Why we donate €10 per GrapheneOS install — and why it matters for your privacy
Best secure phone 2025
Google Pixel 9a GrapheneOS VPN Encrypted
Google Pixel 9 GrapheneOS VPN Encrypted
Best secure router 2025
CryptHub V2 Portable 4G VPN Encrypted Router
CryptHub V3 Portable 4G VPN Encrypted Router
We’ve been running GrapheneOS on our own devices since 2020. It started because a few people on our team got serious about mobile security and realised that stock Android — even with all the privacy settings cranked up — was still leaking data in ways most people never see.
Fast forward a few years, and GrapheneOS is now at the heart of what we offer to privacy-conscious clients worldwide. We’ve set up hundreds of devices. Some for journalists. Some for business owners who handle sensitive client data. Some for people who just got tired of feeling like their phone was reporting on them.
The common thread? Everyone wanted better mobile security but didn’t know where to start. That gap is where we come in — and why we’re now putting money directly back into the project that makes it all possible.
Why GrapheneOS and not something else?
There are a lot of “privacy phones” and “secure Android” options floating around. Most of them are marketing. GrapheneOS is engineering.
It’s not a skin or a theme or a tweaked version of stock Android. It’s a hardened operating system built from scratch on top of AOSP with a specific, well-defined threat model. The people behind it are serious security researchers, not marketing teams.
Here’s what makes it different in practice:
- Hardened memory allocator (hardened_malloc) — This mitigates entire classes of memory corruption bugs that are the bread and butter of mobile exploits. Most zero-day attacks on phones target memory handling. GrapheneOS makes those attacks significantly harder to pull off.
- Per-app network and sensor controls — You can deny network access to individual apps. Not just “background data” like stock Android, but all network access. You can also control which apps see your sensors, which are used for device fingerprinting.
- Verified boot with relocked bootloader — GrapheneOS supports relocking the bootloader after installation, which means the device verifies firmware integrity on every startup. If someone tampers with the OS, the device catches it.
- No Google services by default — But if you need them (and many people do for banking or work apps), GrapheneOS offers sandboxed Google Play. Google services run as regular unprivileged apps inside a sandbox, not as system-level processes with deep device access.
- Exploit mitigations everywhere — Control Flow Integrity (CFI), hardened libc, reduced attack surface across system components. These are things you’ll never see in a settings menu, but they’re the reason GrapheneOS is taken seriously by the security community.
For anyone who relies on their phone for communication, banking, or daily work — GrapheneOS provides actual protection, not marketing language.
What we actually set up for our clients
Our work goes way beyond flashing an operating system. Anyone can follow the install guide on grapheneos.org. The hard part is making the result usable — and that’s where most DIY installs fail.
Every deployment we do includes:
- Secure OS installation with full verification — We flash GrapheneOS, verify the install, and relock the bootloader. That last step is critical and often skipped by people doing it themselves.
- Privacy-respecting app selection — We help you replace data-hungry apps with alternatives that actually respect your privacy. Signal or Molly for messaging, Vanadium for browsing, KeePassDX for passwords, ProtonMail for email — tailored to what you actually use your phone for.
- User profile isolation — GrapheneOS supports multiple cryptographically isolated profiles. We set up separate profiles for daily use and sensitive tasks, so apps in one profile can’t see or access anything in another.
- Sandboxed Google Play (if needed) — If you need apps that depend on Google services, we install sandboxed Google Play in a dedicated profile — not your main one. Compatibility without compromise.
- Network and VPN hardening — Always-on VPN with kill switch, configured with a trustworthy provider like Mullvad or IVPN.
- Secure backups — Using Seedvault for encrypted local backups instead of sending everything to Google’s servers.
- Long-term guidance and support — We don’t disappear after the install. Questions about updates, new apps, or settings? We’re here.
We translate complex security engineering into setups that people can actually use every day without breaking their workflow.
How to protect your phone right now
Even if you’re not ready for GrapheneOS yet, here are practical steps you can take today to improve your mobile privacy:
Step 1: Use a supported Pixel device
GrapheneOS runs on Google Pixel phones (6 series through 9 series). Pixel hardware includes the Titan M2 security chip, which works hand-in-hand with GrapheneOS’s verified boot. If you’re buying a phone with future privacy in mind, get a Pixel.
Step 2: Lock down app permissions
Go through every app on your phone right now. Does your calculator need location access? Does your flashlight need your contacts? Revoke everything that isn’t essential. On stock Android, go to Settings → Privacy → Permission manager.
Step 3: Switch to Signal or Molly
If you’re still using SMS or unencrypted chat apps, switch to Signal. On GrapheneOS, consider Molly — a hardened Signal fork with database encryption and a separate lock screen. Turn on disappearing messages.
Step 4: Use an always-on VPN
Configure Mullvad or IVPN as always-on with the kill switch enabled. This means if the VPN drops, your phone sends zero traffic rather than leaking your real IP.
Step 5: Disable Bluetooth and Wi-Fi when not in use
Both broadcast signals that can be used to track your location. GrapheneOS includes MAC randomisation by default, but the best protection is not broadcasting at all.
