Security, privacy, and anonymity on the web are things that we all deserve, but the road to achieve them can be complex. We understand that security language and concepts can be difficult. That’s why we’re committed to explaining how Rogue Phone works in the clearest, simplest way possible while being transparent about every part of Rogue Phone.
Use this FAQ page to get your questions about Rogue Phone answered. We value transparency, so we explain Rogue Phone’s drawbacks and limitations as well as its strengths.
If you have a question that isn’t answered here, don’t hesitate to reach out via our contact form. We’d love to help.
Why is Rogue Phone built on Google Pixel Phones?
Google Pixel phone hardware meets stringent privacy and security standards and provides a well-built baseline on which to work. There are other phone models out there custom-built for security, but we’ve found them difficult to use.
Google Pixel phones using GrapheneOS are easy-to-use, familiar to many, and have substantial upstream and downstream security hardening specific to the hardware itself.
Hardware, firmware and software specific to devices (like drivers), play a huge role in the overall security of a device. Meanwhile, manufacturing a high-quality phone is a big undertaking. We utilize Google Pixel phones because they’re well made and have strong security features available on which to build.
You can read more about this on the GrapheneOS website.
What operating system (OS) does Rogue Phone use?
We only use official releases of the mobile operating system GrapheneOS. GrapheneOS is a privacy and security focused mobile operating system built on top of the open source Android project. It’s developed as a non-profit, open source project. GrapheneOS is also focused on the further research and development of privacy and security technology.
GrapheneOS improves the privacy and security of the operating system from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the operating system and the apps running on it.
Since GrapheneOS is a not-for-profit project, the purchase of every Rogue Phone supports this project. We love GrapheneOS, and Rogue Phone could not exist without it.
What are the features of the GrapheneOS Operating System that make a difference.
- A stronger app sandbox: This means that apps run in an isolated location on your phone. They don’t share information with other apps or communicate outside your phone without approved permissions.
- Vanadium – your default and privacy-respecting browser. Vanadium (custom-built by the developers of GrapheneOS) is also a hardened WebView. What is a WebView? The WebView is what most other apps use to handle web content, so this secures your browsing experience on Rogue Phone and also secures many of the apps you’ll use day-to-day.
- Hardware-based security verification and monitoring – this is an auditor service that ensures your operating system has never been tampered with our added to – not by us, not by anyone.
- Seamless automatic update system that just works and stays out of the way in the background without disrupting device usage.
- Minimal bundled apps and services. Only essential apps are integrated into the OS. GrapheneOS doesn’t make partnerships with apps and services to bundle them into the OS. Rogue Phone’s approach will be recommending certain apps during the initial setup, not hard-wiring them into the OS.
- No Google apps and services built-in. Building privileged support for Google services into the OS isn’t something GrapheneOS is going to be doing.
- And more… for the full (and somewhat technical list, see the GrapheneOS Feature List)
What modifications does Rogue Phone make to the phone?
The only changes made to your Rogue Phone after we receive the brand-new phone from Google are to:
- Install the latest official release of GrapheneOS.
- Install the open source AuroraOSS app store.
- (Optional) Install sandboxed official Google Play Services apps (read more in the section below).
When you receive your phone, you can verify the authenticity of the official GrapheneOS release using their Auditor app (included with the OS).
If you ever feel the need to remove any post-install apps or services, you can always perform a factory reset to get back to a fresh GrapheneOS install.
We are considering offering specific sets of apps pre-installed for an additional cost. If you are interested in something like this, please contact us.
Will all of my current Android apps work normally (Google Play Services)?
All Android apps will work on GrapheneOS with one caveat: Google Play Services. Most apps use Google Play Services to handle specific functionality of their app, the primary user-facing feature being network-driven push notifications (the other concerning, less-obvious function that is included in many apps is Google Analytics, which is a very invasive user activity tracker). When the remote app server sends you a push notification, it goes through Google Services and then downloads that data to your phone and triggers a local notification. The problem with this is that the vast majority of apps send these push notifications in a format that is easily readable by Google, and many people don’t want Google to have any access to their data.
Normally, Google Play Services are bundled with the proprietary operating system installed on the phone, and they have privileged access to the operating system, and therefore to user data. In GrapheneOS, the developers have built a sandboxed environment for Google Play Services along with special connectors so that they can do what they need to do without this privileged access. This means that apps that require Google Play Services will function normally in the vast majority of cases but are still siloed in a way so that they only have access to the specific permissions they need to perform explicit functions, such as push notifications.
The final part of this puzzle is the app store itself. We’ve chosen to install an open-source app store that is a mirror/clone of the Google Play Store. It’s called Aurora Store and works perfectly well to download and install any app that’s available on the Google Play Store. Aurora Store provides some small but important benefits that we feel are important to maintain user privacy:
- It has an option to log into the Google Play Store anonymously, so Google can’t track which apps you are downloading and installing.
