Why does it exist?
Stock Android phones send a constant stream of data to Google: your location, app usage, contacts, search history, voice recordings, and more. Even with privacy settings turned off, telemetry continues in the background.
GrapheneOS strips all of this out. No data goes to Google. The OS starts from a clean baseline: no tracking, no telemetry, no pre-installed bloatware. It's developed by the GrapheneOS Foundation, a Canadian nonprofit, and every line of code is public and auditable.
What makes it different from stock Android?
Privacy by default
- No Google telemetry or data collection
- Per-connection MAC randomization on Wi-Fi, preventing network tracking
- Screenshots automatically strip metadata
- Device identifiers are protected from app access
- Notifications are hidden on the lock screen by default
Hardened security
- Hardened memory allocator that defends against heap memory corruption exploits
- Hardware memory tagging on supported Pixel devices
- Verified boot with a locked bootloader — OS integrity is checked every startup
- Automatic reboot after a configurable idle period, re-encrypting all data
- Duress PIN that instantly and irreversibly wipes the device
- USB attack surface reduction — data and even charging can be fully disabled
- Scrambled PIN layout to prevent shoulder surfing and smudge attacks
- Multiple isolated user profiles, each independently encrypted
No Google services
- GrapheneOS ships with zero Google apps or services. No Play Store, no Google Play Services, no telemetry.
- It is possible to install Google Play Services in a sandbox with no special privileges, but this is strongly discouraged. Any Google service on the device re-introduces data collection and significantly reduces the privacy benefits of running GrapheneOS.
Secure built-in apps
- Vanadium: a hardened Chromium-based browser with JIT compilation disabled by default
- Auditor: hardware-based device integrity verification
- A privacy-focused camera app
- A sandboxed PDF viewer
What phones does it run on?
GrapheneOS only supports Google Pixel devices. This is intentional — Pixels have hardware security features that GrapheneOS depends on:
- Titan M2 security chip — provides a hardware root of trust for verified boot and key storage
- Unlockable and re-lockable bootloader — allows installing GrapheneOS while maintaining verified boot
- Long update support — Pixel 8 and 9 series receive 7 years of security updates
Currently supported devices include the Pixel 6 through Pixel 9 series, Pixel Fold, and Pixel Tablet.
Who uses GrapheneOS?
- Journalists protecting sources
- Lawyers and doctors with confidentiality requirements
- Activists operating in hostile environments
- Security researchers and IT professionals
- Executives concerned about corporate espionage
- Anyone who doesn't want a phone that reports everything back to Google
Can I install it myself?
Yes. GrapheneOS provides a web installer at grapheneos.org that walks you through the process. You need a supported Pixel, a USB cable, and a computer with a Chromium-based browser. The installation itself is straightforward.
But a secure phone is more than just an OS — it's also about how you configure your messaging, network routing, and operational security.
The hard part isn't installing it
Flashing GrapheneOS is the easy part. What's harder is building a complete private communications setup:
- Choosing and configuring an encrypted messenger that doesn't require a phone number or account
- Setting up Tor routing so your IP address is never exposed to messaging servers
- Running your own private relay servers so your messages don't pass through shared public infrastructure
- Configuring cryptographic client authentication so only your devices can access those servers
- Maintaining that server infrastructure over time
That's what null does.
Every null device ships with GrapheneOS, SimpleX Chat, and a private Tor-routed relay network — configured and ready to use. No setup, no command line, no server administration.
Order now · $1,249 →