GrapheneOS is an open-source Android mobile operating system focused on security and privacy. Developed since 2014 by security specialists (originally named CopperheadOS), it is primarily installed on certain Google Pixel smartphones. Unlike standard Android, GrapheneOS is “hardened”: it restricts system permissions to the maximum, voluntarily rewrites critical components (such as the memory manager), and removes all Google services. Its goal is to provide “maximum security and privacy, without Google trackers”. The project is managed by the GrapheneOS Foundation (a Canadian nonprofit organization). It mainly targets users seeking an ultra-secure smartphone. The final interface resembles stock Android, but without Google apps (only core apps and a dedicated app manager). Advanced features (automatic Wi-Fi/Bluetooth deactivation, anti-tampering bootloader lock, enhanced encryption via the Titan chip) are built in natively to protect the user.
Numerous events in France recently
In the fall of 2025, Grapheneos has been the subject of much discussion in the French Republic. On November 19, 2025, the newspaper Le Parisien published an investigation in which the judicial police described GrapheneOS as “a preferred tool of drug traffickers”. According to these police sources, phones running GrapheneOS – often Google Pixels – had “become the standard for drug trafficking,” allowing users to evade data extractions (for instance via phone access boxes) thanks to advanced protection features such as automatic wiping in case of inspection attempts. Le Parisien even mentioned the existence of a secret “Snapchat-like” app that would erase the phone if someone tried to unlock it (GrapheneOS subsequently explained that no such tool existed in their systems). The developers strongly denounced a disinformation campaign. They stated that GrapheneOS is a free and open project, distributed only via their official website (no “dark web” distribution or shady resellers).
In response to this event and some others ones, in this hostile environment for them, GrapheneOS made a radical decision: the servers hosting its website and discussion services (Mastodon, Discourse, Matrix) were moved outside France (to Canada and Germany). The foundation explained that authorities had become hostile to encryption and secure devices, citing, among other things, the government support for the European “Chat Control” regulation (monitoring private messaging). Practically, GrapheneOS remains available in France (users can download it from the official site), but its developers no longer feel safe working or traveling there.
Facts and disinformation
Several technical points have been clarified to correct myths fueled by popular media. First, the alleged “spy” features of GrapheneOS are largely exaggerated or invented. As mentionned before, le Parisien cited, for example, a supposed “fake Snapchat” erasing data on command and a mysterious “panic button.” However, as Frandroid emphasized, “this is factually false. (…) GrapheneOS is a hardened, open-source, free Android system that you install yourself. There is no subscription, no remote management, no magical ‘panic button’ installed by default”. The developers stress that none of these nonexistent features are present in their code and that real threats come not from them, but from malicious forks of the software. Indeed, the police sometimes confuse GrapheneOS (a legitimate project) with unscrupulous resellers who take the free code, add malware or obfuscation tools, and then sell these modified phones at exorbitant prices (sometimes €2,000 per Pixel) to criminals.
Next, GrapheneOS and its supporters argue that they have neither paying users nor ‘clients’ (it’s a free and open project). As a result, the OS stores no confidential data on its servers, meaning that this server migration does not affect essential security functions (signature verification of updates, encryption, etc.).
There has been no official DNS blocking order against GrapheneOS. While some governments impose site blocks for suspected criminal facilitation, there is no indication that French authorities blocked access to the GrapheneOS site or associated domains. However, the fact that GrapheneOS abandoned French hosting and authorities publicly discussed “dismantling” encryption tools is perceived by the community as authorities pressure to indirectly restrict the use of this technology.
Legislative and political stakes
In the background, the GrapheneOS controversy reflects a broader debate on the regulation of encryption and privacy. In France and Europe, there's many discussions about the need to “break encryption” to enable judicial investigations. Draft texts like the Chat Control regulation (currently discussed at the European level) aim to monitor private message content.