This is at least partially banned by the injunction from Epic vs Google:

  7. For a period of three years ending on November 1, 2027, Google may not condition a payment, revenue share, or access to any Google product or service, on an agreement with an original equipment manufacturer (OEM) or carrier to preinstall the Google Play Store on any specific location on an Android device.
  8. For a period of three years ending on November 1, 2027, Google may not condition a payment, revenue share, or access to any Google product or service, on an agreement with an OEM or carrier not to preinstall an Android app distribution platform or store other than the Google Play Store.

So the Android MADA and the AFA was wholesale struck as illegal a couple years ago, both in the US and elsewhere. So this requirement cannot legally exist. Whether Google will give someone a license who also ships a fork though is certainly in question, I suspect most OEMs aren't willing to risk their business seeing if the mafia wants to follow the law. Google has such a reputation for being abusive at this point an actual agreement or rule is no longer necessary.

The article doesn't say that the manufacturer would ship anything with GrapheneOS. I read it as users will still get to install it themselves, which now finally will be possible with a non-Pixel device.

GrapheneOS' Reddit comment shown in the article says "selling devices with GrapheneOS preinstalled would be nice but wouldn't be required".

To me that sounds like devices with GrapheneOS preinstalled is not gonna happen.

Why is this the most top voted comment? Do a lot of people really feel this way? Honestly, I feel it's ridiculous to expect this from Graphene OS. It's a privacy focused OS. If you want shiny features there is iOS.

They are already stretched a bit in terms of doing what they are comfortable and best at which is implementing privacy and security enhancements in AOSP and maintaining them across AOSP changes and upgrades (or getting them upstreamed if palatable to Google/AOSP).

They have made major usability improvements like eSIM support and network-based location. They have also been forced to work on things due to unrelenting popular demand like Android Auto support, sandboxed-google-play and the compatibility layer and Google Messages & RCS support.. to the cost of working on other security/privacy enhancements. At the end of the day, this is more a question of resources available.

I think the task of usability, features and overall experience is better delegated to another group of developers who might then contribute those improvements to GrapheneOS as well in an ideal world.

It would be a complete waste of time for devs to focus on making the AOSP apps pretty. I don't really get the hate, AOSP apps are completely fine and it's not like you have to look at it all the time

> I wish the project were more ambitious in terms of actually improving on Android in terms of usability, features, and overall experience.

i agree with the sentiment, but not for the features part. just getting the core functionality working across devices (securely of course) is already a lot of tedious work. just look at the dearth of supported devices that do not run a specific soc or from a famous brand.

for vast majority of features, one can personalize themselves by getting apps. most don't need rooting or any technical know-how. it will be unproductive to spend time ricing the os for users when they got their own personal preferences regardless. which is why it is fine to focus on getting the core things right first.

What does Android need "in terms of usability, features, and overall experience"? I personally don't feel that anything is missing. I'd love a denser battery maybe.

While this is awesome, I'm kinda skeptical on the premise on two points.

Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.

Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?

What more do you want your phone to do at this point?

You might like /e/OS. It's less secure/hardened than Graphene, but offers a de-Googled Android with a focus on privacy and usability.

The timing of this is also really important, as the EU is currently planning on rolling out mandatory app-based age verification, and currently it looks like the solution will be locked to Apple and Google phones "for security reasons". I have contacted my own government, and their answer is that they currently do not plan to support alternatives only used by a minority of citizens (absurd statement coming from a government agency). Having a major OEM actually offer a native non-Google Android phone will be really important to be able to put pressure on governments to stop locking their citizens into American big tech platforms because of will be a lot easier to argue that it is anti-competitive (which it always has been, but governments apparently don't consider postmarket operating systems as even part of the competition).

GrapheneOS recently added official support for forcing the availability of VoLTE, VoNR, 5G and/or VoWiFi with any carrier providing proper implementations. It was previously possible via ADB but no longer is since the December 2025 security patches which are included in our current security preview releases with the November 2025, December 2025 and January 2026 patches (https://discuss.grapheneos.org/d/27068-grapheneos-security-p...).

The devices with our OEM partner will be Snapdragon flagships with Gunyah rather than pKVM. It should still be able to support the same things. It even has official Windows guest support upstream.

What is the VoLTE/5G issue? On T-Mobile, haven't had any issues with it living in a pretty rural spot. Isn't that like a Verizon problem?

Curious, what phone would you recommend/do you use?

All android devices launched with android 15 or newer need to support Android Virtualization Framework. So there will be support for VMs.

The tone of this announcement seems a lot more certain than the previous one, at least.

I remember reading that comment. Disappointing article, but good to know it's still in progress.

