GrapheneOS eliminates many classes of remotely exploitable vulnerabilities and makes the vast majority far harder to exploit. It even puts up a strong fight against attacks advanced forensic data extraction tools with physical access. See

GrapheneOS Discussion Forum

Cellebrite Premium July 2024 documentation - GrapheneOS Discussion Forum

GrapheneOS discussion forum

for an example.

A good sign that Pixel with privacy OSes actually give you freedom back.

No dicen lo mismo de apple, por que pueden acceder a tus datos simplemente pidiéndoselos

There's currently an example of one of these attacks on the project ongoing across Swedish forums and social media. This reached our forum at

GrapheneOS Discussion Forum

Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence - GrapheneOS Discussion Forum

GrapheneOS discussion forum

An account pretending to be just asking questions goes on to pretend to be an expert citing non-existent sources. This same thing is currently ongoing across several Swedish forums and on social media. It's generally not in English which makes it inaccessible to the broader GrapheneOS and privacy community so they can get away with extraordinary, unsubstantiated claims much more easily. GrapheneOS is not supposed to stop people installing malware and granting it invasive permission. It does provide alternatives to being coerced into granting invasive permissions by apps via our Storage Scopes, Contact Scopes and other permissions, but it's a user choice. GrapheneOS similarly not supposed to prevent authorized access to data by someone with the PIN/password and access to the device. Rather, we provide far stronger protection against unauthorized access via exploit protections, 2-factor fingerprint unlock, duress PIN/password, etc. Our features page at

Features overview | GrapheneOS

provides an overview of how GrapheneOS improves privacy, security and other areas compared to the most secure Android devices running the stock OS. It's not immune to exploitation and cannot be. Products making that claim are scams. Not being immune to exploitation doesn't mean it can be successfully exploited in a given real world scenario. It's significantly harder to develop and deploy an exploit successfully. It can be exploited, but it doesn't mean it is happening especially at scale or consistently.

If I understand it correctly the updates are signed with gos's private keys and the signatures are verified on the device before an update. For the FBI to publish malicious update they need to have access to the private signing keys. Similarly to how nostr works

GrapheneOS device requirements mandate verified boot, which means that updates cannot be rolled back to older versions and every update must be signed by us, or the device will reject installing it. The signing key for the updates are always air gapped. All the update servers do are host signed update deltas and version images. Compromising the server would simply just disrupt it rather than compromise users. For first-time installs, the user is encouraged to check the signing key hash on the "Your device is loading a different operating system" screen to see if it matches. The auditor app also can check for genuine GrapheneOS via key pinning and this can be done locally.

More bullshit from authoritarian sympathetic media. The vast majority of these abhorrent demographics are not using #GrapheneOS and they don't know what it is:

Ara in English

Technological warfare: the drug traffickers' motive against the police's Trojan horses

Google Pixel, with the Graphene OS operating system, is one of the preferred options for organized crime.

It is hilarious that the picture attached barely shows phones that look like Pixels, with weird camera bumps, headphone jacks and colour schemes? Am I supposed to believe this? Based on what is being said, these people are still getting charged (obviously, real world crimes have far more physical evidence than digital evidence), and so what? Why even associate us like this? Why talk about an operating system like this? Where is all this press for other privacy and security operating systems? Numerous nonprofits around the world and journalists use GrapheneOS as their first choice because it keeps them safe. This kind of press trying to associate our name with crime is unacceptable, unprofessional and authoritarian. If you play by their standards: Is Snapchat or Telegram crime software because it is an open secret that drug dealers in local areas love to use it? Is Discord or Twitter a service for predators because it's so egregiously popular and their design centered around publicity makes it easy to find accounts run by vulnerable demographics?

People’s democratic republic of Europe.

Here's an article from Citizen Lab on how the same Spanish government used exploits against political opponents in Catalonia:

The Citizen Lab

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru - The Citizen Lab

The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spy...

Bear in mind that even police using these will almost entirely be using them against people not convicted of a crime based on suspicion. #GrapheneOS would have been more likely to protect them.