold Volume Down + Power simultaneously until Fastboot mode appearsStep 4: Connect to your computer via USB The web installer will detect your device. Follow the on-screen prompts — it handles:
- Unlocking the bootloader
- Downloading the GrapheneOS image for your specific device
- Flashing the image
- Locking the bootloader (important — this re-enables verified boot)
Step 5: Initial setup Your phone will reboot into GrapheneOS. Complete the initial setup — you do not need to add a Google account. Add your Wi-Fi and SIM.
Step 6: Re-lock the bootloader (if not done automatically) A locked bootloader ensures the OS cannot be tampered with without your knowledge. The web installer handles this — verify in Settings → Security → Device Identifiers that verified boot shows “verified.”
Total time: approximately 20 minutes.
Essential Apps to Install After Setup
GrapheneOS comes with no pre-installed apps except essential system tools. Here is the recommended sovereign stack:
App Store: Obtainium or F-Droid
F-Droid: f-droid.org — open source app repository
Obtainium: installs apps directly from GitHub releasesMost open-source apps are available on F-Droid. For apps that require the Play Store, see Sandboxed Google Play below.
Browser: Vanadium (default) or Firefox
GrapheneOS includes Vanadium — a hardened Chromium build maintained by the GrapheneOS team. It has stronger privacy defaults than Chrome or standard Chromium. Firefox with uBlock Origin is also excellent.
Password Manager: Bitwarden
Available on F-Droid or via the Bitwarden website. Sync with your self-hosted Vaultwarden or Bitwarden’s cloud.
Messaging: Signal
Available at signal.org/android (direct APK download) or via F-Droid’s community repository.
Maps: Organic Maps
Available on F-Droid. Offline-first, OpenStreetMap-based navigation with zero data collection.
Email: Proton Mail (via F-Droid) or FairEmail
FairEmail is an open-source email client supporting all providers.
Camera: The GrapheneOS default camera app is excellent — better privacy than Google Camera.
Local AI: Ollama is not yet available as an Android app, but Private LLM and PocketPal both run local models on-device with no cloud dependency. Compatible with Pixel 9 series.
Sandboxed Google Play: The Breakthrough Feature
If you need apps that require Google Play Services — banking apps, certain navigation apps, apps with Google login — GrapheneOS offers sandboxed Google Play.
This installs Google Play Services as a regular user-installed application, not a system service. It runs in an isolated profile with no special system permissions. Apps that require it can use it, but it cannot access your system the way it would on stock Android.
To install Sandboxed Google Play:
Settings → Apps → Install Google Play Services
→ Follow the prompts
→ Install Google Play Store (optional, for paid apps)What works in the sandbox: Most apps including many banking apps, Google Maps (if you need it), Google Drive, and most Google apps.
What does not work: Google Pay (requires system-level NFC access that the sandbox cannot provide), some DRM-dependent apps, and apps that explicitly check for a non-sandboxed Google environment.
The sovereignty trade-off: Installing sandboxed Google Play does expose more data to Google within that sandbox than you would expose without it. Use a separate work profile for sandboxed Google Play if you want clear separation from your primary profile.
Multiple Profiles: The Power Feature
GrapheneOS supports multiple user profiles, each with completely separate app installations, data, and permissions. This is one of its most powerful sovereignty features.
Recommended profile setup:
Owner profile (default):
- No Google Play
- Fully sovereign apps only (F-Droid, Obtainium)
- Signal, Proton Mail, Bitwarden, Organic Maps, Vanadium
- Your private communications, financial data, personal data
Work profile:
- Sandboxed Google Play installed
- Apps that require it (banking, work tools)
- Google Maps if needed
- Kept separate from personal data
Sensitive profile (optional):
- Ultra-minimal — Signal only, or nothing
- For situations requiring maximum security
Each profile is cryptographically isolated. An app in one profile cannot access data in another. If someone gets access to your phone in the Work profile, they see only Work profile apps and data.
What You Gain vs Stock Android
| Feature | Stock Android | GrapheneOS |
|---|---|---|
| Google telemetry at OS level | Always on | Eliminated |
| Per-app network permission | No | Yes — block internet per app |
| Per-app sensors permission | Limited | Full granular control |
| Verified boot | Yes | Yes (stronger) |
| Security patch speed | Monthly | Often faster than stock |
| Update support lifespan | 5–7 years (Pixel 8+) | Often longer |
| Sandboxed Google Play | No | Optional |
| Multiple isolated profiles | Limited | Full |
| Hardware attestation | Standard | Enhanced |
What You Lose vs Stock Android
Google Pay — does not work. Requires system-level NFC access unavailable in the sandbox. Use contactless bank cards, cash, or a separate device for payments.
Seamless Google ecosystem — if you are deep in Google Photos, Google Drive, Google Calendar syncing — this is the cost. The sovereign alternatives (Proton, Nextcloud, Immich) are mature but require migration effort.
Some banking apps — many work fine in sandboxed Google Play. Some (particularly in markets with aggressive root/custom ROM detection) do not. Check your specific apps at the GrapheneOS app compatibility list.
Automatic app discovery — without the Play Store as default, finding new apps requires more intentionality. F-Droid and Obtainium are the replacements, but neither has the Play Store’s discovery experience.
FAQ
Does GrapheneOS void my warranty? In most jurisdictions, installing a custom OS does not void hardware warranties for hardware defects. However, it may void software support warranties. Check your carrier and manufacturer terms.
Can I go back to stock Android? Yes. The web installer also handles restoring stock Android (factory images). The process is the same as installation — flash the stock image instead of GrapheneOS.
Do apps know I’m running GrapheneOS? GrapheneOS passes standard Android compatibility checks. Most apps cannot detect it. Apps that specifically check for Google Play certification (SafetyNet/Play Integrity) may behave differently — sandboxed Google Play addresses most of these cases.
How do I get app updates without the Play Store? F-Droid auto-updates open-source apps. Obtainium pulls updates directly from GitHub. For apps installed via sandboxed Google Play, the Play Store handles updates normally.
Is GrapheneOS legal? Yes, completely. Android is open source (AOSP), and GrapheneOS is a legal derivative. Installing it on your own device is legal in all jurisdictions we are aware of.
