GrapheneOS is an open-source, privacy-and-security-focused mobile operating system for Google Pixel devices. It removes all Google tracking infrastructure, adds hardened memory allocation, verified boot, and gives you granular control over every app permission. It currently has over 300,000 active users including journalists, legal professionals, security researchers, and privacy-conscious individuals worldwide.

Will banking apps and everyday apps still work?

Yes. GrapheneOS includes a sandboxed Google Play Services environment that allows apps like CommBank, ANZ, Westpac, NAB, Uber, Google Maps, and MyGov to function normally — while keeping them strictly isolated from your personal data and each other.

What is Phantom Protocol?

Phantom Protocol is our exclusive in-house developed emergency data protection system. Features include remote erase, emergency PIN, decoy profiles, hardware sensor toggles, auto-reboot timer, and rapid lockdown mode. All features are completely legal in Australia and internationally.

What is included with every device?

Every order includes GrapheneOS (latest build, bootloader relocked), Phantom Protocol configured and armed, Threema license, Mullvad VPN 12-month subscription, global data eSIM for 170+ countries, local Australian SIM, multiple isolated user profiles, and 24/7 direct tech support.

Do you accept cryptocurrency?

Yes. We accept Bitcoin (BTC), Ethereum (ETH), Monero (XMR), and USDT via BitPay or direct wallet transfer. You can also pay with Visa, Mastercard, or Amex via Stripe.

Is a de-Googled phone legal in Australia?

Completely legal. These are standard Google Pixel devices running open-source software. You own the hardware and have the right to install whatever operating system you choose. Privacy is a fundamental right under Australian law.

Can I migrate from iPhone?

Absolutely. Our team personally guides every customer through the migration process: contacts, photos, notes, two-factor authentication apps, iMessage deregistration, and app equivalents. Most clients are fully operational within a week.

How long does shipping take and where do you ship?

Build time is 1–2 business days. Australian Express Post typically takes 1–3 business days with same-day dispatch for orders before 2pm AEST. International shipping available to 170+ countries via tracked courier, typically 5–12 business days.

What if I am not satisfied?

We offer a 100% money-back satisfaction guarantee within 14 days of receipt. In 450+ devices built, we have never had a refund request from someone who gave the device a genuine try.

What data do you collect when I order?

Only what is required to fulfil your order: name, shipping address, email, and payment details processed securely via Stripe. We never store card numbers. If you pay with Monero, you can order with minimal personal information.

← All Guides

Phantom Protocol Overview

Phantom Protocol is an optional emergency-response configuration offered by Privacy Devices. It is not a feature built into GrapheneOS. It is not a standard app, a hidden menu, or something you can download. It is a structured workflow — designed, provisioned, and documented by Privacy Devices — that combines existing GrapheneOS capabilities with optional additional tooling to provide predefined protective actions under high-stress conditions.

Why it matters

Emergencies do not announce themselves politely. Whether the scenario involves device theft, coerced device access, crossing a hostile border, or an acute personal safety concern, the moment of crisis is the worst time to start making security decisions. Panic degrades decision-making. Stress causes mistakes. The more steps a person must remember and execute under pressure, the more likely they are to skip one or get it wrong.

Phantom Protocol exists to front-load those decisions. The protective actions are defined in advance, tested before they are needed, and structured so that execution under stress is as simple and reliable as possible. It is a plan, not a product. And like any plan, it is only as effective as the preparation that goes into it.

Image placeholder — custom visual to be added

What Phantom Protocol is

Phantom Protocol is a Privacy Devices configuration package. It is designed for customers who face elevated risk scenarios and want predefined responses ready before those scenarios occur. The configuration builds on capabilities that already exist within GrapheneOS and the Pixel hardware platform, supplemented where appropriate by additional tooling.

At its core, Phantom Protocol may include some or all of the following, depending on the specific configuration agreed with Privacy Devices:

Emergency wipe procedures — Predefined sequences to erase sensitive data from the device. These may range from wiping a single profile to a full factory reset, depending on the scenario and the customer's requirements.
Predefined lockdown sequences — Steps that transition the device from a normal operating state to a hardened, minimal-exposure state. This could include ending active profile sessions, disabling connectivity, or triggering a reboot into a locked state.
Communication failsafes — Predefined methods for notifying a trusted contact or service that the device has entered an emergency state. This may involve automated messages through secure channels, provided the device has network connectivity at the time.
Duress configurations — Setups that use GrapheneOS features such as duress PIN functionality, where entering a specific PIN triggers a different action than the standard unlock — such as wiping a profile or presenting a decoy workspace.
Recovery documentation — Written procedures, stored securely outside the device, that allow the user to restore their setup after an emergency wipe or lockdown event.

