GrapheneOS Under Scrutiny: Why Privacy-Focused Pixels Are Raising Police Suspicions
Spanish police have begun casting a wary eye on users of Google Pixel smartphones, suspecting potential ties to criminal activity. In Catalonia, law enforcement officials report a growing trend of drug traffickers relying specifically on these devices. However, the concern does not stem from Google’s proprietary security features, such as the Titan M2 chip. The real source of suspicion is GrapheneOS—an alternative privacy-focused operating system that can be installed on Pixel phones in place of standard Android.
For those familiar with GrapheneOS, such an association is deeply unsettling. There are numerous legitimate reasons to use this firmware, none of which involve unlawful behavior. GrapheneOS grants significantly more control over a device, including the ability to install the Play Store and use nearly all mainstream applications—even banking apps—while substantially limiting the access of all software, including Google services, to personal data.
Rather than impeding usability, GrapheneOS enhances it by offering advanced capabilities. For instance, users can manually block apps from accessing the internet, disable access to device sensors, grant permission to only selected contacts, and more. It also supports multiple user profiles, application sandboxing, and even a “coercion PIN”—a feature that irreversibly wipes all data if entered under duress.
The scrutiny directed at GrapheneOS echoes the broader pressure facing other privacy tools. In the European Union, for example, proposed legislation would require messaging platforms like Signal to scan messages for illicit content before they are encrypted—directly on the user’s device. Developers warn that such policies risk turning secure apps into instruments of surveillance.
Catalonia itself was previously at the heart of a scandal involving Pegasus spyware, which had been deployed to monitor European politicians. In that context, the current targeting of individuals simply seeking to shield themselves from similar intrusions appears tragically ironic.
The mere fact that malicious actors sometimes leverage privacy technologies should not cast suspicion on those tools by default. Money is used for laundering, and matches can start fires, yet no one calls for their prohibition. The same logic must apply to privacy-centric systems like GrapheneOS. If someone chooses such a system to protect themselves from corporate tracking, hackers, or even government surveillance, it does not make them a criminal.
