Pixel Graphene Phone FAQs

Graphene OS includes Vanadium Browser, its hardened privacy and security enhanced version of the popular Chromium Browser. Vanadium is both a browser app and the Graphene OS WebView Service used by other apps as a browser engine to render web content.

HARDENING

Vanadium provides the strongest sandbox implementation, acting as a barrier to compromising the rest of the OS, and is leagues ahead of the alternatives. Vanadium also turns on strict site isolation which is critical, as browsers without site isolation are very vulnerable to attacks. Vanadium has excellent exploit mitigations [e.g. it enables type-based CFI, uses a stronger SSP configuration, zero initializes variables by default, etc.]

EXTENSIONS

We recommend against trying to achieve browser privacy and security through piling on browser extensions and modifications. Most privacy features for browsers are privacy theater without a clear threat model and these features often reduce privacy by aiding fingerprinting and adding more state shared between sites. Every change you make results in you standing out from the crowd and generally provides more ways to track you.

AVOID FIREFOX

Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Firefox / Gecko browsers also bypass or cripple a significant portion of the Graphene OS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.

ADDITIONAL PRIVACY FEATURES

Vanadium was primarily focused on security hardening, however has begun adding additional privacy features. In the near future, we plan to add support for always incognito mode, content filtering [ad blocking], improved state partitioning and many other features.

Yes. The Pixel phone with Graphene OS installed, is running the latest version of Android, currently version 13. Android 12 introduced 'Global Toggles' for disabling the camera and microphone in addition to the existing bluetooth, location services, wifi and the cellular network toggles. When not in use, you can disable these features. Apps cannot use disabled features (even if granted individual permission) until you re-enabled them.

Carriers can track your course location via cell towers using the IMSI and IMEI broadcasted by your baseband modem. In order to avoid this type of tracking, you can enable the airplane mode which would disable the baseband modem. This will stop the network carrier tracking you AND also stop any calls and text messages until you re-enable your connection by disabiling airplane mode.

Graphene OS uses a combination of Verified Boot features to verify that the hardware, firmware and operating system are genuine and have NOT been tampered with. You can compare your phone’s Verified Boot Number displayed on your phone’s screen, against the official Graphene OS Verified Boot Numbers to confirm your phone has not been tampered with.

If you have chosen to use a VPN, from Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in Settings → Network & internet → VPN → Block connections without VPN. We will have installed and configured this if you chose to use a VPN when we discussed your preferred apps.

By default, your baseband modem will typically be set to support just about every generation of mobile cellular technology, from 2G to 5G. This gives a large attack surface. You can reduce this attack surface by limiting the baseband modem to just using the generation that you needs. In most cases, this would be 4G/LTE or 5G if you prefer. Graphene OS has the LTE only mode exposed in settings. We will set this for you to 4G / LTE though you can adjust this by going to Settings → Internet → Your carrier name → Preferred network type.

Installing a custom Android-based operating system can help increase your privacy and security. However the vast majority of these operating systems do exactly the opposite - breaking the Android security model, ruining your security while providing no or dubious privacy benefits. If you are using a modern Pixel phone, the best choice is to use GrapheneOS. If you are on a device supported by DivestOS, use DivestOS. Otherwise, do not blindly use an Custom OS just because it is advertised as “degoogled”.

It’s important to not use an end-of-life version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, prior to Android 10, any apps with the READ_PHONE_STATE permission could access sensitive and unique serial numbers of your phone such as IMEI, MEID, your SIM card’s IMSI, whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
All our Pixel phones are now based on Android 13, the latest version, then deGoogled only with Graphene OS ensuring we end up retaining all the latest security and privacy enhancements.

On Android, the phone unlock (Password, Pin, Pattern) is used to protect the encryption key for your device. Thus, it is vital that your unlock secret is secure and can withstand Bruteforce attacks. Pattern unlock is extremely insecure and should be avoided at all cost. This is discussed in detail in the Cracking Android Pattern Lock in Five Attempts research paper. If you trust the hardware enforced rate limiting features (typically done by the Secure Element or Trusted Execution Environment) of your device, a 8+ digit PIN may be sufficient. Ideally, you should be using a 8-10 word diceware passphrase to secure your phone. This would make your phone unlock practically impossible to bruteforce, regardless of whether there is proper rate limiting or not.

Rooting Android phones can decrease security significantly as it weakens the complete Android security model. This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in privilege escalation vulnerabilities and SELinux policy bypasses.