What Phantom Protocol is not

Clarity here is essential. Phantom Protocol is not:

A remote access backdoor. There is no hidden persistent connection to your device. Privacy Devices does not have ongoing remote access to your phone unless a specific, consented, network-dependent feature is explicitly configured and active.
A remote wipe service that works under any conditions. Any network-dependent feature requires the device to be powered on, connected to the internet, and running. A device that is powered off, in airplane mode, or out of coverage cannot receive remote commands. This is a physical constraint, not a limitation of the configuration.
An invisible surveillance system. Phantom Protocol does not monitor your activity, track your location, or collect data. It is a set of predefined actions that execute only when triggered — either by you or by a condition you defined in advance.
An always-on security guarantee. No system can guarantee protection under all circumstances. Phantom Protocol reduces risk and provides structured response options. It does not eliminate the possibility of data compromise, especially under sustained physical access by a resourced adversary.
A self-service feature. You cannot enable Phantom Protocol by changing settings on your device. It is configured by Privacy Devices during provisioning, based on a detailed conversation about your threat model, risk scenarios, and recovery requirements.

Image placeholder — custom visual to be added

How it builds on GrapheneOS

Phantom Protocol is not replacing GrapheneOS features — it organises and extends them. The underlying capabilities include:

Auto-reboot: GrapheneOS can automatically reboot after a configurable period of inactivity, returning the device to a fully encrypted Before First Unlock state. Phantom Protocol configurations may set aggressive auto-reboot timers as part of the lockdown posture.
Strong encryption: Every user profile on GrapheneOS is encrypted with its own keys. When a profile is locked or the device reboots, that data is encrypted at rest. Phantom Protocol leverages this by structuring profiles so that sensitive data is compartmentalised and can be locked or wiped independently.
Duress PIN: GrapheneOS supports the concept of secondary PINs that can trigger specific actions. Phantom Protocol configurations may use this to implement a duress response — entering a specific PIN under coercion triggers a wipe or lockdown instead of a normal unlock.
Profile isolation: Each profile operates as an isolated workspace. Phantom Protocol builds on this by defining which profiles contain sensitive data, which are expendable, and what happens to each under different emergency scenarios.
Network controls: Airplane mode, Wi-Fi toggles, and VPN kill switches are all standard GrapheneOS features. Phantom Protocol sequences may use these to cut connectivity as part of a lockdown procedure.

Requirements and availability

Phantom Protocol is available to Privacy Devices customers by arrangement. It is not a standard product listing. The process typically involves:

Consultation — A discussion with Privacy Devices about your specific risk scenario, threat model, and what protective actions would be meaningful for your situation.
Configuration — Privacy Devices configures the device with the agreed Phantom Protocol features during provisioning, or as a subsequent update to an existing device.
Documentation — You receive secure, offline documentation describing exactly what is configured, how to trigger each action, and how to recover afterward. This documentation must be stored securely and separately from the device itself.
Testing — Before relying on any emergency feature, you test it in a controlled setting. An untested emergency plan is not a plan — it is a hope.

Phantom Protocol requires the device to be a Privacy Devices provisioned unit. The specific features available depend on the device model, GrapheneOS version, and the customer's requirements.

Best practices

Never enable destructive features without first establishing a tested recovery path. If your emergency wipe procedure works but you have no backup and no recovery documentation, you have just destroyed your own data with extra steps.
Store your Phantom Protocol documentation securely and separately from the device. Encrypted cloud storage, a secure physical location, or a trusted third party are all options.
Test your configuration periodically. Emergency procedures that have not been tested in months may not work as expected if the device has been updated or reconfigured.
Discuss your threat model honestly during consultation. Phantom Protocol is configured based on what you actually face, not what sounds impressive. An overconfigured system is harder to use and more likely to trigger accidentally.
Understand the limitations of network-dependent features. If your device has no internet connection, no network-dependent action can execute. Plan for scenarios where connectivity is unavailable.

Common mistakes

Assuming Phantom Protocol works on a powered-off device. It does not. The device must be powered on and, for network-dependent features, connected to the internet.
Conflating Phantom Protocol with stock GrapheneOS features. Telling someone that "GrapheneOS has Phantom Protocol" is incorrect. It is a Privacy Devices configuration.
Enabling emergency wipe features without maintaining current backups. Destroying data you cannot restore is a self-inflicted loss, not a security measure.
Expecting Phantom Protocol to function as a real-time monitoring or tracking service. It is a set of predefined actions, not a surveillance tool.
Not testing the configuration after receiving the device. A feature you have never triggered is a feature you cannot rely on.

Reality check

Phantom Protocol is a structured, predefined response plan — not a silver bullet. It is designed to reduce the window of exposure during a crisis and to ensure that protective actions can be executed without complex decision-making under stress. It cannot protect against every scenario. A device that is powered off, has no connectivity, or is in the hands of someone with unlimited time and resources is subject to constraints that no software configuration can fully overcome.

The value of Phantom Protocol is in preparation and structure. It converts vague intentions ("I should probably wipe my phone if something happens") into concrete, tested, executable procedures. That conversion — from intention to procedure — is where real-world security improvements come from.

Conclusion

Phantom Protocol is an optional, provisioned configuration from Privacy Devices that organises emergency-response actions into predefined, testable procedures. It builds on the strong foundations of GrapheneOS — encryption, profile isolation, duress PIN, auto-reboot — and adds structure, documentation, and optionally additional tooling suited to your specific risk scenario. It is not a product you install. It is not built into GrapheneOS. It is a service that requires consultation, configuration, testing, and honest assessment of your threat model.

Phantom Protocol is configured by Privacy Devices based on your specific threat model and requirements.

Browse secure devices or ask us on WhatsApp.