How to Set Up a Privacy Phone in 2026: Complete Step-by-Step Guide

TL;DR: Buy an unlocked Google Pixel 9 or 9 Pro. Install GrapheneOS using the web installer — it takes about 15 minutes. Re-lock your bootloader, set up sandboxed Google Play for apps that need it, and install privacy-focused alternatives for browsing, messaging, email, and VPN. Most banking apps work. Use separate user profiles to isolate social media. Keep your OS updated and practice good operational security habits.

You just bought a Pixel. Maybe you’ve been reading about data brokers, or you’re tired of seeing ads that feel like they’re reading your mind, or you simply believe your phone shouldn’t be a surveillance device. Whatever brought you here — welcome. You’re about to turn a stock Google phone into one of the most private and secure mobile devices on the planet.

This guide is practical. No philosophy lectures, no threat-modeling dissertations. Just the steps, in order, with the reasoning you need to make good decisions along the way.

Let’s get started.

1. Choosing Your Device

GrapheneOS only runs on Google Pixel phones. If you haven’t decided on hardware yet, start with our Best Privacy Phones in 2026 buyer’s guide and the Privacy Phone Hierarchy to see how Pixels + GrapheneOS stack up against alternatives like HIROH and Punkt. That might seem ironic — a privacy OS on a Google device — but there’s a solid reason. Pixels have the best hardware security features of any Android phone: a dedicated Titan M2 security chip, consistent security updates directly from the hardware manufacturer, verified boot support, and the ability to re-lock the bootloader after installing a custom OS (almost no other Android phone allows this).

Which Pixel to buy

As of early 2026, we recommend:

Pixel 9 Pro — Best overall choice. Excellent camera, 6.3” display, 7 years of security updates from Google (extending through 2031). The Tensor G4 chip is mature and well-supported.
Pixel 9 — Best value. Same Tensor G4 chip, same security update timeline, slightly smaller screen and camera downgrade. Still an excellent device.
Pixel 9 Pro XL — If you want the larger 6.8” display.
Pixel 8a — Budget-friendly option if the 9 series is out of reach. Still fully supported with updates through 2031.

Important buying tips:

Buy unlocked. Carrier-locked Pixels (from Verizon, AT&T, etc.) often have the OEM unlocking option disabled, which means you can’t install GrapheneOS. Buy directly from the Google Store, Best Buy (unlocked model), or a reputable retailer.
Avoid used devices unless you can verify the bootloader is unlockable. Some previously carrier-locked phones may have permanent restrictions.
Skip the Pixel 9 Pro Fold unless you specifically want a foldable — it’s supported but significantly more expensive for minimal privacy benefit.

2. Installing GrapheneOS

Here’s the part that scares most people — and shouldn’t. GrapheneOS has a web-based installer that handles almost everything automatically. If you can follow a recipe, you can do this.

What you’ll need

Your new Pixel phone (charged to at least 80%)
A computer (Windows, macOS, Linux, or ChromeOS all work)
A USB-C cable (use the one that came with the phone if possible)
A supported web browser: Chrome, Chromium, Edge, or Brave (with Shields disabled during install). Firefox doesn’t support WebUSB, so it won’t work here.
About 15–20 minutes

Step-by-step

Step 1: Prepare your Pixel

Power on your new Pixel and go through the minimal stock Android setup — you can skip almost everything. Connect to Wi-Fi and let it install any pending system updates. You want the latest firmware before installing GrapheneOS.

Step 2: Enable OEM unlocking

Go to Settings → About phone
Tap Build number seven times until you see “You are now a developer”
Go back to Settings → System → Developer options
Toggle on OEM unlocking

This allows the bootloader to be unlocked. It’s a safety mechanism — it doesn’t actually unlock anything yet.

Step 3: Boot into the bootloader

Power off your phone completely. Then hold Volume Down + Power simultaneously until you see the bootloader screen (a screen with “Fastboot Mode” text and an Android robot).

Step 4: Connect and open the web installer

Plug your Pixel into your computer via USB
Open your browser and navigate to grapheneos.org/install/web
The installer will guide you through each step with clear buttons

Step 5: Unlock the bootloader

Click the “Unlock bootloader” button in the web installer. On your phone, use the volume keys to select “Unlock the bootloader” and press Power to confirm. The phone will factory reset — this is expected.

