One could almost conclude that climbing the French administrative Olympus now requires a cocktail of paranoia, delusion, and servile obedience—especially in the Interior Ministry, the police hierarchy, and the judicial elite. At this point, you have to wonder whether these aren’t unofficial admission requirements.

This past summer, France may have seen the data of 13 million citizens waltz out of the ANTS (National Agency for secured IDs and documents)—official denials notwithstanding, the dark web tells a less comforting story. And on December 1st, Pôle emploi, France unemployment agency, chimed in with yet another leak, this time a mere 1.6 million people. Faced with this ongoing cybersecurity clown show, the obvious move would be to reinforce information systems, let the competent professionals at ANSSI (National Agency for Information Systems Security) do their job, stop forcing everyone to use Microsoft’s backdoored bloatware, and curb the endless creation of flashy platforms that mostly serve to funnel public money to friendly vendors and spinning revolving doors.

But no. Instead, our beloved armchair cavalry has decided to gallop, sabers gleaming, straight at GrapheneOS—a secure, open-source smartphone OS they scarcely comprehend but have no trouble vilifying.

And the pretext? See the illustration below. Drug traficker are supposedly using Graphene OS to “hide their data from the police”.

The Le Parisien piece isn’t merely sloppy—it’s a buffet of outright fabrications. Pure, uncut misinformation, dutifully ladled out by a reporter who clearly has no grasp of the subject and simply regurgitated whatever talking points landed on his desk. At this stage, one might as well slap a ‘disinformation outlet’ label on Le Parisien and be done with it

Let’s read what the people at GrapheneOS replied when we contacted them.

“It started off with an inquiry by a journalist at the newspaper “Le Parisien”. Here is what he asked:

“I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue?”

No further details were provided to us about what was being claimed, or who is making these claims.

Turns out, it’s the french state. They have threatened to go after us if we don’t cooperate with them and are propagating entirely false notions on who we are and what we build.

The news have spread to hundreds of news sites, the radio, tv, etc. It’s worth nothing that these publications largely contain direct quotes from law enforcement.

GrapheneOS doesn’t have the features they claim it does, isn’t distributed in the ways they claim and they don’t understand open source software. There are jumping on the classic trope that you must be hiding something if you’re using GrapheneOS. They automatically consider anyone using it suspicious and they are spreading the notion that a significant amount of our users are criminals. When in reality the vast majority are ordinary people who wish to shield themselves from (mass) surveillance, data collection and the likes.

GrapheneOS is obtained from our official website, not through shady dealers in dark alleys and the “dark web”. There is no weird fake snapchat app and GrapheneOS will never initiate a factory reset when the phone is connected to a computer.

All of that is the work of resellers who are in no way affiliated with us. There are a lot of companies out there who install GrapheneOS - or a fork of it - on a Pixel and sell that as a product. GrapheneOS is open source so it’s fair play. It’s no different to AOSP, the Android Open Source Project in that regard. Just like we use AOSP as our base and build onto it, anyone can take our code, add (dubious) features on top of it and sell it as a product. Now if these products happen to also be called GrapheneOS, and it sounds like some may be, these companies would infringe on our trademark and thus violate the law. Either way we are not involved in any of this, France is confusing us with them.

As a result we no longer consider France to be a safe country. They have not taken any actions against us yet - we’re not waiting around for that to happen though. We’re dropping OVH as a server hosting provider because they’re based in France and are thus forced to comply with law enforcement if it comes to that. That said, our services don’t collect/store sensitive user data and all of our critical infrastructure is of course under our physical control. There will be no direct impact to our french users.”

Let’s grant the absurd premise for a moment: yes, some drug traffickers might use GrapheneOS. They also use high-powered cars for their go-fast runs — should we ban those too? Does installing a hardened OS and driving a big engine suddenly turn you into Pablo Escobar? The logic is laughable.

Criminals have always encrypted their communications. A century ago, the apaches in Paris spoke javanais to dodge the police; the butchers of La Villette used louchébem to confuse tax inspectors.

And let’s be clear: GrapheneOS isn’t some shadowy encrypted-messaging app. It’s a free, open-source operating system — the basic software layer that sits between your smartphone hardware and the apps you run. Windows, macOS, Linux, iOS, Android — all OSes. Word and Chrome? Merely apps.

Open-source means the code is public, inspectable, and modifiable by anyone. No secret sauce, no corporate black box.

GrapheneOS itself is built by a mostly volunteer community, maintained by a Canadian nonprofit, and based on the Android Open Source Project — because yes, Android is originally a Linux distribution, and therefore open-source at its core.

What does GrapheneOS improve over stock Google Android?

• A hardened kernel with extra security patches and stripped-out junk.

• Total removal of Google services and their built-in surveillance hooks.

• Laser-precise permission controls that actually respect user choice.

• Fast, no-nonsense security updates.

• Serious privacy protections like full-disk encryption, stronger sandboxing, and stricter process isolation.

Put plainly: GrapheneOS is the most secure smartphone OS currently available, and it treats user privacy as a right, not a revenue stream. No data collection — unless you decide otherwise

This article is of public interest. It is therefore freely available to all.

You’d be perfectly correct to point out that a network is only as secure as the devices plugged into it — stronger individual security means stronger collective security. So why, then, are our Parisian paper-pushers losing their minds over GrapheneOS?

