I’ve said it before, and I’ll say it again: our smartphones are incredible tools—but they’re also spyware magnets. Our smartphones constantly track us through apps, built-in radios, sensors, and the operating systems themselves. We carry these devices everywhere, giving them access to our location, cameras, microphones, and personal conversations. If privacy matters to you, it’s essential to plug these leaks.
Here’s the good news: you don’t have to ditch your smartphone to protect yourself. One of the biggest impacts I’ve made to transform my privacy is installing GrapheneOS on my phone.
To choose the right Pixel, there are 2 websites I recommend:
Always pick a device that will get security updates for as long as possible.
To avoid issues:
- Don’t buy Pixels bundled with carrier plans.
- If buying refurbished or second-hand, explicitly confirm with the seller that the “OEM unlock” feature is enabled. (Note: “Carrier unlocked” and “OEM unlocked” are not the same thing.)
A locked bootloader makes installing GrapheneOS impossible, so verifying this before purchase is critical.
The most private way to buy your Pixel phone is in-store, using cash. Electronics retailers like Best Buy in the U.S. usually carry Pixel phones. Cash helps you maintain anonymity, since credit card purchases link your personal information directly to your device’s unique identifiers.
grapheneos.org/install/web
We have a step-by-step tutorial you can follow along in our latest video:
How To DE-GOOGLE Your Phone!
The whole process usually takes under 20 minutes.
- In “Exploit Protections,” set your device to auto-reboot after 12 hours if not unlocked. This clears RAM (short-term memory), protecting encryption keys from theft.
- Leave USB-C settings on “charging only when locked” to prevent unauthorized data access via USB.
- Enable automatic shutdown of Wi-Fi and Bluetooth after 5 minutes of inactivity. This reduces location tracking.
- GrapheneOS built-in app store
- Comes pre-installed on your Graphene device (just search “App Store”).
- Includes essential default apps and optional sandboxed Google Play Services, if needed.
- Accrescent
- Comes from the GrapheneOS community and offers privacy-focused apps.
- Install via the built-in GrapheneOS app store.
- F-Droid
- Provides free, open-source apps built directly from publicly available source code.
- Installing apps through F-Droid simplifies managing updates compared to manually downloading individual APK files (but be aware that updates may be released more slowly through F-Droid due to its review and build process).
- Install F-Droid directly from f-droid.org.
- Aurora Store
- A privacy-friendly front-end for the Google Play Store, allowing you to download apps without linking them to a Google account.
- Install Aurora via the F-Droid store.
Privacy Tip: Keep your installed apps to a minimum—the fewer apps, the smaller your digital footprint and the fewer vulnerabilities you’ll face.
Why use secondary profiles?
- Individual Security: Each profile has its own PIN and encryption key, significantly enhancing security.
- Clearing Sensitive Data: Profiles can automatically reboot when you exit, wiping RAM and protecting sensitive data, like your 2FA or financial apps, from unauthorized access.
However, managing multiple profiles can add complexity, especially if you’re new to Graphene. Starting with a single profile is simpler, and many users prefer this initially.
- Owner Profile: Minimal essentials (browser, VPN, app stores).
- Daily Driver: Everyday apps (Signal, email, maps).
- Sensitive Apps: Apps I keep offline unless needed (2FA, financial apps).
- Invasive Apps: Less-private or rarely-used apps (Spotify, social media).
- Google Play Services: Apps requiring Google’s services.
- Sandbox Profile: Testing or higher-risk apps.
I recommend beginning with a single profile and gradually adding others as you find new use cases.
Setting up a secondary profile:
- Go to Settings > System > Users, and tap Add user.
- For sensitive profiles, toggle off “Run in background” to enhance security.
Unfortunately, some popular apps won’t function unless Google Play Services is installed. Usually, Google Play Services is incredibly invasive, collecting large amounts of data with elevated system-level permissions. But here’s where GrapheneOS shines: it offers Sandboxed Google Play Services, which treats Google Play like any other app—restricted and isolated, without special privileges or deep system access.
If you must use apps that rely on Google Play, you can install this sandboxed version without compromising the privacy and security of your entire phone. For even more control, isolate Google Play Services within a secondary profile to prevent it from interacting with or detecting other apps across profiles.
This way, you get the functionality you need without letting Google take over your device.
GrapheneOS feels familiar to Android users, but without bloatware and surveillance. It’s proof that enjoying technology doesn’t require sacrificing privacy—it’s about making informed choices and using tools that protect rather than exploit you.
We have many more privacy resources available. Explore our playlist covering privacy-friendly apps, alternatives, and practical privacy strategies
Your smartphone doesn’t have to be a surveillance tool. With GrapheneOS, you’ve already taken a huge step toward protecting your data.
Naomi Brockwell is a privacy advocacy and professional speaker, MC, interviewer, producer, podcaster, specialising in blockchain, cryptocurrency and economics. She runs the
NBTV channel on Youtube.