Step 6: Download and flash GrapheneOS

The web installer will automatically detect your device model and download the correct factory image. Click “Download release” and wait for it to finish (this is the longest step — typically 1–2 GB of data).

Once downloaded, click “Flash release.” The installer will flash each partition automatically. Don’t unplug the cable. Don’t touch your phone. Let it work.

Step 7: Lock the bootloader

This is the step most custom ROM guides skip — and it’s one of the most important. After flashing, the web installer will prompt you to lock the bootloader. Do it. Click the button, confirm on your phone.

Locking the bootloader enables verified boot, which means your phone will cryptographically verify that the OS hasn’t been tampered with every time it starts. This is a security feature that almost no other custom Android OS supports.

Step 8: Reboot and set up

Your phone will reboot into GrapheneOS. Congratulations — you’re running one of the most secure mobile operating systems in existence.

3. Essential First Steps After Install

Initial setup

GrapheneOS’s setup wizard is clean and minimal. Here’s what to pay attention to:

Wi-Fi: Connect to your network. GrapheneOS randomizes your MAC address per network by default — you don’t need to do anything extra.
Lock screen: Set up a strong PIN (6+ digits) or password. Avoid pattern locks — they’re easily shoulder-surfed.
Biometrics: The Pixel’s fingerprint sensor works with GrapheneOS. Use it for convenience, but know that a PIN/password is legally stronger protection in many jurisdictions (biometrics can be compelled; passwords typically can’t).

Disable OEM unlocking

Now that GrapheneOS is installed and the bootloader is locked, go back and disable OEM unlocking:

Settings → System → Developer options → OEM unlocking — toggle it off

This prevents anyone from unlocking your bootloader without first wiping the device and going through stock Android setup.

Review network settings

Settings → Network & internet → Private DNS — Set this to a privacy-respecting DNS provider. We recommend dns.quad9.net or dns.adguard-dns.io for ad-blocking DNS.
Settings → Network & internet → Internet — Make sure your carrier connection is working. GrapheneOS supports all major carriers out of the box.

Explore user profiles

One of GrapheneOS’s killer features is separate user profiles. Each profile is cryptographically isolated — apps in one profile can’t see or access data in another. Think of them as separate phones within one device.

Owner profile: Your main, daily-use profile. Keep it lean.
Work/secondary profile: For apps that require Google Play, banking, or anything you want isolated from your main profile.
Guest profile: For handing your phone to someone temporarily.

You can create new profiles under Settings → System → Multiple users.

4. Setting Up Sandboxed Google Play

Here’s where GrapheneOS really shines. Most privacy-focused ROMs force you to choose: either go fully de-Googled and lose access to many apps, or compromise your privacy by including Google’s spyware-laden Play Services at the system level.

GrapheneOS takes a third path. It lets you install Google Play Services as a regular, sandboxed app — with no special privileges. Play Services runs inside the same security sandbox as every other app. It can’t access your contacts, your location, or anything else unless you explicitly grant permission. And you can revoke those permissions anytime.

How to set it up

Open the GrapheneOS App Store (pre-installed — it’s called “Apps”)
Search for “Google Play Services” — you’ll find three apps:
- Google Services Framework
- Google Play Services
- Google Play Store
Install all three, in that order
Open the Play Store and sign in with a Google account (or create a burner account for app downloads)

When to use sandboxed Play:

Apps that require Google Play Services for push notifications (most banking apps, ride-sharing, delivery apps)
Apps that are only available on the Play Store
Apps that crash without Play Services

When to skip it:

If you’re going fully de-Googled and can source all your apps from F-Droid, Accrescent, or direct APK downloads
In profiles where you want zero Google presence

You can install sandboxed Play in one profile and keep another profile completely Google-free. This is the recommended approach.

5. Recommended Privacy Apps

Here’s our curated app stack for 2026. Every recommendation is either open-source, audited, or both.

