GrapheneOS has announced a complete shutdown of its operations in France, citing increased risks for open source privacy projects within the country, after what it describes as coordinated pressure from French law enforcement and media. The project says authorities have threatened to seize servers and arrest developers if they refuse to add backdoors, while media outlets such as Le Parisien have echoed unverified claims tying the software to criminal use. Project leaders reject these associations, clarifying that cited examples involve unrelated copycat Android systems.
As a result, the operating system will remain accessible to French users, but all website, Mastodon, Discourse, and Matrix servers previously hosted on OVH are being moved to servers in Toronto and to Netcup in Germany, with key cryptographic credentials rotated and DNS moved to Vultr and BuyVM, and developers are now prohibited from traveling to or working in France due to perceived threats. The team says no confidential user data or critical update infrastructure was stored in France, so features like signature verification, downgrade protection, multilayer update and boot verification, and secure element protections remain unaffected, making brute force bypasses technically impossible regardless of legal demands.
According to the development team, French support for the European Union’s proposed Chat Control legislation added to their safety concerns and reinforced the sense that France is becoming hostile to privacy focused projects. They point to political pressure for encryption backdoors and laws that criminalize refusing to disclose a device PIN, while also accusing other France based AOSP distributions like iodéOS and /e/OS of being "scams and fake privacy products" misleading users with insecure products that lag behind on patches, weaken device encryption, and benefit from government funding despite offering far lower security.