Are Privacy-Focused Smartphones Doomed?

A Google Pixel phone (AP Photo/Craig Ruttle)

Copyright The Associated Press 2019

It’s not the best of times for smartphone users who care about their privacy. In recent years, awareness of the massive behind the scenes tracking by apps and operating systems has increased, thanks also to documentaries such as The Social Dilemma and scandals such as the Cambridge Analytica affair.

The most privacy-conscious users have responded by installing privacy-focused Android forks such as GrapheneOS, CalyxOS and LineageOS on their mobile devices, or by buying de-Googled smartphones such as those provided by the European manufacturer Murena.

Yet despite their technical superiority and growing user base, the future of these more secure and less data-hungry alternatives is under threat from multiple fronts.

The EU’s Age Verification Debate

The most concerning menace, perhaps, stems from a well-intentioned effort by the European Commission to introduce, as part of the forthcoming European Digital Identity Wallet (EUID), an age verification tool, ostensibly to protect minors from harmful content exposure.

The system is still under development, and there is no definitive solution yet, but the initial architecture proposed for the tool raised a big red flag. It relied heavily on Google’s Play Integrity API, which requires devices to be Google-certified and apps to be downloaded from the Play Store.

This effectively excludes de-Googled Android forks despite their robust security architectures, meaning that their users, if this solution ended up being implemented, would not be able to access all platforms that require an age-verification check.

After the issue was raised and discussed on GitHub and other online forums, the developers of the tool removed explicit references to Google’s API from its documentation; instead, the project now vaguely references OWASP MASVS compliance (Mobile Application Security Verification Standard), leaving the choice of which verification system to adopt open.

However, without an explicit provision forbidding the adoption of proprietary verification systems, this change risks being largely cosmetic; due to ease of use and convenience, as well as Google’s dominant market position, lawmakers will likely opt for the more well-known and widespread proprietary mechanism.

Users of GrapheneOS in Italy, and Revolut clients already had a taste of what that would look like. In Italy, the government has launched the IO app, which allows citizens to interact digitally with the public administration by paying fines and taxes, accessing documents, downloading certificates and much more. Unfortunately, or by design, the app uses the Google Play Integrity API, effectively banning those using custom Android ROMs from accessing the services on mobile. Same goes for Revolut.

These kinds of choices raise questions about digital sovereignty and technological choice in Europe. Does it make sense to brag about European digital sovereignty efforts when, to access public services, citizens are forced to rely on the proprietary infrastructure created by an American company?

Pixel Problems

For privacy-focused developers the problems do not end here, as they face additional pressure from Google’s evolving approach to Android development. The company has begun withholding critical technical resources that custom ROM developers have historically relied upon and that were part of the reason why Pixel devices were the go-to hardware for these alternative platforms (in fact, GrapheneOS can only be installed on the latest Pixel models).

Specifically, Google has stopped publishing device trees and kernel histories for the Pixels.

Device trees are detailed configuration files that enable alternative operating systems to function properly on Google’s hardware. These files describe how software should interact with specific device components, from cameras to security chips.

Without device trees, GrapheneOS developers must reverse-engineer configurations from previous Android versions, working with incomplete information and precompiled binaries. This significantly complicates development and slows the release of updates that keep the system secure.

Google also stopped publishing complete kernel modification histories and new binary drivers, further hampering independent development efforts.

With Pixel devices becoming less open, and installing other operating systems on them more difficult, it’s unsurprising to learn that GrapheneOS developers are in talks with some OEM manufacturers to make their own devices.

The Criminalization Of Privacy

Another insidious challenge facing users of privacy-focused Android forks, is their mischaracterization as a tool for criminals. Law enforcement agencies, including Catalonia’s police, have singled out Google Pixel devices running GrapheneOS as preferred tools for organized crime due to their strong encryption and anti-forensic features.

While it’s true that criminals exploit privacy tools, lumping legitimate users—activists, whistleblowers, and privacy-conscious individuals—into the same category is dangerously reductive. GrapheneOS developers have repeatedly emphasized that their mission is to resist mass surveillance, not facilitate illegal activity. Yet the narrative persists, fueling calls for backdoors and further restrictions.

All of the above should worry mobile users who value their privacy and are wary of constant tracking. Custom, privacy-focused Android ROMs, represents a rare bastion of security and user autonomy in an ecosystem increasingly dominated by corporate and government control. But between EU regulatory overreach, Google’s closed-door policies, and law enforcement’s suspicion of privacy tech, their survival is far from guaranteed.