Multiple user profiles can be found in Settings → System → Multiple users and are the simplest way to isolate in Android. With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation.

Permissions on Graphene OS / Android grant you control over what apps are allowed to access. Google regularly makes improvements on the permission system in each successive version. All apps you install are strictly sandboxed, therefore, there is no need to install any antivirus apps. You can manage Android permissions by going to Settings → Privacy → Permission Manager. Be sure to remove from apps any permissions that they do not need.

Auditor provides attestation for Graphene OS phones and the stock operating systems on a number of devices including our Pixel phones. It uses hardware security features to make sure that the firmware and operating system have not been downgraded or tampered with. Attestation can be done locally by pairing with another Android 8+ device or remotely using the remote attestation service. To make sure that your hardware and operating system is genuine, we perform local attestation immediately after your device has been setup and prior to any internet connection.

Yes. The Pixel phone with Graphene OS has support for dual SIM via one physical SIM slot and one eSIM. Users can use an eSIM installed previously on the device or install an eSIM once Graphene OS is installed. This process is called Privileged eSIM Management.

Privileged eSIM management can be enabled in Settings ➔ Network and Internet ➔ Privileged eSIM management. The toggle will NOT be greyed out [unusable] if the Graphene OS sandboxed Google Play IS installed, as the functionality is reliant on it. We install the secure Sandboxed Google Play as a default. By enabling the toggle, the proprietary Google functionality is enabled and will be used by the OS to provision and manage eSIMs.

Note that if the eSIM installation process does not progress past the ‘Checking network info’ stage despite having a stable Internet connection, you may need to call the USSD code *#*#4636#*#* and then enable DSDS in the menu that is presented. We can assist you with this is necessary.

No. To DeGoogle a phone, we require access into the phone to replace the OS [Operating System]. Apple deliberately blocks us from doing so. Some Android phone brands can be accessed, though it takes time and effort for developers to perfect the process. Google Pixel Android phones allow us to do so safely which is why we now exclusively offer the newest Pixel phones.

No. Graphene OS has been designed specifically for the Pixel Phone, integrating with its hardware, Titan Secure Element chip, firmware and base Android operating system to provide the most secure and private phone on the market. For these reasons Graphene OS is our sole choice of degoogled operating system.

Yes. If for some reason you wish to restore your Pixel phone to its original Android OS, it can be reflash with Android OS, returning the phone to its original state.

No. Pixel phones are designed to support custom OS [Operating System] installations, so installing Graphene OS does NOT void your 2 Year Warranty.

Google Pixel phones have stronger hardware security than any other Android device currently available and as such, are the only phones I now recommend. That’s a big statement, so let me validate it.

Pixel phones are designed to fully support third-party OS [operating system] installations so are inherently more secure due to proper AVB support. As such, installing a custom OS means the Pixel phone is NOT “hacked” but rather “upgraded” and hence is not exploiting existing hardware security mechanisms [e.g. rooting] which can then in itself create security vulnerabilities. Pixels also include Google’s custom Titan security chip acting as the Secure Element for Verified Boot, confirming your phone has not been tampered with and remains secure and private.

When purchasing a Pixel phone, you should buy one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. Also, beginning with the Pixel 6 and 6 Pro, Pixel phones receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer.

Graphene OS [Operating System] is a cutting-edge, security obsessed, privacy operating system with amazing reliability, making it one of the most private and secure mobile operating systems available today. Graphene OS is a very technically focused project, achieving substantial improvements to both privacy and security from its Android open source operating system code base, yet retains functionality and usability.

Graphene OS has been designed specifically for the Pixel Phone, integrating with its hardware, Titan Secure Element chip, firmware and base Android operating system to provide the most secure and private phone on the market. For these reasons Graphene OS is our sole choice of degoogled operating system.

DeGoogling a phone requires that we wipe the OS [operating system] off your phone and install a custom OS that has all the google spyware removed. The custom OS is safe, open-source software, that programmers have reviewed to ensure it is safe for you to use and does not spy on you!

A DeGoogled phone is all about your privacy. The standard iPhone and Android phones harvest your data back to their servers up to 90 times per hour. Storing your location, your proximity to others with a phone, what apps you use, which websites you visit and a lot more. They store and sell your data leaving you a target for hackers, identity theft or worse.

A DeGoogled phone keeps your activities private by preventing your phone OS [Operating System] from “reporting” all your personal activities, such as which websites you visit, which apps you have installed and much more, back to Google and Apple.