Two reasons — and neither of them flattering

The first inconvenient truth is this: GrapheneOS only runs on Google Pixel phones because they’re simply the most physically secure devices you can buy. Modern security isn’t just software fairy dust — it starts with the hardware. And Google’s Titan M2 security chip turns the Pixel into a tiny armored vault.

So armored, in fact, that French police can’t crack a locked Pixel with their cherished Israeli gadget, Cellebrite Inseyets. A Pixel 9 running GrapheneOS might as well be a brick from their perspective. To get anything out of it, you’d have to disassemble the phone, extract the storage and the Titan chip, and somehow avoid triggering the chip’s built-in self-destruct protections — a process so technical and expensive that it borders on science fiction for the average police precinct.

GrapheneOS even includes a duress PIN — a special code that wipes the device if someone forces you to unlock it at knifepoint. It’s also a lifeline for journalists who actually need to protect their sources rather than hand them over on a platter.

Meanwhile, in France, the moment you’re placed in police custody, investigators demand access to your phone — and by law, you must give them your unlock code, unless you’re eager to be prosecuted under Article 434-15-2. In other words: the state wants your data on a silver tray, yet it panics when a device exists that won’t spill it on command

The second reason is even simpler: GrapheneOS doesn’t siphon off your data. Unlike standard Android or Apple’s iOS — which dutifully upload chunks of your life to the cloud whether you consent or not — GrapheneOS keeps everything on the device.

And if the data isn’t floating around on some corporate server, the authorities can’t just demand it. They’re stuck with whatever is (or isn’t) on the phone itself.

Hence the long faces when they ran into the alleged head of the ‘Omar’ network — the one Le Parisien breathlessly cites — a prolific supplier of 3MMC, the chemsex party drug du jour in Parisian bourgeois circles. The police found themselves high and dry… or at least they did because they sprinted toward the phones before doing the actual investigative legwork.

And let’s be honest: our esteemed sleuths of the PJ and OFAC don’t seem especially well-briefed. GrapheneOS has had a stable release since 2019, and it’s been used ever since by a vast array of perfectly legitimate people, organizations, and businesses. Its features are hardly a state secret — ANSSI knows them inside out, has audited the OS, and even proposed smart improvements that the developers promptly implemented

Prosecutors, for their part, seem blissfully unaware of the European Union Court of Justice CG v. Bezirkshauptmannschaft Landeck ruling from 4 October 2024 — a decision that bars authorities from rifling through a phone without prior authorization from a genuinely independent judge. And no, a prosecutor doesn’t count; independence isn’t magically conferred by a robe. Predictably, the ever-political French Court of Cassation will almost certainly try to smother this European case law to preserve the French state’s taste for sweeping powers.

Let’s also recall a basic principle of ownership: you’re free to install whatever operating system you want on your own devices, just as you’re free to disable whatever features you consider unnecessary. Encryption is perfectly legal, and the state has no inherent right to your keys — the secrecy of correspondence still means something, at least in theory.

The government’s offensive against GrapheneOS is eerily reminiscent of the hysteria once directed at Telegram — this, after years during which the Macron ecosystem, from ministers to the President himself, happily relied on the app. And when Telegram’s founder, Pavel Durov, found himself jailed under circumstances critics compared to a modern lettre de cachet, there wasn’t much official introspection. Ironically, Telegram isn’t even especially secure: its default chats aren’t end-to-end encrypted, making it a plush velvet armchair for any foreign intelligence service that cares to listen.

[ Telegram ] Justice Passes Away

Pascal Clérotte

·

Apr 20

Read full story

But somehow, GrapheneOS — transparent, audited, and privacy-respecting — is cast as the villain.

GrapheneOS has now pulled its mirror servers out of France — previously hosted at OVH — a move that echoes Rumble’s response a while back, when it suspended all service in France after receiving an emailed ultimatum from a ministry demanding it censor the Russian channels it was livestreaming.

Rumble dragged the French state to court, won, and restored access on October 15.

Once again, the state overreaches, the target refuses to play along, and the courts remind Paris that its writ doesn’t automatically extend to every server rack on Earth.

[ Flash ] Let's Rumble !

Pascal Clérotte

·

Oct 14

Read full story

GrapheneOS’s fear is simple and justified: that the French state might one day try to slip in doctored versions of the OS — modified builds laced with backdoors that bypass the lock screen and encryption entirely. Such a stunt wouldn’t just compromise French users; it would destroy the project’s credibility worldwide. And because GrapheneOS is open source, anyone can tinker with the code — benevolently or otherwise.

So if you own a Google Pixel — a 6 minimum, a 9 if you want the full fortress — and you plan to install GrapheneOS (a task so easy it’s practically a point‑and‑click formality), you must download it only from the project’s official servers. Nowhere else — and certainly not from some anonymous dark‑web dump.

Alternatively, you can simply buy a Pixel with GrapheneOS preinstalled from a trusted vendor. You’ll just want to order it from another EU country — Germany being the obvious choice, given its decades‑old constitutional protections for privacy, recently strengthened again in a Constitutional Court ruling this past August. No wonder GrapheneOS is eyeing partial relocation to German soil.

Tomorrow, we’ll dig into why the ‘drug trafficking’ excuse collapses under scrutiny — a point demonstrated by two American experts on organized crime. And we’ll take apart the French state’s coordinated narrative.

To be continued.