{"id":14502,"date":"2025-11-23T12:30:37","date_gmt":"2025-11-23T19:30:37","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=14502"},"modified":"2025-11-23T12:30:37","modified_gmt":"2025-11-23T19:30:37","slug":"grapheneos-accuses-murena-iode-of-sabotage-pulls-servers-from-france-over-police-threats","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/11\/23\/grapheneos-accuses-murena-iode-of-sabotage-pulls-servers-from-france-over-police-threats\/","title":{"rendered":"GrapheneOS Accuses Murena & Iod\u00e9 of Sabotage, Pulls Servers From France Over Police \u2018Threats\u2019"},"content":{"rendered":"\n

(Headline article below) It would seem that Graphene OS is the gold standard for privacy for how they change and lock down the device, also using sandboxing. The other devices are based on Lineage OS per my memory and not quite as secure and locked down, and without the complete privacy protection from Google. And France recently detained the Telegram billionaire, but he’s more of an asset and perhaps theater to make it seem that he was protecting users more than he actually is (client is opensource but not the server with their custom, questionable encryption), and he’s has citizenship in three countries including Antichrist<\/a>‘s UAE<\/a>. And clearly Google allows their devices to be less secure purposely, as I have a post<\/a> on how they can be broken into before first unlock via a leaked graphic from a Cellebrite presentation I’ll include below. All updated Graphene OS devices could not be broken into before first unlock. So governments that don’t want you to be able to lock them out of your devices, do not want to have you running Graphene OS, but so few people use Graphene OS that it really doesn’t make sense to go after them and give the project exposure, as I believe they had 30,000 smartphones that hit the update servers.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

https:\/\/piunikaweb.com\/2025\/11\/21\/grapheneos-accuses-murena-iode-of-sabotage-pulls-servers-from-france-over-police-threats\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Hillary Keverenge<\/p>\n\n\n\n

\"GrapheneOS<\/figure>\n\n\n\n

The drama surrounding GrapheneOS has escalated from a debate over security patches to what looks like full-blown corporate and geopolitical warfare. Following heavy scrutiny in the French press, where the OS was branded a \u201ctool for traffickers<\/a>,\u201d the GrapheneOS team has initiated a scorched-earth response.<\/p>\n\n\n\n

They are pulling their server infrastructure out of France, openly naming the competitors they believe are orchestrating a smear campaign, and threatening to ruin the exploit market for everyone by contributing directly to Android (AOSP).<\/p>\n\n\n\n

The \u201cunnamed\u201d antagonist \u2014 a separate earlier dispute<\/h3>\n\n\n\n

Earlier this week, we reported that GrapheneOS slammed an unnamed \u201csmall company\u201d<\/a> for spreading libel and misinformation after a failed partnership. That incident remains unrelated to the current French controversy.<\/p>\n\n\n\n

Separately, in response to the recent wave of negative French press, GrapheneOS has now publicly speculated that Murena (behind \/e\/OS) and\/or iod\u00e9 (behind iod\u00e9OS) may be involved in orchestrating or encouraging the smear campaign \u2014 though no concrete evidence has been presented.<\/p>\n\n\n\n

\n

\u201cIt\u2019s very possible Murena and\/or iod\u00e9 are involved. Both are French companies selling products with extraordinarily poor privacy\/security. Both are useful to official state plans of locally hosted services with encryption backdoors.\u201d<\/em><\/p>\n\n\n\n

\"Murena-and-iode-named-by-grapheneos\"<\/figure>\n<\/blockquote>\n\n\n\n

Both companies sell de-Googled Android devices in the privacy-focused space and have recently targeted similar modular hardware (Murena with the HIROH Phone and SHIFTphone 8; iod\u00e9OS also powering the Shift 8). However, GrapheneOS strongly disputes that they are true competitors, arguing that Murena and iod\u00e9 fail to deliver timely security patches and encourage unlocked bootloaders \u2014 resulting in devices that GrapheneOS considers fundamentally insecure and non-private.<\/p>\n\n\n\n

The \u201cfake Snapchat\u201d myth & the Anom parallel<\/h3>\n\n\n\n

The accusations from GrapheneOS come in response to articles by Le Parisien<\/em> and Le Figaro<\/em>, which claimed criminals use a version of GrapheneOS equipped with a \u201cfake Snapchat\u201d page that wipes data when accessed.<\/p>\n\n\n\n

