TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer
Update, July 3, 2025 (11:45 AM ET): The crew behind GrapheneOS is understandably none too pleased about their good name being dragged through the mud, and members are speaking out about these reports from Spain. Over on X, the official GrapheneOS account posts:
European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they’re something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
Security is a tool, and can be wielded just as much for good as it can for bad. While some people may see this as an indictment, we’d say it’s more the inevitable consequence of GrapheneOS just being very, very good at what it does.
Yeah, when the media is wrong, GrapheneOS out here correcting the media!
How it used to be old GSM phones like those from Nokia that were then the thing for the underworld.
Solid cop logic. Of the exact level you’d expect.
Reminds me of when the US tried to fight “terror” by kidnapping people and shoving them in Gitmo because they were wearing Casio watches, which is apparently a brand favoured by terrorists.
deleted by creator
Guess they’re gonna throw my kid into Gitmo then…
Spain can get fucked. They hate tourists and air conditioning too.
You’re allowed to be as anti-tourist as you would like but don’t even dare say anything about migrants or else you’ll get hit with hate speech charges
Aaand don’t come back!
You clearly don’t live in a tourist heavy zone. Also the fact that you generalise what some locals in selected very tourist heavy cities are doing with the whole fucking country is very telling. We are better without you <3
Your Airbnb was someone’s home.
there’s nothing wrong with being anti-gentrification. don’t act like a tourist and you’ll be fine
This is the best recommendation for a phone I’ve seen yet.
Thanks catalonian police
Be wary since as of Android 16, Google no longer provides device source for Pixel phones.
The grapheneOS team still got an android 16 release out relatively quickly
Because no new Pixel has come out yet, so they were likely able to adapt the A15 code. Once the Pixel 10 series comes out, it will be more difficult.
Google is still required to publish kernel sources, some of the higher level android code might be tricky but I’m not sure if the GOS team have said anything yet.
I’m not talking about kernel sources, but the Android device sources, which are separate.
AOSP is still open source, it’s just the source code is no longer released continuously and the reference device has changed from the pixels to a virtual device.
I’ll keep in mind thanks
The cops quite obviously don’t think owning a Pixel makes somebody a drug dealer. But if they arrest or detain a suspect then owning a Pixel flashed with GrapheneOS isnt exactly a sign of innocence. Even if nothing could be extracted from the phone, I’m sure a judge and jury could be convinced what they were doing if they have such a device in their possession.
Also, regardless of the security the OS claims to have, most criminals are not the brightest and I bet some can be squeezed to hand over the key or the phone can be unlocked with a face id or fingerprint. It also motivates the cops to do what they’ve done in the past where they have compromised supposedly secure operating systems or apps and installed backdoors.
OK. Owing an iPhone or Samsung also isn’t a sign of innocence, it’s just a phone, just like a Pixel. There may be a higher incidence of people owning Pixels being drug dealers/traffickers, but there’s also likely a lot of people who have them who aren’t drug dealers/traffickers, so that fact isn’t useful as evidence.
You’re getting it the wrong way around. People aren’t arrested for the phone they have. This is a complete nonsense by a clickbait article. They are arrested based on observation or intelligence of criminal activity. After the fact, when they are arrested they are found to have one of these phones flashed to use a privacy OS. Do you think such a phone convinces the cops they got the wrong person or not? The answer quite obviously is it convinces the cops this person is a criminal and is attempting to hide what they are up to.
It would be absurd to think cops are staring at people’s phones to initiate arrests because they are not.
Whether it convinces the cops isn’t nearly as important as whether it convinces a judge/jury. I highly doubt “suspect’s phone is too hard to break into” would sway a jury to believe they’re a drug dealer.
Cops need to do a proper investigation and prove guilt beyond a reasonable doubt. The type of phone someone has shouldn’t significantly impact any of that, though having a phone they can break into may make that investigation easier.
Why would they need a “sign of innocence”?
This is not hard to understand.
Having a phone installed with an OS favoured by criminals doesn’t exculpate a person arrested for criminal activity, or make the cops think they’re innocent.
Sure, but it’s also not evidence of wrongdoing. What phone you choose or what OS you run on it isn’t evidence of anything.
Feds??? WTF!
They’re mad they can’t use cellbrite to snoop on properly configured GOS phones and that they actually have to do real police work to catch drug dealers
Yes. They (cellebrite) don’t mention GrapheneOS support very loudly because it’s poor. They can’t decrypt one that’s BFU (Before First Unlock), not even by brute force if it’s a 6 digit passcode apparently. Don’t know if they can get data from an AFU GOS pixel. A year ago when their internal docs leaked, they also had no support for latest iOS at the time, but had brute force support for older versions as long as phone itself wasn’t too new and had AFU access without brute force for even older versions.
