Why prepared devices exist — the preparation is the product.
The software we ship is free, and anyone can install it. So what are you actually paying for? The honest answer is the gap between a phone that can be private and a phone that is private — correctly, completely, and today. That gap is the work. The work is the product.
A capable device and a prepared device are not the same thing. The hardware is a vessel; what makes it trustworthy is dozens of small, correct decisions — installed, relocked, configured, and verified — that most people do not have the time or the appetite to get exactly right. We do that work, to a standard, before the device reaches you.
The gap nobody talks about
The privacy conversation usually stops at "use this operating system" or "install this app." But a secure phone is not a single decision — it is the sum of many. Verified boot has to be relocked, not just flashed. The VPN has to be enforced, not merely installed. Profiles have to actually separate the things that matter. Encrypted messaging has to be licensed and set up. Auto-reboot, sensor toggles, and the duress layer have to be configured to a real threat model. Any one of these, done halfway, leaves a device that looks private and is not.
That gap — between intention and correct execution — is where most do-it-yourself privacy phones quietly fail. Not because the owner is careless, but because doing it right takes time, knowledge, and attention that most people would rather spend elsewhere.
What "prepared" actually means
Installed and relocked
GrapheneOS flashed against the current release and verified boot relocked against its keys — the step most self-installs skip.
Configured to a standard
Profiles, sandboxed apps where needed, enforced VPN, encrypted comms, eSIM, and the Phantom Protocol duress layer — set up the same correct way every time.
Verified
Attestation checked, settings confirmed, the whole posture tested before the device is packed. You receive a phone that works, not a project.
Supported
A real support line, a warranty, and the option to restore a known-good state quickly if anything ever goes wrong.
This is not a knock on doing it yourself
If you enjoy the process and have the time, flashing your own device is completely legitimate and the result can be excellent — we publish the guides for it and respect the people who do. Prepared devices exist for everyone else: the executive whose hours are worth more than the saving, the journalist who needs it right the first time, the person buying for a family member, and anyone for whom a mistake on the relock or the configuration is simply not an acceptable outcome. For an honest side-by-side, see prepared GrapheneOS vs DIY flashing.
Why we frame it this way
Plenty of vendors sell "a phone." We sell the preparation, and we are explicit about it because it sets the right expectation: you are buying correctness and time, on top of hardware you could in principle buy anywhere. It also keeps us honest. If the preparation is the product, then the standard of that preparation — and our willingness to verify and support it — is the entire basis of the relationship. That is a standard we are happy to be held to.
Why prepared devices exist — FAQ
What does "prepared device" actually mean?
It means the device arrives with everything done correctly: GrapheneOS installed and verified boot relocked, profiles and sandboxed apps configured, VPN enforced, encrypted comms licensed, eSIM provisioned, and the duress layer armed and tested — to a consistent standard, verified before dispatch. You receive a working phone, not a setup project.
Why not just flash it myself?
You can, and if you have the time and inclination it is a great option — we publish the guides for it. Prepared devices exist for people whose time is valuable, who need it correct the first time, or for whom a mistake on the relock or configuration is unacceptable. The software is the same; the difference is who does the work and carries the risk.
Is a prepared device a different or modified GrapheneOS?
No. It is the same open-source GrapheneOS from the same official builds. You are not paying for a special OS — you are paying for the installation, relock, configuration, verification, and support around it.
What exactly is configured before it ships?
GrapheneOS and verified-boot relock, user/work profiles, sandboxed Google Play where a specific app needs it, an enforced VPN, licensed encrypted messaging, a provisioned eSIM, and the Phantom Protocol duress and remote-wipe layer — then an integrity check before packing.
Who is a prepared device really for?
People whose time and security both count: executives, journalists, legal professionals, those buying for family, and anyone who would rather receive a phone that simply works correctly than spend a weekend getting the details exactly right.
Buy correctness, not a project.
The same open-source OS, prepared to a standard and handed over ready to use. Same-day dispatch from Australia.
View Prepared Devices → Ask Us Anything