In a market dominated by Android and iOS, a few mobile operating systems are daring to do something different. Graphene offers increased security for high-risk individuals and organizations, while /e/ wants to make privacy accessible to everyone. The two OSes are fighting against surveillance and surveillance capitalism, protecting consumers from the prying eyes of both nation-states and data-hungry companies.
The first, GrapheneOS is gaining traction within the cybersecurity community, where it’s praised for being stable and reliable. The open-source mobile OS with hardened security was created by Daniel Micay, a meticulous developer who cares about “advancing the state of the art” in security. He built Graphene from the ground up, saying that it was the only way to achieve his desired level of privacy, security and robustness.
While Micay is creating a mobile OS for high-risk users, another entrepreneur is taking a different path. Gaël Duval, the mastermind behind Mandrake Linux, is building a privacy-focused OS that’s easy to use. Customers can buy refurbished phones with /e/OS preinstalled, which work straight out of the box, just like any other Android device, but don’t send piles of data to Google.
/e/ and Graphene are part of a new wave of operating systems that are slowly building an audience. “Consumers are seeking innovative, more secure, and more private alternatives to the Google and Apple smartphone duopoly,” says Sean O’Brien, founder of Yale Privacy Lab. “I’ve tried nearly every smartphone operating system currently available. In many ways, options like Graphene and /e/ are more feasible, intuitive and functional than the defaults shipped by big OEMs.”
GrapheneOS: Hardened security and impressive battery life
GrapheneOS is mostly a one-person show. It’s the brainchild of Toronto-based security researcher Micay, who also worked on CopperheadOS but is no longer part of the project.
With GrapheneOS, he did most of the work. “I created 99% of what exists at this point,” he says. This tight control allowed him to develop a mobile OS that matches his ambitions and his desired level of hardened security. “There isn’t another project like it at all,” Micay argues. “I don’t think it has competition.”
The OS was designed in a way that eliminates several classes of vulnerabilities, the grapheneos.org website reads. “It has a hardened kernel, libc, malloc and compiler toolchain with many low-level improvements.”
At first glance, Graphene looks just like stock Android. You need to manually install it on one of the officially supported phones: Pixel 2, 2 XL, 3, 3 XL, 3a, and 3a XL. (Graphene’s support for the Pixel 4 and 4XL is under development, but there isn’t a timeline.)
The OS has a Spartan feel, with few things bundled into it. Given its private and secure nature, it doesn’t use Google Play services, and it doesn’t include the Google Play store. Only a few apps are directly available, such as Vanadium, a hardened variant of the open-source Chromium browser. Users who want a wider range of tools can download the F-Droid app store, which has free and open-source apps.
At some point, Micay hopes to have his own store. Although he plans to create just a small repository, he says the task is time consuming: “We can rarely find high-quality open-source apps [that don’t use Google Play services] so we’ll either need to develop them ourselves or inspire others to do it.”
Starting an app on Graphene could take a few milliseconds longer than stock Android, and it might use more memory because of increased security. However, after the app starts, there’s no noticeable lag.
GrapheneOS a fit for some threat models
Most security researchers who have used Graphene speak highly of it. Baptiste Robert, known for uncovering holes on Android, argues that GrapheneOS is “the best candidate” for some security-focused threat models. “Daniel did a fantastic job by creating this hardened version of Android,” Robert says, adding that he has “huge respect for his skills and his work.”
Costin Raiu, the director of Kaspersky’s Global Research and Analysis Team, has found Graphene to be “extremely stable.” He says that a reasonably capable IT department can set up and manage devices running this OS without too much disruption.
“The installation, monthly upgrade and general maintenance was very smooth and completely without any problems,” Raiu says. “It can be a good companion, a secure phone that high-risk organizations could deploy to their people, coupled with a secure messenger such as Threema.”
GrapheneOS is not just secure and stable. It’s also energy efficient, because many battery-draining background processes normally found on Android devices are cut out. Most researchers say that the battery lasts two or three days on a single charge. With minor usage such as checking news from time to time and browsing, it can last for up to 10 days, Raiu says.
This OS could help government employees, politicians, intelligence officials, security researchers (notably those looking into state-sponsored cyberattacks), journalists, privacy advocates, and human rights activists, in addition to companies doing sensitive work, according to Raiu.
“To be safe, stack a few security layers together,” he says. Depending on the situation, one can use a GrapheneOS phone without a SIM card, for an enhanced degree of anonymity. The device could also connect to “a small Raspberry Pi-style router, broadcasting a WiFi network over TOR or a VPN,” Raiu suggests.
One more exciting thing about Graphene, users say, is Daniel Micay’s determination to push the boundaries of security. The OS has already led to improvements across the board, including in the Android Open Source Project (AOSP). To achieve more, Micay says he needs passionate developers willing to help.
While Micay is working on his project meant to help the more tech-savvy community, French entrepreneur Gaël Duval tries to unGoogle everyone’s lives.