GrapheneOS categorically denied this, stating that no such feature exists in their code. Instead, they argue French police are likely conflating the official OS with illegal, closed-source forks sold on the black market, similar to the Anom sting operation, where the FBI distributed compromised devices running a custom OS to catch criminals.<\/p>\n\n\n\n

\u201cProducts using operating systems partially based on our code are not GrapheneOS\u2026 There\u2019s no such thing as a fake Snapchat app wiping the device in GrapheneOS.\u201d The team insists that while their code is open source, legitimate GrapheneOS is free and obtained only from their official website and not via \u201cshady dealers\u201d in dark alleys.<\/p>\n\n\n\n

Exiting France: \u201cWe don\u2019t feel safe\u201d<\/h3>\n\n\n\n

Perhaps the most significant development is the operational fallout. GrapheneOS announced it is moving all server infrastructure hosted by OVH (a major French cloud provider) out of the country.<\/p>\n\n\n\n

While the project is a Canadian non-profit, they have historically used OVH for mirrors and discussion servers. That ends now. The team cited a specific passage in the Le Parisien<\/em> coverage as a \u201cdirect threat\u201d from French law enforcement leadership (OFAC), implying that tech providers who do not provide backdoors will face legal consequences.<\/p>\n\n\n\n

\n

\u201cWe\u2019re going to be ending the small amount of operations we have in France as we don\u2019t feel the country is safe for open source privacy projects anymore\u2026 We don\u2019t want to host servers in France or host servers with OVH anymore.\u201d<\/p>\n<\/blockquote>\n\n\n\n

The team is moving services to providers in Canada, Germany (Netcup), and the US. They also stated they will no longer travel to France for conferences or hire staff located in the country, citing the French government\u2019s support for \u201cChat Control\u201d (EU mass surveillance legislation) and \u201cauthoritarian\u201d tendencies.<\/p>\n\n\n\n

The nuclear option involves helping Google<\/h3>\n\n\n\n

In a twist of irony, the hostility from French authorities and the alleged smear campaign have pushed GrapheneOS closer to the company they usually criticize: Google.<\/p>\n\n\n\n

The team stated<\/a> that the situation \u201calmost makes us willing to contribute to AOSP [Android Open Source Project] again,\u201d specifically to patch the vulnerabilities that law enforcement agencies are using to exploit non-GrapheneOS devices.<\/p>\n\n\n\n

\n

\u201cGoogle is welcome to reach out.\u201d<\/p>\n<\/blockquote>\n\n\n\n

By hardening the base Android code, GrapheneOS would effectively \u201cburn\u201d the expensive exploits used by police and forensic firms like Cellebrite, making all<\/em> Android phones harder to crack, not just Pixels running GrapheneOS<\/a>.<\/p>\n\n\n\n

The privacy phone market is usually a quiet niche, but this has exploded into a major controversy. GrapheneOS is effectively drawing a line in the sand: you either have mathematical security that cannot be broken (which upsets law enforcement), or you have \u201cprivacy theater\u201d that remains compliant with state demands (which they accuse Murena and iod\u00e9 of offering).<\/p>\n\n\n\n

Accusing fellow privacy-phone vendors of being state-aligned honey pots is a massive claim, but GrapheneOS has never been one to mince words. By choosing to migrate their servers to Toronto, Germany, and other locations, it\u2019s clear that they would rather leave a major European market\u2019s jurisdiction than compromise on their \u201cno backdoors\u201d policy.<\/p>\n\n\n\n

Editor\u2019s note<\/strong>: (November 22, 2025) \u2013 Following publication, a GrapheneOS moderator pointed out<\/a> what they claimed to be two inaccuracies with the reporting: (1) the earlier dispute with a still-unnamed \u201csmall company\u201d is unrelated to the current French press controversy, and (2) GrapheneOS disputes that Murena and iod\u00e9 are direct competitors, emphasizing that their products do not meet the same security and patching standards required for genuine privacy. We have updated the article to reflect these distinctions while preserving the overall reporting on GrapheneOS\u2019s public statements.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

(Headline article below) It would seem that Graphene OS is the gold standard for privacy for how they change and lock down the device, also using sandboxing. The other devices are based on Lineage OS per my memory and not quite as secure and locked down, and without the complete privacy protection from Google. And […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-14502","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/14502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=14502"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/14502\/revisions"}],"predecessor-version":[{"id":14509,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/14502\/revisions\/14509"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=14502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=14502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=14502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}