GrapheneOS is an open-source, privacy-and-security-focused mobile operating system for Google Pixel devices. It removes all Google tracking infrastructure, adds hardened memory allocation, verified boot, and gives you granular control over every app permission. It currently has over 300,000 active users including journalists, legal professionals, security researchers, and privacy-conscious individuals worldwide.

Will banking apps and everyday apps still work?

Yes. GrapheneOS includes a sandboxed Google Play Services environment that allows apps like CommBank, ANZ, Westpac, NAB, Uber, Google Maps, and MyGov to function normally — while keeping them strictly isolated from your personal data and each other.

What is Phantom Protocol?

Phantom Protocol is our exclusive in-house developed emergency data protection system. Features include remote erase, emergency PIN, decoy profiles, hardware sensor toggles, auto-reboot timer, and rapid lockdown mode. All features are completely legal in Australia and internationally.

What is included with every device?

Every order includes GrapheneOS (latest build, bootloader relocked), Phantom Protocol configured and armed, Threema license, Mullvad VPN 12-month subscription, global data eSIM for 170+ countries, local Australian SIM, multiple isolated user profiles, and 24/7 direct tech support.

Do you accept cryptocurrency?

Yes. We accept Bitcoin (BTC), Ethereum (ETH), Monero (XMR), and USDT via BitPay or direct wallet transfer. You can also pay with Visa, Mastercard, or Amex via Stripe.

Is a de-Googled phone legal in Australia?

Completely legal. These are standard Google Pixel devices running open-source software. You own the hardware and have the right to install whatever operating system you choose. Privacy is a fundamental right under Australian law.

Can I migrate from iPhone?

Absolutely. Our team personally guides every customer through the migration process: contacts, photos, notes, two-factor authentication apps, iMessage deregistration, and app equivalents. Most clients are fully operational within a week.

How long does shipping take and where do you ship?

Build time is 1–2 business days. Australian Express Post typically takes 1–3 business days with same-day dispatch for orders before 2pm AEST. International shipping available to 170+ countries via tracked courier, typically 5–12 business days.

What if I am not satisfied?

We offer a 100% money-back satisfaction guarantee within 14 days of receipt. In 450+ devices built, we have never had a refund request from someone who gave the device a genuine try.

What data do you collect when I order?

Only what is required to fulfil your order: name, shipping address, email, and payment details processed securely via Stripe. We never store card numbers. If you pay with Monero, you can order with minimal personal information.

← All Guides

Remote Wipe Behaviour

Remote wipe sounds like a safety net — a way to destroy data on a lost or stolen phone from anywhere in the world. In practice, it is far more conditional than most people assume. Understanding exactly when remote wipe works, when it does not, and what to rely on instead is essential for building a security approach that holds up under real conditions.

Why it matters

The moment a phone leaves your possession, you lose direct control over it. Remote wipe promises to restore some of that control by letting you send a destruction command from another device. For many people, this creates a sense of reassurance that may not be warranted.

The gap between expectation and reality is significant. Remote wipe depends on a chain of conditions, and if any single link breaks, the command never arrives. Designing your security around this feature alone is building on uncertain ground. Knowing its real capabilities — and its hard limits — lets you make better decisions about what data to carry and how to protect it.

Image placeholder — custom visual to be added

How remote wipe works

Remote wipe requires a service running on the device that can receive and execute a command from an external source. On GrapheneOS, the most common option is Google's Find My Device, which requires sandboxed Google Play Services to be installed and a Google account to be signed in.

When you issue a wipe command through Find My Device, the following must all be true simultaneously for it to succeed:

The device must be powered on.
The device must be connected to a network — Wi-Fi or mobile data.
Google Play Services must be running and signed in to your Google account.
The device must not have been factory reset already.
The command must reach the device before any of the above conditions change.

If every condition is met, the device receives the command and performs a factory reset. If any single condition is not met, the command queues on Google's servers and waits — potentially forever.

What blocks remote wipe

Understanding the failure modes is more important than understanding the success path:

Device powered off. A phone that is turned off cannot receive any network commands. The wipe will not execute until the phone is powered on and connected — if that ever happens.
Airplane mode or no network. Without an active data connection, the command cannot arrive. A thief who removes the SIM card or enables airplane mode immediately neutralises remote wipe.
SIM removed or changed. If the SIM is swapped out and there is no Wi-Fi connection, the device has no path to receive the command.
Factory reset already performed. If someone resets the device before your command arrives, the Google account association is broken. The command has nowhere to land.
Google Play Services not installed or signed out. On GrapheneOS, sandboxed Google Play is optional. If it is not installed, or if the Google account is signed out, Find My Device does not function.
Device in BFU state. If the phone has been rebooted but not unlocked (Before First Unlock), services may not be running and the command may not be processed.

