GrapheneOS, the privacy-focused Android operating system, has ended all operations in France, saying the country is no longer a safe place for open source privacy projects.
Although French users will still be able to install and use the software, the project is moving every related service, including its website, forums, and discussion servers, outside French territory.
Until now, GrapheneOS used OVH Bearharnois, a hosting provider based in France, for some of its infrastructure. That setup is being dismantled.
More: An Introduction to GrapheneOS
The Mastodon, Discourse, and Matrix servers will operate from Toronto on a mix of local and shared systems. These changes are designed to remove any dependency on French service providers.
The developers said their systems do not collect or retain confidential user data and that no critical security infrastructure was ever stored in France. Because of that, the migration will not affect features such as update verification, digital signature checks, or downgrade protection.
The decision also applies to travel and work policies. Team members have been told not to enter France, citing both personal safety concerns and the government’s endorsement of the European Union’s Chat Control proposal.
That measure would allow authorities to scan private communications for illegal material, something privacy developers see as incompatible with secure digital design.
The move follows a pair of articles in Le Parisien that linked GrapheneOS to criminal activity. In one interview, French cybercrime prosecutor Johanna Brousse stated:
“With this new tool, there is real legitimacy for a certain portion of users in the desire to protect their exchanges. The approach is therefore different. But that won’t stop us from suing the publishers if links are discovered with a criminal organization and they don’t cooperate with the law.”
GrapheneOS responded that the newspaper confused its legitimate project with counterfeit versions that imitate the software.
These fake copies, they said, are distributed by outside actors and sometimes advertised through unlisted YouTube videos, dark web channels, or imitation social media pages.
None of these activities, according to the developers, is part of the official project.
More: When Locking Down Your Phone Unlocks Police Suspicion
The team has previously considered legal action against what it calls government-backed forks.
One earlier case involved ANOM, an FBI-controlled operation that spread a compromised Android system as part of “Operation Trojan Horse” between 2018 and 2021.
By pulling its infrastructure from France, GrapheneOS is making a larger statement about the shrinking space for privacy technology within Europe.
Developers seeking to build secure communication tools are finding that their work increasingly exists in conflict with state surveillance initiatives, where protecting privacy can itself be treated as a suspect act.
“We won’t travel to France, including avoiding conferences and will avoid having people working in the country too,” GrapheneOS posted on X, adding that it’s a “simple heuristic for the EU is avoiding countries supporting Chat Control.”
Privacy and freedom tech companies are increasingly becoming suspicious of what’s happening in Europe. The arrest and detention of Telegram founder Pavel Durov in France last year became a defining moment.
French authorities justified their actions by pointing to Telegram’s alleged use in criminal activity, yet the optics of detaining a prominent figure known for defending free communication sent a clear message to the global tech community.
It revealed a willingness to target the individual rather than the misuse of the tool, suggesting that the government’s discomfort lies less with crime prevention and more with technologies that resist surveillance.
These actions paint a troubling picture of a country positioning itself not as a defender of digital rights, but as a gatekeeper willing to erode them under the banner of public safety.
