History of GrapheneOS
GrapheneOS, founded by Daniel Micay in late 2014, began as a solo project focused on enhancing privacy and security in Android. Initially, it involved porting OpenBSD malloc and PaX kernel patches, leading to significant low-level improvements and contributions to AOSP. In late 2015, a company was incorporated to sponsor the project, initially known as CopperheadOS, with the aim of building a business around it. However, the company failed to support the project adequately and eventually became a hindrance.
In 2018, the company was taken over by its CEO, who attempted to claim ownership of GrapheneOS but was rebuffed. Despite losing infrastructure and donations, the project revived and continued independently, countering false claims from the former sponsor. After distancing itself from the sponsor, the project was rebranded to GrapheneOS and has since grown, now employing multiple developers and collaborating with various companies.
In March 2023, the GrapheneOS Foundation was established as a non-profit in Canada to manage donations for the project.
Hackish design interface
Sandbox
By default, GrapheneOS does not come with Google apps pre-installed; however, users have the option to install a sandboxed version of Google Play Services from the included “App Store.” This sandboxed version enables access to the Google Play Store and apps that rely on it, as well as features like push notifications and in-app payments.
In January 2024, support for Android Auto was introduced in GrapheneOS, allowing users to install it through the App Store. The settings for the Sandboxed Google Play compatibility layer now include a new permission menu with four toggles to provide the minimal access needed for wired and wireless Android Auto, audio routing, and phone calls.
Security
GrapheneOS offers revocable network access and sensor permission toggles for each installed application. It also features a PIN scrambling option for the lock screen.
By default, GrapheneOS randomizes Wi-Fi MAC addresses for each connection to a Wi-Fi network, rather than using the standard Android per-network approach.
The operating system includes automatic phone reboots when idle, automatic disabling of Wi-Fi and Bluetooth, and system-level controls to disable the USB-C port, microphone, camera, and sensors for apps. Additionally, it provides a “Contact Scopes” feature, allowing users to specify which contacts an app can access.
GrapheneOS has developed a hardened Chromium-based web browser and WebView implementation called Vanadium, which serves as the default web browser/WebView. It features automatic updates, process and site-level sandboxing, and built-in ad and tracker blocking.
Included as well is Auditor, a hardware-based attestation app that offers strong verification of the authenticity and integrity of the device’s firmware and software.
Apps like Secure Camera and Secure PDF Viewer provide enhanced privacy features, such as automatic removal of Exif metadata and protection against malicious code in PDF files.
Compatibility
GrapheneOS is currently compatible only with Google Pixel devices, as it has specific requirements for supporting new devices, such as an unlockable bootloader and proper implementation of verified boot.
Also the operating system can be installed from multiple platforms, including Windows, macOS, Linux, and Android devices. There are two installation methods available: a WebUSB-based installer, which is recommended for most users and a command-line installer designed for more experienced users.
Source Code can be found here.
To write even more articles about such tutorials & old tech, you can help me with a ☕ COFFEE ☕
Source: GrapheneOS
Be the first to comment!