GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.
GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.
The features page provides an overview of the substantial privacy and security improvements added by GrapheneOS to the Android Open Source Project.
Official releases are available on the releases page and installation instructions are on the install page.
GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.
No Google apps or services
GrapheneOS will never include either Google Play services or another implementation of Google services like microG. It's possible to install Play services as a set of fully sandboxed apps without special privileges via our sandboxed Play services compatibility layer. See the FAQ section for more details on our plans for filling in the gaps from not shipping Play services and Google apps.
GrapheneOS was founded as an open source project in late 2014. It was formerly known as CopperheadOS. For more details, see the history page.
See the FAQ section on our upstream work improving privacy and security for billions of users by getting a subset of our changes into core infrastructure projects.
See the FAQ section on the roadmap.
See the FAQ section on device support.