/e/OS: Privacy for everyone
In the late 1990s, when installing Linux was a laborious process and running it often required command line wizardry, Gaël Duval shifted the paradigm. He wanted everyone to use Linux, not only techies, so he created Mandrake, the first user-friendly distribution. Soon, his product reached millions.
“With /e/, I’m in the same state of mind as with Mandrake,” Duval says. “Engineers who make great products that are complicated to use say ‘People just need to learn or read the f***** manual.’ But the truth is that they just don’t like to build mainstream user interfaces.”
Duval launched the privacy-focused /e/OS at the end of 2017 with a Kickstarter campaign that raised more than $110,000. It was enough money for the French entrepreneur to do a Google-free fork of LineageOS. (Lineage, a free and open-source mobile operating system based on Android, is the descendant of CyanogenMod.)
Later on, an Indiegogo fundraiser allowed Duval to get an additional $120,000 to create a product that’s easy to use, yet privacy friendly. He says /e/ is more focused on privacy than LineageOS. “They offer Google search by default, use Google servers for connectivity check… they don’t have any plans for deGoogling as far as I know.” Duval has replaced the Google services with microG, a free and open-source implementation of Google libraries.
In fact, most of the apps included are open-source, although the phone gives the user a genuine Android experience. The web browser is an unGoogled fork of Chromium, the mail app is a fork from K9, the search engine is based on Searx, while the camera app is a fork of OpenCamera. Duval also chose MagicEarth for maps, and a fork of GoodWeather as his weather app. Users can also download apps via F-Droid.
“The most important thing I learned from the Mandrake Linux experience is that you can have the best operating system on the planet, people use applications first,” Duval says. He believes that a variety of apps is instrumental in succeeding on the market. He also wants those apps to be fair to customers and not collect mountains of information like big tech products do.
“If you use an iPhone, about 5MB of personal data goes to Google servers per day,” Duval says. “For Android, that’s even worse: about 12MB per day. Many people are not comfortable with this situation.”
It’s not just Google that collects data. London-based researcher Gabriel Cîrlig recently showed that phone manufacturers also accumulate an ocean of personal data. He analyzed a Xiaomi Redmi Note 8 device and found that it was sending 1.5MB of personal data a day to remote servers in Singapore and Russia. This was pure personal data the user could not opt out of, and it included the music they listened to and the folders they had.
The magnitude of the data collection issue is something that bothers Duval. “The purpose of /e/ is to offer people a choice,” he says. He targets a broad audience. Users can install the ROM on their device free of charge, but if that’s too much trouble, they can also buy a refurbished phone that’s already set up for them for as little as €250. The /e/ online store mostly offers Samsung Galaxy devices, but a new Fairphone 3, built with minimal environmental impact, can also be purchased.
Like any project, /e/OS has its critics. The operating system has “all of the same security issues as LineageOS,” a researcher who goes by the name of madaidan argues. “It disables verified boot, which is used to make sure that the firmware, bootloader, OS, etc. are not tampered with.” He argues that most custom ROMs use userdebug builds (which add extra debugging attack surface), allow root access via adb, don’t include firmware updates, and weaken SELinux policies.
“/e/OS is not about hardened security, at least for now,” Duval says. “It’s not for people who can be targeted by governments, intelligence services or illegal organizations. We are making a mobile phone ecosystem that lets users escape the permanent and industrial harvesting of their personal data.”
In the short run, Duval hopes to add new privacy features, and to further improve the user experience. “In the long run, our goal is to become the de facto standard mobile ecosystem for users who want more privacy, and generally, a more ethical mobile environment,” he says.
Can Graphene and /e/ build an audience?
Thriving on the mobile OS market where Apple and Google have 99% marketshare is challenging. “If [Graphene and /e/] expect to sell millions of devices, they are delusional,” says Francisco Jeronimo, associate vice president of devices for IDC EMEA. He argues that better privacy and security might not be enough to reach a decent market share. “Everyone claims to be interested in security and privacy, but the majority of consumers, despite being aware of the risks, will continue to use their normal phone.”
Still, Jeronimo believes GrapheneOS and /e/OS can make some money, if they do everything right: “There is a small niche of users and companies who strongly care about security and confidentiality, and don’t want to be surveilled.”
To Yale Privacy Lab’s O’Brien, this small niche is worth defending despite all the difficulties. He says that people who want better privacy and security should be able to get it. “On a planet filled with spy sensors under the purview of the US, China, and smaller powerful states, the outlook for privacy, autonomy, and liberty looks grim,” he says. “Those who have dedicated their lives to replacing big tech know the barriers are huge but fight anyway.”
O’Brien argues that the COVID-19 pandemic and the protests around the globe “may have already tilted the scales of control into the hands of government,” and that having options might be the only way of preserving digital freedom for those who need it the most.
Copyright © 2020 IDG Communications, Inc.