GrapheneOS
GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. GrapheneOS also develops various apps and services with a focus on privacy and security.
GrapheneOS is a collaborative open source project, not a company. It's used and supported by a variety of companies and other organizations. It won't be closely tied to any company in particular. There will eventually be a non-profit GrapheneOS foundation, but for now the developers represent the project.
GrapheneOS has made substantial contributions to the privacy and security of the Android Open Source Project, along with contributions to the Linux kernel, LLVM, OpenBSD and other projects.
GrapheneOS was founded by Daniel Micay in late 2014. It started as a solo project was subsequently sponsored by a company that is no longer associated with it. The copyright for GrapheneOS code is entirely owned by the GrapheneOS developers and is made available under OSI approved Open Source licenses. All of the code written by people under contract with the former sponsor was removed from the project due to becoming obsolete, long before it was known as GrapheneOS. The code that remains from the previous era is entirely owned by Daniel Micay, was never written under any contracts or employment agreements, was never assigned to any company or organization and was the continuation of the original independent open source project. The former sponsor attempted to take over the project through coercion, but they were rebuked, and since then they've taken to fraudulently claiming ownership and authorship of our work which has no basis in fact. The former sponsor has engaged in a campaign of misinformation and harassment of contributors to the project. Be aware that they are actively trying to sabotage it through any means necessary to support their failing business. This paragraph was reluctantly included here despite wanting to move forwards and will be expanded if necessary.
Official releases are available on the releases page and installation instructions are on the install page.
See the GitHub organization for sources of the OS and various standalone sub-projects including the cutting edge new hardened memory allocator and other projects.
The official GrapheneOS releases are supported by the Auditor app and attestation service for hardware-based attestation. For more details, see the about page and tutorial. You can also extend these with support for your own builds.
Roadmap
Details on the roadmap of the project will be posted on the site in the near future.
To get an idea of the near term roadmap, check out the issue trackers. The vast majority of the issues filed in the trackers are planned enhancements, with care taken to make sure all of the issues open in the tracker are concrete and actionable.
In the long term, it aims to move beyond a hardened fork of the Android Open Source Project. Achieving the goals requires moving away from relying the Linux kernel as the core of the OS and foundation of the security model. It needs to move towards a microkernel-based model with a Linux compatibility layer, with many stepping stones leading towards that goal including adopting virtualization-based isolation.
The initial phase for the long-term roadmap of moving away from the current foundation will be to deploy and integrate a hypervisor like Xen to leverage it for reinforcing existing security boundaries. Linux would be running inside the virtual machines at this point, inside and outside of the sandboxes being reinforced. In the longer term, Linux inside the sandboxes can be replaced with a compatibility layer like gVisor, which would need to be ported to arm64 and given a new backend alongside the existing KVM backend. Over the longer term, i.e. many years from now, Linux can fade away completely and so can the usage of virtualization. The anticipation is that many other projects are going to be interested in this kind of migration, so it's not going to be solely a GrapheneOS project, as demonstrated by the current existence of the gVisor project and various other projects working on virtualization deployments for mobile. Having a hypervisor with verified boot still intact will also provide a way to achieve some of the goals based on extensions to Trusted Execution Environment (TEE) functionality even without having GrapheneOS hardware.
Hardware and firmware security are core parts of the project, but it's currently limited to research and submitting suggestions and bug reports upstream. In the long term, the project will need to move into the hardware space.