(Headline article below) It would seem that Graphene OS is the gold standard for privacy for how they change and lock down the device, also using sandboxing. The other devices are based on Lineage OS per my memory and not quite as secure and locked down, and without the complete privacy protection from Google. And France recently detained the Telegram billionaire, but he’s more of an asset and perhaps theater to make it seem that he was protecting users more than he actually is (client is opensource but not the server with their custom, questionable encryption), and he’s has citizenship in three countries including Antichrist‘s UAE. And clearly Google allows their devices to be less secure purposely, as I have a post on how they can be broken into before first unlock via a leaked graphic from a Cellebrite presentation I’ll include below. All updated Graphene OS devices could not be broken into before first unlock. So governments that don’t want you to be able to lock them out of your devices, do not want to have you running Graphene OS, but so few people use Graphene OS that it really doesn’t make sense to go after them and give the project exposure, as I believe they had 30,000 smartphones that hit the update servers.
The drama surrounding GrapheneOS has escalated from a debate over security patches to what looks like full-blown corporate and geopolitical warfare. Following heavy scrutiny in the French press, where the OS was branded a “tool for traffickers,” the GrapheneOS team has initiated a scorched-earth response.
They are pulling their server infrastructure out of France, openly naming the competitors they believe are orchestrating a smear campaign, and threatening to ruin the exploit market for everyone by contributing directly to Android (AOSP).
The “unnamed” antagonist — a separate earlier dispute
Earlier this week, we reported that GrapheneOS slammed an unnamed “small company” for spreading libel and misinformation after a failed partnership. That incident remains unrelated to the current French controversy.
Separately, in response to the recent wave of negative French press, GrapheneOS has now publicly speculated that Murena (behind /e/OS) and/or iodé (behind iodéOS) may be involved in orchestrating or encouraging the smear campaign — though no concrete evidence has been presented.
“It’s very possible Murena and/or iodé are involved. Both are French companies selling products with extraordinarily poor privacy/security. Both are useful to official state plans of locally hosted services with encryption backdoors.”
Both companies sell de-Googled Android devices in the privacy-focused space and have recently targeted similar modular hardware (Murena with the HIROH Phone and SHIFTphone 8; iodéOS also powering the Shift 8). However, GrapheneOS strongly disputes that they are true competitors, arguing that Murena and iodé fail to deliver timely security patches and encourage unlocked bootloaders — resulting in devices that GrapheneOS considers fundamentally insecure and non-private.
The “fake Snapchat” myth & the Anom parallel
The accusations from GrapheneOS come in response to articles by Le Parisien and Le Figaro, which claimed criminals use a version of GrapheneOS equipped with a “fake Snapchat” page that wipes data when accessed.
GrapheneOS categorically denied this, stating that no such feature exists in their code. Instead, they argue French police are likely conflating the official OS with illegal, closed-source forks sold on the black market, similar to the Anom sting operation, where the FBI distributed compromised devices running a custom OS to catch criminals.
“Products using operating systems partially based on our code are not GrapheneOS… There’s no such thing as a fake Snapchat app wiping the device in GrapheneOS.” The team insists that while their code is open source, legitimate GrapheneOS is free and obtained only from their official website and not via “shady dealers” in dark alleys.
Exiting France: “We don’t feel safe”
Perhaps the most significant development is the operational fallout. GrapheneOS announced it is moving all server infrastructure hosted by OVH (a major French cloud provider) out of the country.
While the project is a Canadian non-profit, they have historically used OVH for mirrors and discussion servers. That ends now. The team cited a specific passage in the Le Parisien coverage as a “direct threat” from French law enforcement leadership (OFAC), implying that tech providers who do not provide backdoors will face legal consequences.
“We’re going to be ending the small amount of operations we have in France as we don’t feel the country is safe for open source privacy projects anymore… We don’t want to host servers in France or host servers with OVH anymore.”
The team is moving services to providers in Canada, Germany (Netcup), and the US. They also stated they will no longer travel to France for conferences or hire staff located in the country, citing the French government’s support for “Chat Control” (EU mass surveillance legislation) and “authoritarian” tendencies.
The nuclear option involves helping Google
In a twist of irony, the hostility from French authorities and the alleged smear campaign have pushed GrapheneOS closer to the company they usually criticize: Google.
The team stated that the situation “almost makes us willing to contribute to AOSP [Android Open Source Project] again,” specifically to patch the vulnerabilities that law enforcement agencies are using to exploit non-GrapheneOS devices.
“Google is welcome to reach out.”
By hardening the base Android code, GrapheneOS would effectively “burn” the expensive exploits used by police and forensic firms like Cellebrite, making all Android phones harder to crack, not just Pixels running GrapheneOS.
The privacy phone market is usually a quiet niche, but this has exploded into a major controversy. GrapheneOS is effectively drawing a line in the sand: you either have mathematical security that cannot be broken (which upsets law enforcement), or you have “privacy theater” that remains compliant with state demands (which they accuse Murena and iodé of offering).
Accusing fellow privacy-phone vendors of being state-aligned honey pots is a massive claim, but GrapheneOS has never been one to mince words. By choosing to migrate their servers to Toronto, Germany, and other locations, it’s clear that they would rather leave a major European market’s jurisdiction than compromise on their “no backdoors” policy.
Editor’s note: (November 22, 2025) – Following publication, a GrapheneOS moderator pointed out what they claimed to be two inaccuracies with the reporting: (1) the earlier dispute with a still-unnamed “small company” is unrelated to the current French press controversy, and (2) GrapheneOS disputes that Murena and iodé are direct competitors, emphasizing that their products do not meet the same security and patching standards required for genuine privacy. We have updated the article to reflect these distinctions while preserving the overall reporting on GrapheneOS’s public statements.