Moral of the story: if there’s a chance police might take your phone to investigate for a crime you hopefully didn’t even commit, shut down your phone completely - the 5x power button trick on iOS disables biometric unlock, but the device itself stays decrypted and thus more vulnerable. Also keep your OS up to date.
If you’ve got a phone that’s neither iOS nor GrapheneOS, it’s probably pretty much Swiss cheese anyway. IOS isn’t as good as GrapheneOS either, but it offers some protection against Cellebrite if up to date and BFU. But if they keep your phone for long enough (months, years), they’ll get it unlocked because you can’t install updates that would patch any newly discovered vulnerabilities and one day they’ll find a BFU unlock for it, probably.
Does a full shutdown encrypt all contents on iOS? This is something that everyone entering the USA as I have to do annually needs to think about.
It’s all encrypted in storage. The decryption key is in the secure element / TPM chip, additionally protected by your PIN / password. Shutting it down unloads all encryption keys from memory.
Beware that US customs / immigration / border control can seize your phone and refuse entry.
What happens if I turn it back on but don’t unlock it? Are the encryption keys in memory?
They’re not in memory until the first unlock, that’s why there’s the AFU vs BFU distinction for cellebrite unlocking devices incl iPhones.
But as the other person said, they can seize your phone and refuse entry. If you need to travel to the USA annually and you don’t want them to see your shit, you may want to have a decoy phone that’s not logged into your real accounts or have many photos on it. Just enough to make it believable it’s your real phone, but not enough to help them forge anything on you.
I am a non-resident US citizen so I believe it would be more difficult for them to search and hold me without trial or legal representation. But these days anything is possible.
Yes, but customs can still compel you to unlock your phone as we have recently seen with the Norweigan tourist who was denied entry due to having a JD Vance meme on his phone.
I would recommend having a separate phone with non-important data on it to take with you to the US, or have a self hosted cloud service that you can backup your data to before wiping your device.
You essentially don’t have rights at the border (or in general with the current US government).
How can they compel me?
You either unlock it or we send you back.
Can they really deport a US citizen?
Are they allowed to? Absolutely not. But… who is stopping them?
Other countries can. But technically, the US government cannot deny a US citizen access.
deleted by creator
Threatening to detain you indefinitely (your rights aren’t the same at the border/customs as they are after entering the country), or just outright deny you entry.
I heard they can’t actually hold you more than a couple days if you are a citizen./?
That’s after you go through customs. AFAIK, that doesn’t apply to people coming into the country.
Although this administration holds people more than 48 hours regardless.
Grapheneos also has options to just disable data over the USB port when its locked. Or disable it outright.
Yep, disabling it entirely allows for charging when the device is off, but otherwise, it is functionally useless and is disabled at the hardware level.
Ooh nice.
LineageOS also has this feature.
Graphene OS in particular comes with a default feature enabled called Auto Reboot to protect against this. I think it’s set to 18 hours by default because that’s what mine is, but you can go as low as 4 hours.
If you have it set to four hours, I’d wager your phone would reset way before the pigs had enough time to try and get their way in.
iOS started doing this a year or 2 ago, but unfortunately it’s 3 days and not configurable
Yeah, I have mine at 4 hours and it’s pretty good. It triggers while I’m at work sometimes, but other than that, it’s mostly just when I sleep.
Can confirm. Own pixel, deal drugs.
But do you live in Catalonia?
Doesn’t a Google Pixel device come with its own OS image by default, independent of Graphene OS? Is there some kind of step that we’re missing here?
It does, but a lot of people but the pixels specifically to put graphene on it because graphene they’re compatible and graphene offers better privacy and security. What I’m getting here is drug dealers are using graphene to dodge digital narcs and it’s becoming common enough that the Venn diagram skews heavily to drug dealing.
I mean yeah, I’d say 250k is a lot for a 3rd party phone OS.
The experience speaks for itself. I dont know of anyone who’s ever willingly gone back to stock android either.
Yes. Cops are idiots. Duh.
You can buy them with either stock Android, or Graphene. Meaning you don’t need to re flash the device or anything.
You cant buy grapheneos preloaded on anything and doing so would be pretty foolish since it could be backdoored. GraphenOS is aimed at people who value security and privacy, you dont let some rando flash your phone if you value those things.
