Experimental release of GrapheneOS for Pixel 9a

Original Article ↗ Hacker News Discussion ↗

Rapid Pixel 9a support & device policy

  • Commenters note the turnaround is extremely fast; maintainers explain it’s eased by Pixels sharing a single Linux 6.1 kernel tree (with 6.6 for VMs) and very similar drivers across 6th–9th gen.
  • A large part of device bring‑up is automated via their adevtool and shared vendor state; most remaining work is integrating hardening features and fixing bugs they expose.
  • Support is limited to Pixels because other Android devices fail hardware security and update requirements (secure element, hardware memory tagging, pointer auth, long-term updates, relockable verified boot, etc.). Some recent Samsung devices nearly qualify but are crippled when unlocked.

Security architecture, kernels, and drivers

  • Android/GrapheneOS are Linux distros; Pixel drivers are standard Linux kernel drivers plus Treble userspace HALs.
  • GrapheneOS integrates hardware memory tagging (MTE) via its hardened allocator, exposing many latent bugs in drivers and Bluetooth/media stacks.
  • Large subthread debates kernel security: newer kernels have more features and bugs; they prefer well-tested LTS (6.1/6.6) plus Google’s GKI backports over bleeding-edge mainline. LTS maintenance quality and regressions are discussed in depth.

Relationship with Google/AOSP and upstreaming

  • Project has historically contributed significant changes to Linux, AOSP, and Pixels, but after Android’s partner management revoked their special access, they now upstream only when it clearly benefits their users, sometimes silently fixing vulns downstream.
  • Recent AOSP source policy changes are described as overblown; they relied mostly on stable releases anyway.

Privacy features, usability, and app compatibility

  • Sandboxed Google Play is a core feature; most apps (including Uber/Bolt/Discord/Steam, many banking apps) work, with Google services treated as ordinary apps with revocable permissions and optional network access.
  • Reports of extreme battery drain with sandboxed Play are called abnormal; maintainers point to community polls showing battery is usually equal or better than stock, with issues often due to complex multi-profile setups.
  • GrapheneOS keeps AOSP functionality, adding exploit mitigations, network location replacement, permission scopes, strong backup, etc., while avoiding removing features except clearly weak ones (e.g., pattern lock).

Banking, payments, and Play Integrity

  • Big limitation: Google Wallet NFC payments don’t work due to Play Integrity “strong integrity” checks. Some European users use Curve Pay or bank-specific NFC.
  • Crowd-sourced lists track banking app compatibility; many work, some require tweaks, and an increasing minority block non‑Google ROMs via Play Integrity.
  • Project promotes using Android hardware attestation with allowlisted GrapheneOS keys as a more secure alternative; several banks and financial apps have adopted this after user pressure.
  • One user describes filing a competition complaint in the Netherlands over Google/Apple’s effective NFC duopoly and Integrity API’s impact on OS choice.

Device limitations, hardware and other OSes

  • Some argue Pixel hardware is mediocre or lacks “techy” features like a 3.5mm jack; others respond that Pixels now closely match iPhones and that USB‑C / Bluetooth audio is the intended future.
  • Discussion on why mobile GNU/Linux distros can’t easily support modern phones: Android kernels and drivers are available, but non-Android stacks would be a huge security and usability regression versus hardened Android; GrapheneOS instead plans to host other OSes in VMs.

Backups, rooting, and user control

  • Built-in encrypted device-to-device backup uses the modern Android 12+ infrastructure and backs up all apps except data explicitly marked non-portable by those apps (e.g., login tokens, Signal’s own encrypted store).
  • Some users feel GrapheneOS is “more locked down” and not aimed at tinkerers; maintainers reply that the goal is strong, consistent security for everyone, not a hobbyist playground, though rooting is still technically possible (with consequences for app attestation).
  • Guidance: keep bootloader locked; A/B updates with rollback make update bricks extremely rare, and most catastrophic failures are attributed to firmware/hardware faults or unsupported tinkering.

Accessibility, call recording, and upcoming features

  • GrapheneOS ships an open-source TalkBack fork; users must install a TTS engine (e.g., Google, RHVoice) themselves. Team is considering first-party TTS and speech services, similar to their network location replacement.
  • Auto call recording is a requested feature; it’s on the roadmap but low priority given limited developer resources. Some users rely on third‑party recorders that use the mic path only.
  • Upcoming work includes random PIN/passphrase generators, better VPN lockdown, per‑app clipboard access toggles, and more.

User experiences and installation

  • Multiple users report long-term daily-driver use, often migrating from LineageOS, with satisfaction around privacy controls and app compatibility; main pain points are Google Pay and the small device list.
  • Web-based installer via WebUSB is praised; it can even be run from another Pixel using the Vanadium browser.
  • Some advocate GrapheneOS as one of the most important privacy projects, emphasizing its demonstrated resistance to forensic tools such as Cellebrite/GrayKey in public documentation.