“Increasingly authoritarian country”: the most secure alternative to Android in the world, GrapheneOS, flees France
A smartphone running GrapheneOS in front of the tricolor flag. The most secure mobile operating system in the world cut all ties with France on November 24, three days after an article in Le Parisien. © Les Numériques
The affair broke out suddenly. On November 21, The Parisian publishes an investigation pointing to GrapheneOS as the new nightmare for French investigators.
Advertisement
This mobile operating system, a secure derivative of Android running exclusively on Pixel smartphonesfinds himself propelled into the spotlight for all the wrong reasons. Three days later, the Canadian non-profit organization which developed it announced its total departure from France. Servers moved, infrastructure migrated, developers banned from entering the country. A rupture as sudden as it is unprecedented in the French digital ecosystem.
A press article that has the effect of a bomb
The GrapheneOS interface.
The article in the French daily is based on police sources. The judicial police would have issued an internal alert to law enforcement services, presenting GrapheneOS as a system designed specifically to evade investigations. The text mentions smartphones “impossible to open”features allowing all data to be instantly erased, or even a fake Snapchat page appearing during unlocking attempts by investigators. Claims which immediately provoked the ire of developers.
Google Pixel phones equipped with the GrapheneOS operating system allow drug traffickers to hide their exchanges
Explanations with magistrate Johanna Brousse, specialized in the fight against cybercrime
➡️ https://t.co/c1vv3WYR4Upic.twitter.com/gmhbJmIZU2
— Le Parisien (@le_Parisien) November 19, 2025
On social networks, the GrapheneOS team denounces an amalgamation between their legitimate project and pirate versions modified by malicious actors. The operating system is actually open source, downloadable for free and installable in around twenty minutes on any recent Pixel. Nothing to do with encrypted phones sold for several thousand euros on parallel markets, they say. The confusion would be total between a privacy protection tool, used by journalists, activists or individuals concerned about confidentiality, and criminal derivatives which no longer have much to do with the original project.
Advertisement
With this new tool, there is real legitimacy for a certain portion of users in the desire to protect their exchanges. The approach is therefore different. But that won’t stop us from pursuing publishers if links are discovered to a criminal organization and they fail to cooperate with the law.
This statement sounds like a threat to the ears of developers. Especially since the precedent exists: EncroChat and Sky ECC, two encrypted telephone networks, were dismantled by the French authorities between 2020 and 2021. Their servers, hosted at OVH, had been infiltrated, allowing the arrest of thousands of criminals across Europe. GrapheneOS clearly fears suffering the same fate.
We no longer have any active servers in France and are continuing the process of leaving OVH. We’ll be rotating our TLS keys and Let’s Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now.
Our App…
— GrapheneOS (@GrapheneOS) November 24, 2025
A hasty exodus towards Canada and Germany
The reaction was not long in coming. On November 24, the organization announced the complete migration of its French infrastructure. The servers previously hosted at OVHcloud in Beauharnois are transferred to Toronto for the community instances (Mastodon, Discourse, Matrix) while the main website switches to Netcup, a German host. Cryptographic keys are renewed, DNS moved. A surgical operation carried out with great success.
France is no longer a safe country for open source projects focused on privacy.
The developers explicitly mention French support for the European Chat Control projectthis controversial legislative proposal aimed at scanning encrypted messaging to detect child criminal content. Many see this as a major attack on end-to-end encryption and the secrecy of correspondence. In this context, the arrest in August 2024 of Pavel Durov, founder of Telegramat Le Bourget airport left traces. For digital players focused on confidentiality, France no longer inspires confidence.
The consequences of a symbolic departure
A Pixel 8 sold with GrapheneOS preinstalled by High-techs investigations. © High-tech investigations
Concretely, the French can still install GrapheneOS on their smartphones. There Alternate ROM remains accessible, open source and free. But the political message is scathing: France is gradually losing its credibility with tech projects concerned about privacy. After Telegram, after the heated debates on Chat Control, here is GrapheneOS which is leaving. OVHcloud, French hosting flagship, loses an emblematic client. And the French cybersecurity ecosystem is seeing the launch of an internationally recognized project, recommended in particular by Edward Snowden.
The irony of the situation is not lost on anyone: while authorities accuse GrapheneOS of helping criminals, those same authorities sometimes use modified versions of the system to trap traffickers. The FBI had thus deployed ANOM, a fake secure messaging based on an adaptation of GrapheneOSto infiltrate criminal networks. The line between legitimate tool and criminal misappropriation turns out to be decidedly more blurred than it seems.
Advertisement
Want to save even more? Discover our promo codes selected for you.
