news
Graphene OS: a security-enhanced Android build
People tend to put a lot of trust into their phones. Those devices have access to no end of sensitive data about our lives — our movements, finances, communications, and more — so phones belonging to even relatively low-profile people can be high-value targets. Android devices run free software, at least at some levels, so it should be possible to ensure that they are working in their owners' interests. Off-the-shelf Android installations tend to fall short of that goal. The GrapheneOS Android rebuild is an attempt to improve on that situation.
GrapheneOS got its start as "CopperheadOS"; it was reviewed here in 2016. A couple of years later, though, an ugly dispute between the two founders of that project led to its demise. One of those founders, Daniel Micay, continued the work and formed what eventually became GrapheneOS, which is, according to this history page, an independent, open-source project that ""will never again be closely tied to any particular sponsor or company"". Work on GrapheneOS is supported by a Canada-based foundation created in 2023; there appears to be almost no public information available regarding this organization, though.
At its core, GrapheneOS is an effort to harden Android against a number of threats and to make Android serve the privacy interests of its users. It is based on the Android Open Source Project, but removes a lot of code and adds a long list of changes. Some of those, such as a hardened malloc() library or the use of additional control-flow-integrity features, will be mostly invisible to users (unless they break apps, of course, which has evidently been known to happen). Others are more apparent, but it is clear that a lot of effort has gone into making the security improvements as unobtrusive as possible.