The patches provided by LOS aren't anywhere close enough to keep the phone secure/private. LineageOS breaks android security model in all but selected few devices, mainly Pixels I think. Your phone is very likely more secure by sticking to the original OS your phone shipped with.

What do you think about selling your old phone, and buying a used Pixel? This would get you a Graphene-approved phone, but generate no e-waste.

Same here. For me the biggest bummer with GrapheneOS is that the promised new back up system is still not even on the horizon and was promised a gazillion years ago.

I use a self-hosted Nextcloud and sync all contacts, photos and calendar with it. Having full native support for all Android apps would be pretty cool though.

I've used CalyxOS and Iode on my FP4, both roms integrated with Seedvault and making a full backup was seamless. Which roms have you tried, then?

The "a" models haven't been 300€ for a good while now. Launch price for 9a was 549€. So I would set that as the floor price for any speculation about this.

Sadly, I believe that only 1000€+ models are meant here.

Knowing that OnePlus has been the most friendly for alternative OSes, I believe that the newer OnePlus Phones will get GrapheneOS builds.

It's hard to believe that Samsung, Huawei or Xiaomi are going to partner with them.

https://news.ycombinator.com/item?id=45586622

Graphene doesn't have the volume to get a custom flagship grade device made for them. So even if they get a device that ships with Graphene preinstalled? It's going to be a variant of another Android phone.

Which is, generally, not that good for Linux mainlining. Qualcomm SoCs are "meh" when it comes to mainline Linux support - some parts are there, but a lot of them aren't. It has been getting better for the last bit though?

A lot of people will say "well, the market of people who want that is so small that its not even a blip on Google's radar", but let's cut that one off at the pass: No one buys pixel devices anymore. Their sales are abysmal, Tensor mobile silicon has been a failure, and the one thing they kinda had going for them was general good vibes with the broader tech community. But, they're Google, so they ruined that too.

I suspect there will be a Pixel 11, maybe a Pixel 12, but that'll be it.

Could estimate ~1% (+/- 1%) given the Graphene user estimates [1] and the tens of millions of Pixels sold at this point.

[1] https://discuss.grapheneos.org/d/21946-grapheneos-popularity...

> only real benefit to running a pixel

Not a phrase I expected to read, whew. Tough customers.

I've been very happy with several generations of pixels at this point compared to the alternatives.

It's probably a negligible percentage. Installing custom ROMs is niche even within the tech crowd.

Typical mind fallacy.

According to one estimate, there are about 250k total GrapheneOS users https://discuss.grapheneos.org/d/12281-how-many-grapheneos-u...

This source claims Google shipped 10 million devices last year https://coolest-gadgets.com/google-pixel-smartphones-statist...

If we generously assume every GrapheneOS user bought a new phone in the last year, 2.5% of those Pixels are running Graphene.

I was being curious and asked ChatGPT. OnePlus came as a likely candidate there as well. Still 2027 is a long time, hopefully my phone keeps working till then xD.

They have to start somewhere. Unfortunately part of the issue is that most OEMs do not even support their budget models as well as their flagships, so they would fall short of basic reasonable GrapheneOS requirements like 5+ years of timely security updates.

Yep. I like my midrange phone I got for ~$300. I'm not paying top-dollar just for GrapheneOS.

[dead]

Snapdragon flagships have solid security and it's the devices made with those which ruin it. Snapdragon has both advantages and disadvantages compared to Tensor.

Pixel 6 through Pixel 9a are essentially Exynos SoC devices using standard Cortex and Mali cores. Certain components are custom including a Trusty OS TEE and secure core, a separate hardened secure element chip, image processing, TPU for neural network acceleration, etc. Tensor was mostly standard Exynos. Pixel 10 moved away from Exynos other than the cellular radio chip, but it's not clear if that is good or bad for security. It gives them more independence, choices and control to an extent but they largely licensed the IP for the components and it's not necessarily more secure. Perhaps PowerVR GPUs have better security than Mali, but that's unclear. It does appear they got GPU virtualization support through it, but Qualcomm cares a lot about virtualization too especially since they support laptops with Windows, etc.

GrapheneOS have mentioned in the past that the Qualcomm baseband processors compare well to competition in terms of security and isolation support on their respective SoCs. There may be other aspects they need to catch up to Pixels on regarding security though (like the secure element, open-source TEE etc.).

The situation you're alluding to is not a case of "GrapheneOS doesn't support banking apps" but rather "Some app publishers employ Google Play Protect and other measures in order to explicitly block GrapheneOS". GrapheneOS can not do anything about that. Choose your banking and payment apps accordingly.

FWIW I have run several banking apps on GrapheneOS without any issues whatsoever, never had any blocks or compatibility issues. Might just be luck of the draw but just to say you probably do have options.