Web Browsers

Vanadium (built-in) — GrapheneOS’s default browser, based on Chromium with hardened security. It’s the most secure option on the platform because it benefits from Chromium’s site isolation and sandboxing. Use this as your primary browser.
Brave — A solid secondary browser with built-in ad-blocking and Tor tab support. Available via Play Store or direct APK. Good for sites where you want aggressive tracker blocking.
IronFox — The community successor to the now-discontinued Mull browser. A hardened Firefox fork with privacy-focused defaults. Available via Accrescent or F-Droid. Good if you prefer the Firefox engine and want extensions like uBlock Origin.

Messaging

Signal (and alternatives) — The default recommendation for private messaging. End-to-end encrypted calls and messages. Install via Play Store or signal.org/android. Requires a phone number.
SimpleX — No phone number, no user ID, no identifiers at all. Truly metadata-resistant messaging. Growing quickly in privacy-focused communities. Available via F-Droid or Play Store.
Briar — Peer-to-peer messaging that works over Tor, Wi-Fi, or Bluetooth. No server dependency. Ideal for protests, natural disasters, or anywhere the internet might be unavailable.

Email

Proton Mail — End-to-end encrypted email based in Switzerland. Mature, reliable, and well-audited. The free tier is usable; the paid plan is worth it.
Tuta (formerly Tutanota) — German-based end-to-end encrypted email with a strong privacy track record. A solid alternative to Proton with competitive pricing and post-quantum encryption support.

VPN

If you want the deeper comparison (audits, jurisdictions, anonymous signup), see our Best VPNs for Privacy Phones in 2026 guide.

Mullvad VPN — No accounts, no email required. Pay with cash or cryptocurrency. Based in Sweden. Consistently audited. Our top recommendation.
Proton VPN — Pairs well with Proton Mail. Has a generous free tier. Swiss-based. Good for users who want an all-in-one Proton ecosystem.
IVPN — Transparent, audited, and privacy-focused. Based in Gibraltar. Supports multi-hop and anonymous accounts.

Password Manager

Bitwarden — Open-source, cross-platform, and excellent. The free tier covers most users. Syncs across devices. Install via Play Store or F-Droid (client is open-source).
KeePassDX — Fully offline password manager. Your encrypted database stays on your device (or synced via your own cloud). No account required. Maximum control.

Two-Factor Authentication

Aegis Authenticator — Open-source TOTP/HOTP authenticator with encrypted backups. Far better than Google Authenticator. Available on F-Droid and Play Store.

Organic Maps — Offline maps based on OpenStreetMap. Fast, clean, no tracking. Works surprisingly well for driving and hiking directions.
OsmAnd — More feature-rich than Organic Maps but slightly more complex. Excellent for detailed offline maps with overlays, contour lines, and GPX tracking.

App Stores

GrapheneOS App Store (built-in) — For GrapheneOS system apps, sandboxed Play Services, and Accrescent mirrors.
Accrescent — A privacy-and-security-focused app store that distributes developer-signed builds. Still growing its catalog but the quality bar is high. Installable via the GrapheneOS App Store.
F-Droid — The classic open-source app repository. Huge catalog. Use the official F-Droid client or the Neo Store client for a better UI.
Aurora Store — An open-source frontend for the Google Play Store. Browse and install Play Store apps anonymously without a Google account. Useful for apps not available elsewhere.

Built-in GrapheneOS Apps

Don’t overlook what’s already on your phone:

Files — Clean, private file manager
Camera — Solid camera app with no cloud integration or data collection
Calculator — Does what it says, privately
PDF Viewer — Secure PDF reader built-in

These built-in apps are hardened and have no tracking or telemetry. Resist the urge to replace them with Google or third-party alternatives unless you have a specific need.

6. What About Banking Apps?

This is the number-one concern for people considering GrapheneOS, and the answer in 2026 is: most banking apps work fine.

With sandboxed Google Play installed, the vast majority of banking, payment, and financial apps function normally. This includes major banks like Chase, Bank of America, Wells Fargo, Capital One, Amex, USAA, and many others. Push notifications for transaction alerts and two-factor authentication work through Google’s Firebase Cloud Messaging, which is supported via sandboxed Play Services.

A small number of apps use Google’s Play Integrity API with the strictest enforcement level, which may cause issues on GrapheneOS. This is rare but can affect some regional banks or fintech apps. The GrapheneOS community maintains compatibility notes, and the privsec.dev resource tracks known working and non-working apps.

