What is GrapheneOS and why does it matter?

GrapheneOS is an open-source, privacy-focused mobile operating system built on the Android Open Source Project (AOSP). Unlike standard Android, which comes bundled with Google services that collect extensive data, GrapheneOS is engineered from the ground up to give you control over your device and your data.

Who makes GrapheneOS?

GrapheneOS is developed by the GrapheneOS Project, a non-profit open source project. It's maintained by a small team of security researchers and developers who have been working on hardened mobile security since 2014. The project is transparent, with all code publicly auditable on GitHub.

What makes it different?

The differences between GrapheneOS and standard Android are substantial:

• No Google services: Google Play Services, Google Mobile Services, and all associated tracking infrastructure are removed entirely.
• Hardened memory allocator: GrapheneOS uses a custom memory allocator that makes many classes of attacks significantly harder to execute.
• Stronger sandboxing: Apps are more aggressively isolated from each other and from the system.
• Reduced attack surface: Unused features and kernel components are disabled or removed.
• Permission controls: More granular control over what each app can access.
• Verified boot: Strict verified boot ensures the OS hasn't been tampered with.

Can I still use my apps?

GrapheneOS includes a sandboxed compatibility layer that allows you to run most Android apps without giving them access to Google services. In practice, the vast majority of apps you'd want to use work normally — including messaging apps, browsers, productivity tools, and most social media platforms.

Some apps that require deep Google Play Services integration (like certain banking apps or games with specific DRM) may not work, or may require workarounds. GrapheneOS maintains documentation on compatibility.

Who is GrapheneOS for?

GrapheneOS was originally designed for security researchers and privacy professionals. But with Norypt handling the setup and configuration, it's now accessible to anyone who values their privacy — regardless of technical background.

It's particularly well-suited for journalists, lawyers, healthcare professionals, executives, and anyone who handles sensitive information that they need to keep genuinely private.

Is it legal?

Yes. GrapheneOS is completely legal in all jurisdictions where Android devices are sold. It's open source software that you're free to install on a compatible device. Using privacy tools is not illegal.

Getting started

Installing GrapheneOS yourself requires downloading and verifying a signed OS image, unlocking and re-locking the bootloader, and configuring the device from scratch — straightforward for developers, genuinely complex for everyone else. Every Norypt Phone arrives with GrapheneOS pre-installed, configured, and the bootloader re-locked — ready to use from the moment it arrives.

Security updates and long-term support

A privacy-focused OS on an unpatched kernel is not a secure device. GrapheneOS ships security updates promptly after Google releases them — typically within a day or two. The project is explicit about this: a device running an outdated OS, regardless of how hardened it is, has a growing list of known vulnerabilities that any attacker can reference.

GrapheneOS only supports Pixel devices that still receive security updates from Google. When Google ends support for a Pixel model, GrapheneOS drops it too. This is a feature, not a limitation. Running GrapheneOS on an unsupported device — to save money or extend the life of hardware — defeats one of the most important properties of a hardened OS. Every Norypt phone uses a currently-supported Pixel, confirmed before purchase.

Network permission controls

One feature that distinguishes GrapheneOS from every other Android OS — including CalyxOS — is its extended permission model. Standard Android lets you control whether apps access your camera, microphone, location, and contacts. GrapheneOS adds network access as a controllable permission. You can install an app and prevent it from accessing the internet entirely — it runs locally, with no ability to transmit data. This is particularly useful for offline utilities, calculators, or reference apps that have no legitimate reason to make network connections. No other Android OS offers this at the system level.

Similarly, GrapheneOS adds sensor permissions (blocking access to accelerometer, gyroscope, and other sensors that fingerprinting scripts can exploit) and contact scopes (limiting which contacts an app can see rather than all-or-nothing access). These extensions give you a level of per-app control that stock Android's permission model simply doesn't offer.

Auto-reboot and duress features

GrapheneOS includes several security automation features that set it apart from every other mobile OS. The auto-reboot setting reboots the phone automatically after a configurable period of inactivity — useful because a locked phone after reboot is in a much stronger cryptographic state (Before First Unlock) than a phone that's been unlocked and then locked again. The duress password feature allows you to configure a secondary PIN that, when entered, performs a full device wipe — protecting data in coercive situations without being visibly different from a normal unlock attempt. These aren't features you'll use daily, but their existence reflects the threat model GrapheneOS is designed for.