Recently I have been using Graphene OS as my daily driver, and I'd like to share some nice things about OS itself, as well as some FOSS apps I only just discovered.
Graphene OS itself
Graphene OS is based on Android Open Source Project (AOSP), so you should experience a baseline that's roughly the same as you would with AOSP. Currently, AOSP is tracking Android 15, which is not a bad experience out of the box. For example, because my last phone was still stuck on Android 14, the fine granular "limited access" media picker on Android 15 is a great feature.
For apps that won't stop bugging you until you give it full access Storage Scope spoofs the app to make it think it has full access to storage, quite useful for "write only" kind of app (e.g. an invasive social media app but you still want to download media from it).
Of course, it comes with a bunch of unique features and deliberate elimination too, for example, it can disable USB-C port at a hardware level during charging when locked, and auto reboot to put data back at rest when you haven't successfully unlock device for a while. I'm mentioning these features because auto reboot is about to get added to Google Android too, it's one of the examples where Graphene OS is leading the features and practices in the Android security front.
Graphene OS also has hardened runtime for apps, for example, by default it uses a checked malloc to crash the app when it detects a heap memory corruption. Funny enough, for some apps including banking apps, they inherently have memory corruption issue so you have to disable the hardened runtime for them (which is called compatibility mode in Graphene OS).
One last feature I want to highlight but I'm not current using is the duress password, basically, it's a password you can enter at any password prompt and it will immediately wipe your phone. I suppose it will be useful when traveling across unfriendly security checkpoints for example.
Google Fi, Messengers, and RCS
It would have been more possible for me to not install the sandboxed Google Play service at all if not for Google Fi. The good news is the Graphene OS makes it dead simple to install the sandboxed Google Play and also supports e-SIM, which makes using Google Fi completely seamless.
However, RCS wasn't working even after installing Google Messages and setting it as the default messaging app. In the RCS menu of the Google Messages app, the error message alternates between "your device does not currently support this feature" and "no compatible SIM card detected".
The solution turns out to be simple but unintuitive. In short, after downloading the Google Messages, keep the non-Google Messages app as default at first. Go to Settings, and give all the necessary permissions to the Google Messages app, in this state, the RCS settings is actually available in the Google Messages app. Only now, you can set Google Messages as the default messaging app, and the RCS menu will still be available and it should start the RCS registering process.
User profiles
Graphene OS supports up to 32 total user profiles, while I don't think I can find a way to use even a handful of profiles, it's a nice touch, clearly they encourage you to use profiles to separate apps according to the level of trustworthiness.
Personally I have just one additional profile for invasive social media apps. By invasive I mean the ones I can't use via web browser. This incidentally also reduces the time I spent on these apps since switching profile has a much higher friction.
FOSS ecosystem
Here's one concrete workflow I probably use daily that is driven by both features from Graphene OS and FOSS ecosystems.
The goal is to take a photo from main profile, and share it via a suspicious app in secondary profile, with EXIF stripped.
The first app involved is Scrambled Exif, when you have a photo in gallery, you can select this app as "share target", it will strip EXIF and re-prompt the share menu, which saves you the trouble of making a copy and delete it later. The app is licensed under the GPLv3.
Now we have to cross the user profile boundary. To do that we use Inter Profile Sharing, this app essentially creates a web server from one profile, and download the files from another profile, and you can encrypt the communication with AES (set up one time password for both host and recipient profiles). You can also use this app to share app links and clipboard content. This app is also licensed under the GPLv3.
So the final workflow looks something like this:
Take a photo in main profile.
Use share menu and select Scrambled Exif as target.
A new share menu will appear, this time select Inter Profile Sharing as target.
Switch user profile, and click download from the pull down notification menu.
Share to your suspicious app.
P.S. Attack models?
At this point you might wonder, why bother? For me personally it's fun to see what people are doing and play with great customizability of FOSS stuff, fun is a big part of it. But if we be serious for a second, what kind of attack models are we trying to defend against?
Certainly I'm not using Graphene OS because I think a state actor is going after me. In that case, they could just iterograte everything out of me and none of these password protected things will matter. (oh maybe this is where duress password comes in handy). At the same time, this is also not just for when your device got stolen from you, iOS and Google Android are plenty safe in that regard, you can remotely lock your device and wipe it.
The way I see it, this is mostly to keep yourself away (or at least lower your exposure) to the day to day tracking and profiling by commercial entities. In many individual settings, it seems to be a reasonable trade off to sacrifice privacy for some convenience. The problem is, however, by assembling data one can readily buy, from data broker, malicious entities can get a pretty full picture of your life.
Another good reason to use tools like Graphene OS, Tor, Signal, and other privacy tools is to normalize it and to reduce fingerprinting possibilities for the journalists and whistleblowers – if we are all privacy conscious, being privacy conscious won't be conspicuous. Imagine the alternative world where only journalists use Tor and Signal, they'd be incredibly easy to track.