Step 6: Use encrypted backups
Don’t let Google back up your entire phone to their servers. On GrapheneOS, use Seedvault for encrypted local backups. On stock Android, at minimum enable encrypted backup and use a strong Google account password with 2FA.
Step 7: Install apps from F-Droid when possible
F-Droid is an open-source app store. Apps there are auditable, ad-free, and tracker-free. For everything else, use Aurora Store (an anonymous Google Play frontend) instead of signing into Google Play directly.
Step 8: Use Vanadium or Brave for browsing
Chrome sends enormous amounts of data to Google. On GrapheneOS, Vanadium is the default browser — hardened Chromium without the tracking. On stock Android, Brave is a solid alternative with built-in ad blocking.
Step 9: Keep your OS and apps updated
Security patches close the holes that attackers exploit. GrapheneOS delivers updates faster than most stock Android devices. Don’t delay updates — install them the day they arrive.
Step 10: Think about what you install
Every app you install is code running on your device with whatever permissions you grant. Before installing anything, ask: do I actually need this? Is there a privacy-respecting alternative? Less apps = smaller attack surface = better security.
Why we're donating to GrapheneOS
We’ve been doing this work for years. Not at massive scale — but consistently, and with intent. Every setup we’ve done has helped someone take real control of their digital life.
Right now, GrapheneOS is facing serious engineering challenges. Porting and hardening the platform for Android 16 is a massive undertaking — months of work by a small team. It’s the kind of work that doesn’t make headlines but is absolutely critical for the future of secure mobile computing.
We use GrapheneOS every day. We build our business around it. We recommend it to every client who asks about phone security. The least we can do is put money back into the project that makes all of that possible.
Starting September 1st, we will donate €10 from every GrapheneOS installation we perform, sent directly to the GrapheneOS ETH donation wallet.
This isn’t a limited promotion or a one-time campaign. It’s an ongoing commitment, tied directly to our work. Every install we do, €10 goes back to the project.
GrapheneOS is a nonprofit. It doesn’t have a billion-dollar parent company funding development. It depends on the community that uses it. We think companies that profit from open-source security projects have a responsibility to support them financially — and we’re putting our money where our mouth is.
Transparency and privacy
Consistent with how we operate:
- We will not publish sales or donation figures publicly
- Donation details will be shared only within the GrapheneOS community
- No customer data will ever be disclosed — period
GrapheneOS operates as a nonprofit project. Its independence is what makes it trustworthy. There’s no corporate sponsor pulling strings, no advertising deal shaping feature decisions. Financial support from companies that deploy it helps keep it that way.
If you use GrapheneOS — or you’re thinking about it — consider supporting the project directly. Donate ETH, contribute code, report bugs, or just spread the word. The more people who use it and support it, the stronger it gets.
Privacy isn’t a feature toggle. It’s an infrastructure problem. GrapheneOS is one of the very few projects addressing it at the operating system level — where it actually counts.
Google Pixel 9 GrapheneOS VPN Encrypted
Google Pixel 9 Pro GrapheneOS VPN Encrypted
Google Pixel 9a GrapheneOS VPN Encrypted
Frequently asked questions
Why GrapheneOS instead of a regular Android with privacy apps?
Privacy apps help, but they can only do so much on a compromised foundation. Stock Android gives Google system-level access to your device — location, sensors, network activity, app usage. No privacy app can override that. GrapheneOS removes these privileges entirely and gives you granular control over what every app can see and do. It’s the difference between putting curtains on a glass house and building with solid walls.
Do I need to be technical to use GrapheneOS?
Not at all. That’s exactly why our service exists. We handle the installation, configuration, and app setup. You get a phone that works like any Android — messaging, browsing, banking, camera — but without the surveillance. If you can use a regular smartphone, you can use GrapheneOS. The interface is clean, familiar, and the learning curve is minimal.
Will my banking and work apps still work?
In most cases, yes. GrapheneOS supports sandboxed Google Play, which means apps that depend on Google services (banking apps, work tools, ride-sharing, etc.) still work — they just run inside a restricted sandbox instead of having system-level access. We test compatibility with our clients’ most-used apps during setup and configure everything in a dedicated profile so it doesn’t compromise the rest of your device.
Privacy is worth investing in
Your phone knows more about you than almost anyone in your life. Where you go, who you talk to, what you search for, what you buy. That data is valuable — and on stock Android, it’s being collected, processed, and sold whether you agreed to it or not.
GrapheneOS changes that equation. It puts you back in control of your own device. And by supporting the project financially, we’re helping make sure it stays independent, well-maintained, and available to everyone.
We’re doing our part. We hope you’ll do yours — whether that’s switching to GrapheneOS, donating to the project, or simply being more intentional about the technology you carry in your pocket every day.
Your phone. Your data. Your choice.
English 
Français 
Italiano 
Español 
Türkçe 
Nederlands 
Deutsch 
Svenska 
Polski 
Português 
Dansk 