Here’s why the Pixel 10 could be the last truly privacy-friendly Pixel

The news that GrapheneOS — the private mobile OS based on AOSP — is partnering with an as-yet-unnamed smartphone maker to officially support a Snapdragon-powered smartphone has the community pondering who the partner will be: Nothing, OnePlus, Xiaomi, or perhaps someone else. In any case, a greater choice in officially supported hardware will be a great thing when it comes to using a privacy-focused OS.

The bad news for Pixel-privacy fans is that after the Pixel 10, there’s no guarantee that GrapheneOS will add support for any of its successors. GrapheneOS has supported every Pixel model so far, following through on promises to support several devices through until end-of-life.

The fate of future Pixels is uncertain, meaning the next officially supported GrapheneOS device could look entirely different. It’s not that the Pixel series is suddenly flawed, but ongoing changes in Google’s approach to security, source availability, and device development could make future Pixels less suitable for privacy-conscious developers and, therefore, users. This could be the last Google phone with the option for GrapheneOS-tier privacy.

In addition, Google used to make it relatively simple for developers to build AOSP for Pixels, handling the painstaking process of various hardware configuration files. However, Google has stopped releasing complete and timely device trees, driver binaries, and kernel sources for Pixels, instead steering developers toward the virtual ‘Cuttlefish’ reference device.

This has turned out to be a big deal. Without easy developer access to source code, Pixels have become a less practical base for custom ROMs — eroding one of the series’ few advantages over other Android devices. With fewer reasons to stick around, projects like GrapheneOS have an excuse to look beyond the limitations of Google’s Tensor project and embrace slightly more cutting-edge hardware.

A switch to Snapdragon silicon will bring significantly higher performance and efficiency than Google’s in-house Tensor chips, making it more appealing to power users or gamers with an increased interest in privacy. Furthermore, the next phone on the partner’s list will benefit from its seemingly more efficient networking capabilities, a boon for connectivity and battery life.

However, I don’t believe this is the key reason for the Pixel fallout. The Graphene team has noted that it might still support future Pixels and that previously other OEMs haven’t met its rigorous security standards anyway. Security remains the project’s primary goal, not picking hardware winners. However, Google has seemingly been causing other headaches by creating security-conscious devices that probably haven’t done it any favors.

In early September, GrapheneOS took issue with Google’s new practice of releasing security patches to OEMs under a multi-month embargo before publishing the source. This potentially allows bad actors to exploit vulnerabilities months before they are patched for many users. It also reduces transparency regarding how quickly OEMs apply critical security updates.

GrapheneOS can still ship binary security updates during the embargo window, but it cannot publish the corresponding source code until Google’s restrictions are lifted. However, low-level vulnerabilities outside of the OS’s scope, such as firmware or driver exploits, are at the whim of the longer timeframe Google has given itself to address them. This may be one reason GrapheneOS is exploring hardware partners with more timely commitments to firmware and driver updates.

Only GrapheneOS knows exactly how much these changes influenced its search for new hardware partners, but it’s clear that it and Google now diverge sharply on what ‘secure Android’ should mean.

While it might seem paradoxical to buy a Google phone in pursuit of privacy, GrapheneOS lets users separate the Pixel hardware they want from the Google software they don’t. Google apps aren’t installed by default, but can be added back in a tightly sandboxed environment where they run like any other app — without the elevated privileges that enable the heavy “phoning home” seen on standard Pixels and most Android devices.

GrapheneOS doesn’t include analytics or telemetry, avoiding the labyrinth of tracking built into Google’s ecosystem. Likewise, there are no hidden Play Store backdoors for silently updating apps or altering their behavior — every update is transparent and user-initiated. The list goes on, but the bottom line is simple: if you want a Pixel that you truly control, GrapheneOS delivers it.

That’s not to say Pixels will suddenly be left behind when a Snapdragon-based alternative appears. GrapheneOS remains committed to supporting the Pixel 10 series throughout its lifespan, though Pixel 11 support is still to be determined. Still with a lockdown on sideloading and Google’s ever-stricter Play Integrity enforcement, the broader Android landscape is becoming increasingly constrained. In that context, GrapheneOS’s move toward a new hardware partner could mark a pivotal moment for privacy-focused Android and Pixels.