21 lines
1.9 KiB
YAML
21 lines
1.9 KiB
YAML
title: GrapheneOS
|
|
type: Recommendation
|
|
logo: /assets/img/android/grapheneos.svg
|
|
logo_dark: /assets/img/android/grapheneos-dark.svg
|
|
description: |
|
|
**GrapheneOS** is the best choice when it comes to privacy and security.
|
|
|
|
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so [verified boot](https://source.android.com/security/verifiedboot) is fully supported.
|
|
|
|
Notably, GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Google Play Services can be run fully sandboxed like a regular user app and contained in a work profile or user [profile](/android/#android-security-privacy) of your choice. This means that you can run apps dependant on Play Services, such as those that require push notifications using Google's [Firebase Cloud Messaging](https://firebase.google.com/docs/cloud-messaging/) service. GrapheneOS allows you to take advantage of most [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) whilst having full user control over their permissions and access.
|
|
|
|
Currently, only [Pixel phones](https://grapheneos.org/faq#device-support) meet its hardware security requirement and are supported.
|
|
|
|
#### Notes
|
|
GrapheneOS's "extended support" devices do not have full security patches (firmware updates) due to the original equipment manufacturer (OEM) discontinuing support. These devices cannot be considered completely secure.
|
|
website: 'https://grapheneos.org/'
|
|
privacy_policy: 'https://grapheneos.org/faq#privacy-policy'
|
|
downloads:
|
|
- icon: fab fa-github
|
|
url: 'https://github.com/GrapheneOS'
|