Would you recommend that I use GrapheneOS?

Chouquette

Hello,
I’m currently using Android (Xiaomi), but I’m someone who genuinely cares about my privacy. I’ve been trying, more and more, to avoid sharing too much personal information online… Well, that’s all relative, since I’m still on Instagram and other social networks (including Reddit, actually). I’ve also been a long-time user of Proton Mail, Signal, and Telegram. Many people say that Android isn’t secure, while Apple is heading in a worrying direction. GrapheneOS seems to be the benchmark when it comes to privacy and security.

It’s important to note that I’m French, so my data is theoretically subject to the GDPR — which, incidentally, is itself quite controversial.

I’ve also heard a lot about GrapheneOS in connection with Google Pixel phones. Some friends told me: “The problem with GrapheneOS is that without Google, you can’t really do anything (just like with Huawei).” Personally, I don’t think I could give up social networks and apps like YouTube, Google Maps/Waze, or Amazon — even though they’re well-known data harvesters.

Moreover, in Europe we’re entering a worrying phase with the proposed Chat Control law and the push toward digital identity. Honestly, from experience, I know that governments already know a great deal about us — including things that should remain private.

So I’d like to take steps to better secure my data and protect my privacy. However, I still have a few questions about GrapheneOS:

– Is GrapheneOS something you would recommend to as many people as possible?
– And, in order to use GrapheneOS, does one have to accept losing access to certain applications?

Watermelon

Chouquette Some friends told me: “The problem with GrapheneOS is that without Google, you can’t really do anything (just like with Huawei).”

You can use Google apps, including Google Play Store and Google Play services (which provides the Google account settings on the device, remote wiping (opt-in), etc). Contrary to other Android OSs, GrapheneOS puts Google Play into the same normal kind of sandbox that all other apps are put into, and provides a compatibility layer (enabled automatically when GrapheneOS detects that you installed Google Play) that makes Google Play work well in this way.

Chouquette – Is GrapheneOS something you would recommend to as many people as possible?

It's my impression that the GrapheneOS project wants to provide a general-purpose OS usable by anyone, ranging from tech illiterates who need a friendly and informative UI, to power users who want to use extra security/privacy controls.

Chouquette – And, in order to use GrapheneOS, does one have to accept losing access to certain applications?

Yes, although each case is high unlikely to be the fault of GrapheneOS themselves. Google bans GrapheneOS from using Google Pay, for example. Some other apps (incomplete list) ban GrapheneOS as well.

It's my impression that GrapheneOS cares very much about compatibility with standard Android, and correctness in implementing the additional security/privacy features that GrapheneOS adds on top of the Android base.

23Sha-ger

Chouquette – Is GrapheneOS

Just note it comes minimalistic. You have no "welcome" apps to transfer your old phone etc, like other devices.
Just like buying your own food and making it instead of buying processed junk. Healthier and better for you? Yes. More potential work? Yes.

GoS_anonuser1

Chouquette

Both Android and iOS (and all devices thereof) are huge data harvesting platforms, both by the platform owners themselves and the multiple accounts you create on them (not just Google account) and the apps you install and run on them.

GOS allows you to minimize this and adjust your data leak based on how much you are willing to give up.

You can use/run:

Signal , Proton Mail, and other other more privacy oriented apps normally
You can install WhatsApp, Instagram, Telegram and several other privacy destroying apps (but not leak quite as much as data to Google, but exact same amount of data to the App makers, as you'd do with standard Android OS)
If you want to use the privacy leaking software, you need to (in most cases) install Sandboxed Google Play (Google Mobile Services) within GOS - this enables you to run the aforementioned privacy leaking apps (while minimizing data send to Google)
Nothing prevents WhatsApp, Telegram, Instagram, Viber, etc from harvesting your messages, metadata, phone number, etc. if you install those apps. GOS can't solve this for you. In fact, nothing except 100% not using those apps solves this for you. I have chosen this method.
I have a second "burner" android phone for some of the privacy leaking apps (although I refuse everything 100% from Google, Meta, Apple, Microsoft, OpenAI and others), with different SIM and different identity on it.
You can also achieve something similar (not quite 100% the same) by using multiple Users/profiles in GOS. Different profiles have different apps/data that other profiles can't access.

Banking, transport, finance, insurance and many other apps are now requiring more and more different types of OS level checks to verify that the OS has not been "tampered with" (as the app makers define it the way they see fit, there is no universal definition fo this). This has made it harder to use some of the national banking apps, transport apps that enforce these checks at app level. Sometimes there's a workaround for a particular app (by enabling certain app specific settings inside GOS), sometimes contacting the company offering the app solves the issue after a few updates, but sometimes there are apps that you just can't get to work on GOS, due to multiple checks on OS level.

You are right about incoming Chat Control 2.0 EU law (stalled for now, but it will make a comeback in 2026, that is a given) and the recent EU Radio Equipment Directive (RED) 2014/53/EU, that they are diminishing privacy, security and user rights within EU countries.

EU Radio Equipment Directive (RED) 2014/53/EU has been interpreted in a way that modifying the secure boot of devices is being frowned upon/restricted, which has caused most of the Chinese phone manufacturers to stop or reduce the ability to unlock bootloader on smartphones sold in/to EU area. This then stops people from installing AOSP ROMs (like LineageOS or others) on them or fully degoogling your phone at system level.

GOS/PIxels still perform secure boot, but I'm afraid that in the future the EU bureaucrats will use the RED directive to also ban/reduce the use of GOS/Pixel devices in the future. This remains to be seen, but the way things are developing now in EU, it does not look promising.