- It displays third-party audits of tracking code that will be installed with each app you download.
- It highlights the permissions that each app requires in order to function (Google Play Store also does this, but the permissions are buried a few screens down).
With all this in mind, we’ve chosen to provide our customers with two setup options when they purchase their phone (of course, customers with some technical skills can modify their phones however they choose once they have them in their hands).
First, if you are looking for a phone that is as secure as possible, we setup the Aurora Store anonymously, and do not install any Google Play Services. This means that most network push notifications for apps won’t work, but almost everything else will work as it normally would. With this setup, you can still choose to login to the Aurora Store with your Google login to download any apps you have previously purchased and still retain the isolation from Google Play Services.
Second, for customers that want a more secure phone than their current Android device but want to use the phone as they normally would, we install Aurora Store as well as the sandboxed Google Play Services apps. With this setup, once you receive the phone, you can login to Aurora and push notifications and other Google Play Services features will function similarly to how you are used to.
You can read more about the technical details at the GrapheneOS website.
Can I trust this phone since it (the hardware) is built by Google?
Rogue Phone offers two different setups based on how you plan to use your phone. In our secure setup, all Google software is removed. In our daily driver setup, we install a non-privileged, sandboxed version of Google Play Services so that some app functionality will work, notably network-driven push notifications. You can read more about the details in the section above.
Either way, the result is a phone that has strongly secure hardware, without any of the privacy drawbacks of a regular Google Pixel.
Regrettably, there are some parts of almost all modern cell phones that are proprietary, including hardware code (firmware). The technical knowledge required to build a completely secure phone is very high, and if you choose to purchase any phone, you are ultimately putting your trust in the provider/seller. Rogue Phone represents what we have found to be the best combination of a highly secure phone that retains the convenience and usability of a mature, robust operating system.
Which device should I purchase?
The following devices offer the best hardware, firmware and software security along with the longest future support time and are strongly recommended:
- Pixel 5a (5G) (barbet)
- Pixel 5 (redfin)
- Pixel 4a (5G) (bramble)
- Pixel 4a (sunfish)
All devices are officially supported for three years from their initial release date.
The Pixel 4a was release in August 2020, the 4a 5G in September 2020, the 5 in October 2020, and the 5a in August 2021. They will be officially supported until August 2023, September 2023, October 2023, and August 2024 respectively.
The Pixel 4a is a budget device meeting the same security standards as the more expensive flagship devices. You can read more on the differences between the hardware elsewhere. Unlike the Pixel 3a, the Pixel 4a has a proper SSD which provides a much better experience with some of the security features of GraphineOS and Rogue Phone.
Devices are carefully chosen based on their merits rather than the project aiming to have broad device support… Much of the work on the project involves changes that are specific to different devices, and officially supported devices are the ones targeted by most of this ongoing work… Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project.Grapheneos
Why should I trust the people who made this operating system?
GrapheneOS is the operating system on which Rogue Phone is built. Here’s why we trust the GrapheneOS project:
- Collaborative, open source project with a very active community and contributors
- Non-profit project avoiding conflicts of interest by keeping commercialization at a distance.
- Strong privacy policies across all their software and services
- Proven track record of the team standing up against attempts to compromise the integrity of the project and placing it above personal gain
- Consistent and frequent updates and new features added to ensure security and operability.
What functionality can I expect to lose?
If you rely on your phone to run many apps an integrate closely with systems on your other devices, Rogue Phone may not be a good fit for you. If you re-download insecure apps on your Rogue Phone, you may sacrifice the security features for which Rogue Phone was constructed.
At present, a noticeable functionality drawback is in the Rogue Phone camera. The hardware for the camera is not currently used to full advantage by any currently privacy-respecting camera apps. This is being improved over time, and there are privacy-respecting camera apps that perform well, but you’re likely to lose some camera functionality.
Location services work out of the box. Whether or not you use location services is up to you and the level of security/privacy you desire. GrapheneOS gives you peace of mind with the knowledge that the individual app permissions you set will be respected by the phone, and the operating system itself is not collecting any data on you, location or otherwise.
Other features that will not work:
- Google Pay touch (NFC) payments
Can I use a different phone?
You must purchase a Google Pixel phone through this website in order to create your Rogue Phone. We cannot use the phone you already have and we cannot use any other phone model aside from those listed in our store.
Can you guarantee my security on Rogue Phone?
Your phone will arrive at your doorstep private and secure, we’ll teach you how to keep it that way while adding functionality that you’d like. However, your actions with your phone (choice of apps, opened emails, etc.) can at any moment undo the privacy and security we’ve established for your Rogue Phone.
How will my Rogue Phone update?
GrapheneOS includes a seamless automatic OS update system that just works and stays out of the way in the background without disrupting device usage, with full support for the standard automatic rollback if the first boot of the updated OS fails.