I sincerely doubt it, but a large OEM with first-party support makes it (IMO) more likely for banking apps to support GApps-less handsets(instead of the inverse, Graphene supporting banking apps) - a dramatically better outcome, as that allows Waydroid more breathing room as a viable solution for Linux-first handsets too.

This would of course be contigent on GrapheneOS growing their market- and mind-share in the general public, while also taking several years to impact the least move-fast-and-break-things industry (consumer banking).

But still, a man can dream.

If those apps use "Play Integrity" (bad choice) then the probability is close to zero because it's Google that controls it. Other OEMs that currently pass it do it only because the device was certified by Google.

But being certified by Google of course precludes not preinstalling or sandboxing their GMS apps.

The answer is it depends. Banking and similar Apps trying to "protect" the user from themselves aka treat the user like a retarded child do this through several mechanisms:

> Google Play Integrity

Essentially a Google API that App Developers integrate that checks if the device runs an Operating System signed by Google as "Play Certified". This can go as far as being backed by a hardware trusted platform module. I doubt Google will certify GrapheneOS given their modifications towards sandboxing the play services. This can be faked to a degree but GrapheneOS choses not to do it and to fake the TPM part you need leaked keys. For more details on how to fake it look at this thread: https://xdaforums.com/t/guide-how-to-pass-strong-integrity-o...

> Fingerprinting the Device OS

This can very from app to app and just tries to fingerprint the device in many ways to see if it's running a custom rom of some kind. This does things like check to see if the bootloader is unlocked or if root is installed. I think this is something an official grapheneos phone might fix since the phone vendor could allow grapheneos to sign their releases as native equivalent

> Banning GrapheneOS by Name

Some Apps Developers literally ban GrapheneOS by name.

> Failures due to Google Play Sandboxing

Since GrapheneOS sandboxes Google Play Services there might be compatibility issues that prevent the app from working right. This would likely be unaffected by a GrapheneOS Phone.

> Failures due to Advanced Security Features

Some Apps just don't "like" the advanced security features like the hardened malloc and other protections and just fail. This can be disabled most of the time

If the phone is rooted, most banks will not support it. That includes grapheneOS.

Of course it does. The whole point of a FOSS platform is the remove this kind of corporate control. It's your device, and you run whatever code you want on it.

Is DAVx⁵ not sufficient?

They said "major OEM" so I don't think it's them. Unlikely to be Samsung either. Maybe Xiaomi or Lenovo (Motorola)?

My guess is Sony.

At any rate, they explicitly said that they are not working with fairphone [1]

[1] https://news.ycombinator.com/item?id=44678459

It's one of the major OEMs. They have a bunch of devices, so we can eventually support more than one and can have new supported models each year. Small OEMs are not currently capable of meeting our security feature and update requirements listed at https://grapheneos.org/faq#future-devices.

Fairphone 4 and Pixel 6 both launched October 2021. Fairphone 4 has an end-of-life Linux 4.19 kernel which stopped getting LTS updates vs. launching with Linux 5.10 and moving to Linux 6.1. Fairphone 4 is still on Android 13 which is end-of-life soon. Fairphone 4 lacks proper privacy/security patches since it's just getting partial backports to Android 13 which they ship 1-2 months after the official date. OEMs are allowed to ship them up to 3 months before the official date and have at least 1 month early access, so that's a longer delay than it seems. Is the way these devices marketed ethical when considering the lack of privacy, security, long term support and sustainability? Do the claims about fair treatment of workers and fair sourcing of resources have more substance? Is it better or worse than the ethics of an iPhone, which has very efficient per-unit production and far better long term support?

2027 in EU: https://www.pcmag.com/news/eu-smartphones-must-have-user-rep...

GrapheneOS isn't a product or a business. It's partnership between a non-profit organization (GrapheneOS Foundation) obligated to pursue the defined mission and a for-profit Android OEM making hardware. It's not a for-profit venture from the GrapheneOS side.

There are no closed source components in kernel space for Pixels and won't be for other devices we support either. Hardware and firmware is closed source in practice for all modern computers. Open source doesn't mean something is inherently more private or secure. In the case of hardware, you also can't verify it matches the sources in a similar way as software.

Firefox has poor security, but especially on Android where it doesn't implement sandboxing yet let alone site isolation. It has much worse exploit protections and other security protections than Chromium-based browsers.

Using web apps over native apps makes sense for reducing their access but has privacy downsides too such as trusting the servers rather than having signed releases able to provide more meaningful end-to-end encryption. Not everything can be done with web apps, especially in Firefox where there's no WebUSB, etc. as alternatives to installing native apps providing much less access to other things beyond what's required. For example, Firefox can't be used to install GrapheneOS on a device via the easy to use web installer due to lack of WebUSB despite Mozilla coming up with the early version of it as part of FirefoxOS.