This is all in the preparation for the incoming EU-wide Digital-ID (which will be smartphone based) and the plans for the subsequent Digital-Euro and planned smartphone EU Digital ID Wallet (with biometrics). You can find the plans and roadmaps for these from official EU/EC source with a bit of searching, not going to bore you with the details here.

So, the future is looking grim, but all you can do is to adapt. My current setup is (and is constantly being improved as I learn more):

1) Pixel/GOS as my primary phone, with near zero privacy leaking apps on it. I uses SMS (not RCS, because all RCS messages are stored-forever-decrypted-later on Google/Apple servers), standard GSM calls, specific E2EE apps that I somewhat trust (Molly, SimpleX, Matrix/Element), web browsing, VPN , email and other important apps that work on this (for example GrayJay for Youtube/Rumble/Bitchut without login identity). This is my everyday carry primary device 95% of the time .

2) A second cheap "standard Android" with another SIM, throwaway Google Identity (not used anywhere, except on this phone), with all the non-essential google apps/services disabled or uninstalled with the Android Universal DeBloater NG script. This I use for those things that don't work on the Pixel/GOS phone that I must have. I don't carry this with me all the time, only when I need it, it's mostly offline (no data, no wifi, no bt, no gps) and I turn the data on when I need it, perform the app action when needed, put the phone back to offline. I do NOTHING else on this phone. No messaging, no chats and nobody gets this phone number (so they can't put it in their own phones contacts and can't share it via contact sharing to Meta/Google/Apple/wherever). It's my 5% of the time "official business" phone.

Yes, this is cumbersome. Yes, it's not optimal, but other than going back to standard dumbphone with calls/sms and giving up all the apps in the world, it's the best I've been able to come with. For now.

NB! If you want go get another LineageOS/degoogled/rooted/passing Strong-Integrity/Root checks phone, other than Pixel/GOS, then your time to buy is now. The window is closing fast. Almost all manufacturers have now stopped bootloader unlocking (basically Motorola, Sony and Nothing brands remain, and I expect them to start restricting bootloader unlocking soon, due to EU regulations and incoming digital-ID checks).

So, should you use Pixel/GOS? That is up to you to decide. If you want to have more security, yes, but some apps might not work (99% will). If you want more privacy, you will have to refrain from installing the privacy leaking apps yourself (Meta stuff, MS stuff, telegram, chatbots, etc).

If you are serious about it, consider the two phone route. If you are dead serious about it and see where all this is going within the next 5 years within EU, get a dumb phone and give up smartphone completely. Really, a lot of people have actually said it has improved their quality of life a lot. So, for some it's an option worth considering.

Hope this helps more than confuses.

mmmm

23Sha-ger great analogy!

user2025

GoS_anonuser1

You have my BIG thank you for publishing this reply... hats down, it should be pinned to main page.

My peculiarity is that you try to decently explain this to some people, a draft reply of " i have nothing to hide, nothing to fear" challenges your intelligence and patience, pushing you to drop any further action(s) and ,somehow... to feel like a loser.

Again,thanks,respects.

spring-onion

GoS_anonuser1 EU Radio Equipment Directive (RED) 2014/53/EU has been interpreted in a way that modifying the secure boot of devices is being frowned upon/restricted, which has caused most of the Chinese phone manufacturers to stop or reduce the ability to unlock bootloader on smartphones sold in/to EU area. This then stops people from installing AOSP ROMs (like LineageOS or others) on them or fully degoogling your phone at system level.

That's false, the "source" of this news is AI gibberish. See: https://xcancel.com/GrapheneOS/status/1953065141878010126

GoS_anonuser1

23Sha-ger What AI bla-blah? Please don't be rude, if you have nothing useful to contribute.

DeletedUser495

GoS_anonuser1 the fact is compartmentalization is helpful, but I personally would never return to a regular stock OS unless it's completely offline which then negates some of the values this may bring. Using two profiles (or owner with private space) with GrapheneOS and practice a strict app restriction (which I can never emphasise enough for all the convenience freaks) makes a lot more sense to me.

GoS_anonuser1

spring-onion

I actually read the EU directive in question and looked what was happening in the world.
Xiaomi has started restricting bootloader unlocking (starting late last year, further restrictions in effect in August 2025). you can find this in the offixial Xiaomi site, if you search for it.
This is not fake news, it's a fact. I know, because I've applied for bootloader unlocking@ Xiaomi myself a week ago.
OnePlus has started to do the same (restricting bootloader unlocking).
Vivo, Oppo , Huawei and Honor, ZTE, Asus have all stopped it completely.
Samsung made it really difficult since update to OneUI 8.0 this year.
It seems it's just a matter of time until Motorola and Sony do it too (they are the two last bigger remaining companies that allow BL unlocking, in addition to Google Pixel). Considering how central Google and Android are to the smartphone ecosystem, I foresee it's just a matter of time before Pixel bootloader unlocking gets restricted too, or the OS level Strong Integrity checks will check for signing keys and whether the device is running original unmodified Google Android release or not.
It remains to be seen, but the future is towards secure boot only AND unmodified manufacturer boot only.
The future is towards secure boot only, both on mobile and on desktop systems. The same applies to Windows11 (TPM 2.0/Secure Boot) requirements also, although they can for now be bypassed. iOS/MacOS is already secure boot only.

wizoatk

GoS_anonuser1 This is not fake news, it's a fact.

More OEMs recently restricting bootloaders is factual. But there is no evidence or statement from an OEM that this is related to DIRECTIVE 2014/53/EU.

Eirikr70

I definitely recommend GrapheneOS to most people, apart from those whose job is related to their public image.
There are very very few apps you would have to renounce. The Vitale app for the Assurance maladie is one of them, maybe a banking app, probably a tap-to-pay app if you use one. And that's all.