GrapheneOS has the substantial privacy and security features documented at https://grapheneos.org/features. This is a list of differences from AOSP. We've landed assorted privacy/security upstream in AOSP and AOSP upstream projects like the Linux kernel. Those features are NOT listed on that page, because they aren't differences from AOSP anymore. We're confident enough in our ability to implement substantial improvements that we can land features upstream.
GrapheneOS has an easy to use web installer: https://grapheneos.org/install/web which is based on the fastboot.js library created with our funding.
We also now has a sandboxed Play services compatibility layer implementing a no compromises approach to providing app compatibility:
This will provide much more functionality than microG with better security and without sacrificing privacy by not giving Play any additional access than it has via the client libraries used by apps. It runs as a normal, sandboxed app and we provide fallback code for it to work that way. We return placeholder values for most of the privileged APIs and implement certain APIs like dynamite modules in an unprivileged way.
No need to bypass security checks in apps as has to be done to make microG work. That's a problem because microG doesn't uphold the same security model and checks as Play services. For example, it's not pinning component and server keys for important cases.
GrapheneOS currently has a much more barebones fresh install, but it's easier to install due to the web installer. The barebones installer is by design. We don't bundle proprietary services. We also don't bundle 3rd party apps and services unnecessarily rather than leaving it up to the user. We'll be providing a first party app repository with modern metadata signing, key rotation, delta update, stable/beta release channels, etc. within the next few months to make it easy for users to install an initial set of apps. High standards will be applied to the apps we choose to build for our repository.
Play Store requires API 29+ at the moment and that will be required to use the much safer unattended upgrade approach in Android 12 as opposed to the risky approach used by the Play Store, Aurora Store and F-Droid. We'll likely require API 30+ though.
F-Droid itself if API 25 (Android 7.1). The API level is the privacy/security level of an app. API 28 introduces a much stronger SELinux sandbox with per-app SELinux MLS domains protecting the app from others and other apps from it. There are many other improvements, with each API level making things better. For apps not distributed via the Play Store, this is a simple health check to see how much an app prioritizes privacy and security compared to simply getting it working.
GrapheneOS has an easy to use web installer: https://grapheneos.org/install/web which is based on the fastboot.js library created with our funding.
We also now has a sandboxed Play services compatibility layer implementing a no compromises approach to providing app compatibility:
https://grapheneos.org/usage#sandboxed-play-services
This will provide much more functionality than microG with better security and without sacrificing privacy by not giving Play any additional access than it has via the client libraries used by apps. It runs as a normal, sandboxed app and we provide fallback code for it to work that way. We return placeholder values for most of the privileged APIs and implement certain APIs like dynamite modules in an unprivileged way.
No need to bypass security checks in apps as has to be done to make microG work. That's a problem because microG doesn't uphold the same security model and checks as Play services. For example, it's not pinning component and server keys for important cases.
GrapheneOS currently has a much more barebones fresh install, but it's easier to install due to the web installer. The barebones installer is by design. We don't bundle proprietary services. We also don't bundle 3rd party apps and services unnecessarily rather than leaving it up to the user. We'll be providing a first party app repository with modern metadata signing, key rotation, delta update, stable/beta release channels, etc. within the next few months to make it easy for users to install an initial set of apps. High standards will be applied to the apps we choose to build for our repository.
Play Store requires API 29+ at the moment and that will be required to use the much safer unattended upgrade approach in Android 12 as opposed to the risky approach used by the Play Store, Aurora Store and F-Droid. We'll likely require API 30+ though.
F-Droid itself if API 25 (Android 7.1). The API level is the privacy/security level of an app. API 28 introduces a much stronger SELinux sandbox with per-app SELinux MLS domains protecting the app from others and other apps from it. There are many other improvements, with each API level making things better. For apps not distributed via the Play Store, this is a simple health check to see how much an app prioritizes privacy and security compared to simply getting it working.