Privacy in Mobile Computing: An Analysis of GrapheneOS; Online Privacy and Power: How Organizations Shape User Dynamics

In today's rapidly evolving digital landscape, the exponential growth of computational
power and the complexity of the internet have increasingly isolated users from understanding the
underlying systems they rely on daily. When personal computing, and later the early web, was
released to the public, they were designed primarily for researchers, mathematicians, and
programmers. These early technologies required a level of technical expertise and understanding
that the average person simply did not possess. Over time, proprietary software providers have
developed systems and interfaces that make these technologies more accessible to the masses,
allowing people to use powerful tools without needing to understand how they work at a system
level. However, this accessibility has come at a significant cost: the erosion of user agency,
awareness, and control. With software now designed to be intuitive and user-friendly, many users
are unaware of the inner workings of the platforms they rely on. A perfect example of this can be
seen in how users routinely agree to terms of service and privacy policies without ever reading
them. This lack of awareness and understanding speaks to a deeper issue within modern
computation and software: the growing disempowerment of users in a landscape increasingly
dominated by service providers.
My STS research examines the intersection of technological innovation, economic
centralization, and power redistribution in the context of web-based advertising using Mesthene’s
framework. The evolution of technologies like cookies and AJAX, originally designed to
enhance user experiences, has led to a concentration of power among a few large providers,
2
reshaping the relationship between users and digital platforms. Advertising-driven consolidation
has resulted in a surveillance-driven economy, eroding user autonomy and privacy. My research
will highlight how these technologies have normalized surveillance and shifted societal norms
around privacy. I also emphasize the need for regulatory measures, privacy-preserving
technologies, and public education to address these power imbalances and ensure a more
equitable digital ecosystem.
My technical research focuses on evaluating the effectiveness of GrapheneOS, a
privacy-first mobile operating system built on the Android Open Source Project (AOSP). It
addresses the pervasive data collection practices of mainstream platforms like Android and iOS
by eliminating Google telemetry, enhancing application sandboxing, and implementing granular
permission controls. Unlike standard Android systems, GrapheneOS prioritizes user control and
data security by allowing apps to function without root access or excessive permissions, offering
users a transparent and secure experience. Key features include default privacy protections, such
as disabling telemetry during setup, network permission toggles, and ephemeral storage to
prevent long-term tracking. To balance usability and security, GrapheneOS integrates Google
Play Services within a secure sandbox, enabling compatibility with essential apps while
minimizing data exposure. My research evaluates how features such as these, the culture of
GrapheneOS development, and user feedback impacts the effectiveness of GrapheneOS in
facilitating privacy and user agency.
Through this research, I’ve come to a deeper understanding of how technology both
empowers and disempowers users in today’s digital age. Initially, I underestimated the extent to
which personal computing and the internet have evolved from tools for specialized experts into
black-box systems that most people use daily without understanding how they work. As I
3
explored the growing disconnect between users and the underlying technologies, I realized just
how much control we’ve surrendered over our personal data and how little awareness many of us
have about the systems we engage with. For instance, the fact that users often agree to terms of
service and privacy policies without reading them highlights a disturbing trend of growing user
disempowerment.
This research also reinforced the importance of considering both the technical and social
aspects of software development. As I worked on the research for GrapheneOS, I recognized that
technical solutions like encryption and local data storage are crucial, but they must be designed
with an understanding of the broader social and legal implications. The project has shown me the
real-world consequences of the intersection between technology, society, and policy. By focusing
on user privacy and control, I’m addressing a pressing need for secure, user-centric platforms in
an environment where users’ rights to privacy are increasingly compromised. Through this
process, I’ve come to appreciate the responsibility developers have to consider the sociopolitical
impacts of their work and the power dynamics shaping our digital experiences.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Briana Morrison

STS Advisor: Kathryn Neeley

Technical Team Members: Andrew Fournie