Our recommendation: Install sandboxed Google Play in a dedicated user profile and put all your banking and financial apps there. This keeps them isolated from your main profile while ensuring they work properly.

If a banking app doesn’t work: Try the bank’s mobile website through Vanadium or Brave. Most banks have fully functional web apps that don’t require Play Services at all.

Social media apps are, by nature, privacy-hostile. But if you need them, GrapheneOS gives you tools to contain the damage.

The profile isolation approach

Create a separate user profile specifically for social media:

Go to Settings → System → Multiple users → Add user
Set up this profile with sandboxed Google Play (social media apps often require it)
Install your social media apps only in this profile
When you switch to your main profile, these apps have zero access to your primary data, contacts, photos, or location

This is dramatically better than running Instagram, TikTok, or Facebook in the same profile as your banking app, messenger, and personal photos.

Lighter alternatives

Consider using web versions of social media through your browser instead of native apps:

Twitter/X: The mobile website is fully functional
Reddit: Use the web version or the open-source Stealth client (F-Droid)
Instagram: Limited web functionality, but viewable
YouTube: Use NewPipe (F-Droid) or LibreTube for a tracking-free experience

The hard truth

Every social media app you install is a data collection endpoint. Even sandboxed, even in a separate profile, the app itself is reporting your usage to its servers. GrapheneOS limits what the app can see about your device, but it can’t prevent the app from tracking what you do inside the app. Be intentional about what you install and use.

8. Maintaining Your Privacy Phone

Setting up a privacy phone is not a one-time event. It’s an ongoing practice. Here’s how to keep your defenses strong.

Keep your OS updated

GrapheneOS pushes security updates rapidly — often within days of Google’s monthly patches, and sometimes ahead of them. Updates install in the background and apply on your next reboot. Check for updates regularly:

Settings → System → System update

Don’t ignore these. Each update patches known vulnerabilities.

Keep your apps updated

Update apps through the GrapheneOS App Store, F-Droid, and Play Store regularly
Enable auto-updates where possible
Remove apps you no longer use — every installed app is attack surface

Practice good operational security (opsec)

Your phone is only as private as your behavior. Here are the basics:

Don’t reuse passwords. Use Bitwarden or KeePassDX and generate unique passwords for every account.
Enable 2FA everywhere. Use Aegis Authenticator. Avoid SMS-based 2FA when possible — it’s vulnerable to SIM swapping.
Be careful with permissions. When an app asks for location, camera, microphone, or contacts access, ask yourself if it actually needs it. GrapheneOS lets you grant permissions temporarily or deny them entirely.
Use a VPN on public Wi-Fi. Always. Coffee shop Wi-Fi is an open book without one.
Review your installed apps monthly. Ask yourself: do I still use this? Does it still deserve the permissions I’ve granted?
Avoid connecting to unknown USB devices or chargers. GrapheneOS has USB-C port restrictions — explore them in settings.
Set auto-reboot. GrapheneOS can automatically reboot after a period of inactivity (Settings → Security → Auto reboot). This re-encrypts your data at rest if the phone hasn’t been unlocked. Set it to 72 hours or less.

Think in layers

No single tool makes you private. Privacy is layers:

Hardware: The Pixel’s Titan M2 chip + locked bootloader
OS: GrapheneOS’s hardened kernel, sandboxing, and exploit mitigations
Network: VPN + private DNS
Apps: Open-source, audited, privacy-respecting software
Behavior: The choices you make every day about what to install, what to share, and what to click

Each layer reinforces the others. A weak point in one layer can be mitigated by strength in another.

You’re Done (For Now)

You’ve moved from a device designed to monetize your behavior to one designed to protect it. Privacy is a spectrum, not a destination — but you’ve made a massive leap in the right direction.

If you haven’t done it yet, spend 5 minutes with our threat model framework — it’ll help you decide what’s worth doing (and what’s not).

Keep your OS updated, stay curious, and remember: the best privacy tool is the one you actually use.

Have questions? Check out our other guides or reach out to the GrapheneOS community — they’re genuinely one of the most helpful groups in the privacy space.