Cops say criminals use a Google Pixel with GrapheneOS – I say that's freedom

Police in Spain have reportedly started profiling people based on their phones; specifically, and surprisingly, those carrying Google Pixel devices. Law enforcement officials in Catalonia say they associate Pixels with crime because drug traffickers are increasingly turning to these phones. But it’s not Google’s secure Titan M2 chip that has criminals favoring the Pixel — instead, it’s GrapheneOS, a privacy-focused alternative to the default Pixel OS.

As someone who has used a Pixel phone with GrapheneOS, I find this assumption a bit unsettling. I have plenty of reasons to use GrapheneOS, and avoiding law enforcement isn’t on the list at all. In fact, I think many Pixel users would benefit from switching to GrapheneOS over the default Android operating system. And no, my reasons don’t have anything to do with criminal activity.

Why I use and recommend GrapheneOS

A privacy-focused operating system may seem more trouble than it’s worth. But when I replaced Google’s Pixel OS with GrapheneOS, I found it to be a transformative experience. For one, the installation was painless, and I didn’t lose any modern software features. Installing aftermarket operating systems used to equal a compromised smartphone experience, but I didn’t find that to be true in the case of GrapheneOS.

Case in point: even though GrapheneOS doesn’t include any Google services, I was surprised to find that you can install the Play Store with relative ease and almost all apps work flawlessly — even most banking ones.

This is impressive for any open-source fork of Android, but GrapheneOS goes above and beyond in that it also has some major privacy and security benefits. Primarily, it locks down various parts of Android to reduce the number of attack vectors and enforces stricter sandboxing to ensure that apps remain isolated from each other. GrapheneOS just works, with almost no feature or usability compromises.

Take Google apps as an example. On almost all Android phones sold outside China, Google has far-reaching and system-level access to everything: your precise location, contacts, app usage, network activity, and a load of other data. You cannot do anything to stop it, whether you’d like to or not. However, you can with GrapheneOS because it treats Google apps like any other piece of unknown software. This means Google apps are forced to run in a sandbox where they have limited access to your data.

GrapheneOS’ sandboxing extends to invasive apps like Google Play Services and the Play Store. You can explicitly disable each and every permission for these apps manually — in fact, most permissions are disabled by default. Even better, you can create different user profiles to isolate apps that require lots of permissions. GrapheneOS can forward notifications to the primary user profile, unlike stock Android. GrapheneOS limits Google's reach into your phone more than any other flavor of Android.

On the subject of app permissions, GrapheneOS builds on that, too. For example, you can stop apps from accessing the internet and reading your device’s sensors — stock Android doesn’t expose such granular control. And while Android permissions often take the all-or-nothing approach, GrapheneOS lets you select only the exact contacts, photos, or files that you want visible to an app.

Finally, my favorite GrapheneOS feature is the ability to set a duress PIN. When entered, this secondary PIN will initiate a permanent deletion of all data on the phone, including installed eSIMs. If I’m ever forced to give up my phone’s password, I can take solace in the fact that the attacker will not have access to my data.

If you have nothing to hide…

You might be wondering: if I don’t have anything to hide, why should I bother using GrapheneOS? That’s a fair question, but it misses the point. I don’t use GrapheneOS because I have something to hide — I use it to exercise control over the device I own. I find it comforting that Google cannot collect data to nearly the same extent if I use GrapheneOS instead of Pixel OS.

The benefits of using GrapheneOS extend far beyond just hiding from Google, though, and it’s why the project has landed under the scanner of law enforcement. I believe that GrapheneOS catching attention from law enforcement just proves how much it raises the bar on privacy.

GrapheneOS has built a number of app isolation-based safeguards to ensure that your phone cannot be infected remotely. The technical details are longer than I can list, but in essence, the developers stripped out parts of Android’s code that could be exploited by bad actors. Some security improvements have even been suggested and incorporated into AOSP, meaning GrapheneOS’ efforts have made all of our devices a tiny bit more secure.

Does GrapheneOS take privacy and security too far?

GrapheneOS is one of many tools that now face suspicion and political pressure simply for making surveillance harder.

Take the Signal app as another example. The encrypted messaging app has been repeatedly targeted by EU lawmakers in recent years. Specifically, a proposed “Chat Control” legislation would compel secure messaging platforms to scan all communication — including those protected by end-to-end encryption — for illegal content such as Child Sexual Assault Material.

Messaging apps in the EU would be required to scan private communications before they’re encrypted, on the user’s device, and report anything that looks suspicious. While encryption itself wouldn’t be banned, Signal’s developers have rightly pointed out that mandatory on-device scanning essentially equals a backdoor. A rogue government could misuse these privileges to spy on dissenting citizens or political opponents, while hackers might be able to steal financial information. Regulators have long asked privacy apps to compromise on their singular mission: privacy.

There’s a bitter irony here, too, as GrapheneOS recently pointed out in a tweet. The Spanish region of Catalonia was at the center of the massive Pegasus spyware scandal in 2019.

Pegasus, a sophisticated surveillance tool sold exclusively to governments, was reportedly used to hack phones belonging to Members of the European Parliament and eavesdrop on their communications. Yet, police in this very region are now scrutinizing savvy Pixel and GrapheneOS users for hardening their devices against unlawful surveillance and other attack vectors.

Open source developers cannot control what their software is used for, and that’s true for GrapheneOS and Signal. Sure, some criminals will naturally want to take advantage of the privacy and security tools the rest of us use.

One could say the same thing about matchboxes being used for arson and cash being used for money laundering, but no one’s calling on regulators to outlaw either. In fact, law enforcement profiling is frowned upon by most of us. So, if I use GrapheneOS on my Pixel to keep my data away from Big Tech, potential hackers, or even eavesdropping governments, that alone should not put me in the same league as drug dealers. But if it does, so be it.