How much do I gain from switching to it instead of say, remaining on the Stock Android?
Edit: This looks comprehensive — https://staging.grapheneos.org/features
Beyond that, most of the other advantages will be less visible. They have hardened memory allocators that make various classes of security beaches significantly more difficult. There's a lot less superfluous background services eating resources. All that and more are listed on their website. It's well worth a read.
Remarkably, Nationwide (UK) runs perfectly even without Google services. (Except it doesn't poll for payment confirmations but that's understandable. They're always fetched when you open the app though. Or it could be my setup). It's actually quite shocking and it speaks to Nationwide as being a decent organisation.
It's also not necessarily a downside. Having your banking app on your phone can be a risk of you often take your phone out in public
The absolute blocker is Google Pay. That isn't supported
Many seem to work, if you apply some tweaks. Google Wallet NFC payments totally don't, I believe.
https://privsec.dev/posts/android/banking-applications-compa...
with its github backend
https://github.com/PrivSec-dev/banking-apps-compat-report
If you are in Europe, Curve recently enabled mobile payments without Google Pay, and that might solve the issue (but I haven't tried it myself).
Some app that don't work because they require strong integrity are listed here: https://grapheneos.org/articles/attestation-compatibility-gu...
Awesome to read the support chat from nationwide saying it's explicitly supported. I figured as it works so well.
They're a very decent building society/bank if anyone is looking for a new one!
My solution to this is put the bank apps that are annoying about it on an old phone (I knew I'd find a use for one eventually!)
Here's an example demonstrating the impact of our security improvements:
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
February 2025 Cellebrite Premium documentation was posted by someone further down in the thread, which is essentially the same overall situation.
https://discuss.grapheneos.org/d/20401-grapheneos-improvemen... has some details on how we've improved that since early 2024.
The stock Pixel OS is approximately AOSP with a bunch of Google apps deeply integrated into it. Pixels don't actually change anything compared to the AOSP code, they just substitute various components with their own and add a bunch of overlays, apps, etc. AOSP has all the stuff they need to provide that included already. They give extensive privileged access to Google Play and various other apps via privileged permissions, SELinux MAC/MLS policy (which is included in AOSP) and various allowlisting, etc. They also use Play services, etc. as backends for various AOSP APIs. One of our major features is our sandboxed Google Play compatibility layer enabling running Google Play services, Google Play Store, Google Search, etc. as regular sandboxed apps with no special access at all where users don't even need to grant them the regular non-privileged permissions like Contacts, Location, etc. to use most of their functionality (some functionality requires that such as if you wanted to use Google Maps location sharing or Google Contacts sync).
This could be very useful. My Google skills came up short. Do you have a link?
This is an OS for people who care more about privacy and security than having an everyday usable phone. It is very much not for normal people.
Google Wallet does not work, therefore I cannot use my phone to pay wirelessly with my Neon card, which is a shame.
The only apps I had trouble with were Twint (had to install it with F-Droid, as Play kept telling me it was not compatible with my device), and... the McDonald's app (which forces me to move my fat ass to one of their kiosks to order my food instead of doing it from the table).
From 2 years ago: https://www.reddit.com/r/GrapheneOS/comments/126nd51/comment... -> Sounds like Curve (without Google Pay) wasn't officially supported in Europe and didn't work for most people.
However, this seems to have changed a couple days ago:
https://www.reddit.com/r/curve/comments/17txz6u/comment/mkwl...
https://discuss.grapheneos.org/d/443-gpay-alternatives-for-g...
https://discuss.grapheneos.org/d/475-wallet-google-pay/105
https://discuss.privacyguides.net/t/curve-pay-available-as-a...
This is in line with an interview with the CEO of Curve from last month, https://paymentsconsulting.com/qa-with-shachar-bialick-at-cu...
> We are launching Curve Pay in beta for Android soon and plan to release it on iOS thereafter. This will allow customers to use Curve as their default wallet, just like Apple Pay or Google Pay.
…and with various German news sites reporting that Curve Pay is now available in Germany (and likely other parts of the EEA).
Side note, balatro-mobile-maker works really well as an unofficial port to Android. https://github.com/blake502/balatro-mobile-maker
GrapheneOS is intended for everyone.
> It really only works well if you don't rely on any apps that depend on Google play, like steam or discord.
Steam, Discord and the vast majority of Android apps work perfectly on GrapheneOS. Sandboxed Google Play is a robust feature which works very well. If you're choosing to completely avoid using Google Play, that's your choice. Steam and Discord both still likely work without it, but without push notifications since they have no alternative to FCM as certain other apps do.
> If you're on AT&T, you don't get caller ID or voicemail.
You do get caller ID and voicemail on AT&T. Visual voicemail doesn't work with AT&T with the built-in Dialer app because it uses a protocol not supported by AOSP. It does work with Google Dialer based on user feedback on our forum.
> This is an OS for people who care more about privacy and security than having an everyday usable phone. It is very much not for normal people.
GrapheneOS is very usable as an every day usage phone for regular people. Nearly every Android app can be used on it. It sounds like you were choosing to use it without sandboxed Google Play, which is a choice to have a more limited app and service ecosystem. That's not the same as a choice to use GrapheneOS. It can be used like a regular Android phone with 1 profile containing sandboxed Google Play, or people can use sandboxed Google Play in a specific profile with most of their apps in another profile. Using it without sandboxed Google Play in a secondary profile is something many GrapheneOS users do successfully but it's in no way required or expected. We wouldn't have made that huge feature if we didn't want it to be used by a lot of people.
Compatibility with carriers also improved a lot a few years ago. Configurations for most carriers are pulled in from the stock Pixel OS. Some US carriers do weird things that depend upon having highly privileged apps bundled into the OS which, for security reasons, GrapheneOS doesnt include. I dont recall AT&T being one of them.
GrapheneOS is very usable and fine as a everyday phone for normal people.
I will contact them to try to get them to support GrapheneOS, but I will not be holding my breath. I uninstalled it in the meantime and use my computer. If they ever require the app I would likely switch to a different bank.
You do not get caller id on AT&T, and you do not get voicemail notifications until sometimes hours or days after the fact. I ran this on my pixel 8 for months. I had to actively call into my voicemail number like it's 2005.
The secondary profile stuff is just about useless. It's one step above having multiple independent devices. I did try having a Google profile, but you can't get notifications between profiles. You get a notification that there is a notification, so you then have to go through the entire 30 second process of switching profiles, which disconnects your Bluetooth headphones to check the other profile.
If you think regular users and normal people want to put up with this, you should really re-evaluate what you think an average user is. This is for hyper nerds who care more about security ideals than functionality. Graphene is not for the average person who wants caller id, voicemail, camera, and a web browser.
It is not usable for normal people who want to use their phone to stay in contact with others.