You absolutely can, just not from the manufacturer. But I agree that it’s dumb, installation is easy and doesn’t come with the added risk of the seller putting on some spyware or whatever.
I think this is incorrect but I could be wrong.
You can not buy a Pixel device preloaded with GrapheneOS. They only come from Google with their standard Android and it’s up to the end user to install GrapheneOS. Unless you buy a used Pixel device with GrapheneOS already installed.
Hmm, you used to be able to buy them directly from Google, but that doesn’t seem to be the case any more.
Umm… I don’t think that’s right. I don’t think you could ever buy a phone from Google with GrapheneOS.
If friends asked I would flash their pixel with Graphene, then set it up basically as they would use it for them.
Getting started was complex, your average user won’t have a good experience getting their apps added without a power user helping.
I would like to install it someday but I’m afraid of this process
Its really not too complicated. Id recommend doing it using a other phone as the installer rather than a PC though, just goes smoother IMO. Very straightforward web installer, just push buttons alongside the instructions.
What’s the complex part?
Technically if something goes wrong you will need help and need to find answers on your own. If you are confident using duckduckgo searches to find answers for technical problems already you should be fine, and most likely won’t even need support at all.
deleted by creator
Yeah I’d consider that as a used phone. I’d only get the hardware from the OEM and install GrapheneOS myself. Less chance of man in the middle. It’s super easy to install using the web installer.
This is a weird advertisement, but I kind of want grapheneOS now.
I have an iPhone since the first one and I wanna try it to.
Shameless plug for SwapMyOS
Been on it for ~2 years and never going back, fuck Google, fuck the government.
Well you still bought a Google phone
True, with the intention of installing Graphene OS on it. No other options.
They’re easy to get used!
Strange that google is the only option for the only “secure” operating system.
Hey, do you know what is Ring Level minus One ?Strange that google is the only option for the only “secure” operating system.
The have their reasons: https://grapheneos.org/faq#future-devices
Hey, do you know what is Ring Level minus One ?
I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.
First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.
Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).
So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.
“-1” is not just hypervisors, things like Intel Management and AMD Platform Security Processor can peer into system memory. I have no doubt similar system exist on ARM, I suspect the radio transceiver can also read system memory and read secrets out of the security devices.
I don’t think modern phones are trustable devices. They are opaque blackboxes, pretending to have high security but this security only really protects the spyware operators from being notices.
I don’t think it’s coincidence that the most “secure” and “private” operating system only operates on a very narrow model selection of phones from just one manufacturer. Probably because they have the best technology to keep the inherent backdoor invisible and implausible. A backdoor to a system nobody trusts wouldn’t be very useful.
The original post is about how it’s so secure the piggies can’t get in. Unless the super secret backdoor is only for the shadow government to disappear dissidents with no trace, thus keeping their super secret backdoor secret.
I’ve also been using it for like 2 years but I really want the hardware of something like the Fairphone. A fairphone or something similar with Graphene would be amazing
The Graphene OS people have always been talking about how they eventually intend to develop their own hardware. So, possibly they will make something good eventually.
Would be sick. If they also make it open enough to try out mobile Linux, I’d totally buy it and try to transition (esp. if it can dual boot).
Not develop their own hardware, but contract an established manufacturer to do it for them. Which is good, they have no business doing hardware!
Epic
You can technically put GrapheneOS on a Fairphone, but it’s not officially supported.
Long term, the GOS team is looking to branch off from their reliance on Pixels.
Been on it for about 19 months now, it’s what Android should be.
Glances at my new Pixel, Welp, I guess I ain’t ever goin’ to Catalonia. Not that I was planning to go there anyway.
***Tinfoil conspiracy: Maybe this a scare tactic to keep the British out of Spain.
Install Graphene
Installing Graphene doesn’t lessen the danger of your Pixel bursting into flames because of the old and dangerous batteries.
Maybe it helps
Removed by mod
Spain? Federal? Must be the victim of that American “education”.
Congratulations at finding the most unimportant part of this post and wasting your time by typing out a useless post and clicking “enter”
Because it’s not relevant at all that Americans keep insisting on thinking that everyone else is just like them. Never caused any issues.
I don’t think it’s very relevant to the discussion of drug dealers using Graphene.
You clearly have some sort of issue if an American making a small mistake gets you this upset
Lol, yes, posted at late American time, mentioning “feds” in EU, for a split second I thought we had a major international incident because some stupid badged individuals powertripped to Spain ‘to bust a crim’nl’.
I’m glad they didn’t, tho it would be at last something to read about.