Image placeholder — custom visual to be added

Setting up Find My Device (if you choose to use it)

If you decide the conditional protection is still worth having, here is how to enable it:

Install sandboxed Google Play Services in the profile where you want Find My Device to operate. This is done through the Apps app on GrapheneOS.
Sign in to a Google account within that profile.
Open Settings > Security > Find My Device and confirm it is enabled.
Verify the feature works by visiting android.com/find from another device and confirming your phone appears on the map and responds to the "Play Sound" command.
Understand the scope. Find My Device can ring the device, lock it with a message, or erase it. The erase command performs a factory reset.
Repeat for each profile where you want this capability. Find My Device operates per-profile based on the Google account signed in to that profile.

What to rely on instead

The most dependable protections are the ones that do not require a network connection or a race against time:

Strong lock credentials. A long PIN or passphrase ensures that even if someone has physical possession, they cannot access your data without your credential.
Auto-reboot. GrapheneOS can automatically reboot the device after a configurable period of being locked (default 18 hours, adjustable down to 10 minutes). After reboot, the device enters BFU state where encryption keys are not in memory. This is a local protection that works regardless of network status.
Profile separation. Keeping sensitive data in secondary profiles that are closed when not in use means that even if the Owner profile is compromised, compartmentalised data remains protected.
Duress PIN. If you are compelled to unlock, a duress credential wipes the device immediately without any network dependency.
Minimal data retention. The most reliable way to protect data on a lost phone is to not have it on the phone in the first place. Use cloud storage you can revoke access to, avoid keeping sensitive documents locally, and regularly clean up data you no longer need on the device.
Encryption at rest. GrapheneOS uses strong encryption by default. A locked, rebooted device with a strong credential is already well protected against physical extraction, even without remote wipe.

Best practices

Test Find My Device before you need it. Many people enable it and assume it works, only to discover during an actual loss that the account was signed out or the service was disabled.
Do not treat remote wipe as your primary plan. Treat it as a bonus if conditions happen to align. Your primary plan should be local protections that work without any external dependencies.
Revoke access to cloud accounts independently. If your phone is lost, sign out of cloud services (email, messaging, storage) from another device. Do not wait for the remote wipe to handle this.
Consider whether Find My Device is worth the trade-off. Using it requires Google Play Services and a Google account, which have their own privacy implications. For some threat models, the privacy cost outweighs the conditional benefit.

Common mistakes

Relying solely on remote wipe as a theft response. By the time you realise the phone is gone, it may already be powered off, in airplane mode, or factory reset. Remote wipe is not a reliable sole defence.
Not testing that Find My Device actually works. Enable it, then verify from another device. Many users skip this step and discover the feature was never properly configured.
Assuming an offline phone can be wiped. It cannot. No network connection means no remote command delivery, period.
Forgetting to wipe per-profile. Find My Device is tied to the Google account in a specific profile. If sensitive data lives in a different profile without Google Play Services, Find My Device cannot touch it.
Delaying action after loss. The window for remote wipe is small and uncertain. If you decide to use it, send the command immediately. Every minute of delay increases the chance that conditions change and the command never arrives.

Reality check

Remote wipe is a conditional, network-dependent feature with a narrow window of effectiveness. It is not a safety guarantee. It is one tool among many, and not the most reliable one. The features that protect you most consistently are the ones built into the device itself: encryption, strong credentials, auto-reboot, profile separation, and disciplined data handling. These work whether the phone is online, offline, in your hands, or in someone else's.

Conclusion

Remote wipe has a place in a layered security approach, but that place is supplementary, not foundational. Understand its dependencies, test it in advance, and build your primary protections around mechanisms that do not require a network connection or perfect timing. The best response to a lost device is one you prepared for before it happened — not a command you hope arrives in time.

Every Privacy Devices phone ships with local protections configured — encryption, auto-reboot, and strong credentials that work without relying on a network connection.

Browse secure devices or ask us on WhatsApp.