Are there public network audits measuring telemetry from Google apps or microG when run on GrapheneOS?
Executive summary
There are no public, formal network-audit reports documented in the provided sources that measure telemetry originating from Google apps or microG specifically when run on GrapheneOS [1] [2]. GrapheneOS emphasizes that it does not ship Google Play services or microG and that the OS itself contains no analytics/telemetry, while offering tools for hardware attestation and network control that support independent verification [2] [1] [3].
1. What the official record says about telemetry and third‑party services
GrapheneOS states explicitly that it will never include Google Play services or another implementation such as microG and that “there aren't any analytics/telemetry in GrapheneOS,” positioning the project as a telemetry‑free base by design [2] [1]. GrapheneOS also documents network‑related privacy features such as per‑app Network permission toggles and default restrictions on remote connections to non‑GrapheneOS services and the network‑provided DNS resolvers [1] [4].
2. Tools GrapheneOS publishes to help independent verification
The project ships an Auditor app that performs hardware‑based attestation and offers local and optional scheduled server verification using hardware‑backed keys and attestation, providing a foundation for checking device integrity that can complement network audits [3] [5]. GrapheneOS also documents features like rerouting Play Services geolocation to a local implementation, which changes how apps interact with network services and therefore affects what an audit would need to measure [4].
3. Community discussion: microG, sandboxing and the appetite for audits
GrapheneOS community forums show active discussion about microG (including notes that microG is FOSS) and about sandboxing or running alternative Google services, which implies community interest in measuring behavior when those components are installed, but the project’s official stance is to not include microG by default [6] [7] [2]. Forum threads also ask practical questions about how to capture raw network traffic and audit the system, indicating users are interested in doing their own telemetry measurements [8].
4. Where the public audit gap appears and why it matters
Within the provided sources there is no citation of a published, peer‑reviewed or community‑released network audit that specifically measures telemetry emitted by Google apps or microG running on GrapheneOS; the materials instead focus on platform controls, attestation tooling, and community how‑to discussion [1] [3] [8]. That absence in the cited record does not prove such audits do not exist elsewhere, only that they are not present in these official pages and forums; the community Q&A suggests the technical capability and interest to perform such audits, but no completed public report is linked in the available sources [8] [6].
5. Practical implications and next steps for verification
Because GrapheneOS provides network permission controls and attestation tooling, a thorough public audit would logically combine packet captures on-device or at the network edge, analysis of sandbox/permission effects (e.g., rerouted Play geolocation), and attestation of device firmware integrity prior to testing [4] [3] [1]. The provided forum material shows users asking how to capture raw network traffic and audit storage, which indicates community‑driven audits are feasible even if not yet published in these sources [8]. Absent a published audit in the cited material, anyone seeking a definitive answer should look for independent third‑party audits or community reports beyond the GrapheneOS pages and forums.