How to Set Up a Monero Wallet on GrapheneOS (2026 Guide)
How to Set Up a Monero Wallet on GrapheneOS (2026 Guide)
In February 2024 Binance pulled Monero from its order books, and by the end of 2024 Kraken had followed for European customers. The lesson most people took away was the wrong one: that holding XMR had become hard. The real lesson is that custody matters, and the most private place to custody Monero is a phone you actually control. That is where GrapheneOS comes in — a hardened, de-Googled Android build that runs on Pixel hardware and gives you a clean, attestable base for a mobile wallet.
This guide walks through the full process: picking the right Pixel, flashing GrapheneOS, choosing a wallet app, connecting to a node over Tor, and backing up your seed so a lost phone never means lost funds. When you are ready to fund that wallet, MoneroSwapper lets you convert Bitcoin or stablecoins into Monero without an account, so the coins land directly in the wallet you just secured. By the end you will have a pocket-sized Monero setup with no Google services watching, no carrier tracking your wallet traffic, and full control of your spend key.
Why GrapheneOS Is the Right Base for a Monero Phone
A privacy coin on a leaky operating system is a contradiction. Stock Android phones phone home to Google constantly, pre-install carrier bloatware, and bind every app to a persistent advertising identifier. None of that is compatible with the threat model that makes someone reach for Monero in the first place.
GrapheneOS strips that surveillance layer out and replaces it with genuine hardening. It is the only major aftermarket OS that ships verified boot with your own keys, a hardened memory allocator, and per-app network and sensor permissions. For a Monero user, the specific wins are concrete:
- No Google Play Services by default: apps run without the Google dependency that normally leaks device telemetry. If you need Play, GrapheneOS sandboxes it like any other app instead of giving it system-level privileges.
- Per-app network permission: you can revoke a wallet's direct internet access and force every byte through Orbot (Tor), so your real IP never touches a remote node.
- User profiles and private spaces: isolate your wallet in its own profile with separate encryption, so a compromised browsing profile cannot read your wallet data.
- Hardened boot and attestation: verified boot detects tampering, and Auditor lets you confirm the device has not been backdoored before you load a seed onto it.
- No carrier customization: the baseline image is identical for everyone, which removes a whole class of supply-chain and bloatware risk.
GrapheneOS officially supports current and recent Google Pixel devices — practically, anything from the Pixel 6 generation through the Pixel 9 series, with the longest hardware security support landing on the newest models. Pixels are the only phones that allow re-locking the bootloader after flashing a custom OS, which is why GrapheneOS targets them exclusively.
Choosing Your Monero Wallet App
Monero's privacy guarantees come from the protocol, not the app: every transaction uses RingCT to hide amounts, CLSAG ring signatures to obscure the true sender among decoys, and a stealth address so the recipient's public address never appears on-chain. Bulletproofs+ keeps those confidential transactions small enough to verify cheaply. Any well-built wallet inherits all of that — your job is to pick one that respects the same privacy on the network and storage side.
The leading options
On GrapheneOS you have several solid choices, all open source and all capable of running over Tor. The differences are about node handling, multi-coin support, and how much they hold your hand.
| Wallet | Strengths | Trade-offs |
|---|---|---|
| Cake Wallet / Monero.com | Built-in Tor toggle, multi-coin, easy subaddress management, active development | Larger app surface; multi-coin means more code than a Monero purist may want |
| Monerujo | Monero-only, lightweight, mature, pairs cleanly with Orbot, supports Ledger | UI is utilitarian; no built-in Tor (you route via Orbot) |
| Stack Wallet | Open source, multi-coin, can run your own node, clean UX | Younger codebase; fewer years of audit history |
| Feather (desktop) | Power-user features, coin control, Tor by default | Desktop only — pair it with a mobile wallet, not a replacement on the phone |
For most people setting up their first GrapheneOS phone, Cake Wallet or Monerujo is the right call. Cake Wallet wins on convenience and a one-tap Tor setting; Monerujo wins if you want a Monero-only app with the smallest possible footprint and you are comfortable running Orbot alongside it.
Where to install from
Avoid the standard Google Play route. Instead use F-Droid or the wallet's own signed APK and the Aurora Store as a fallback. Monerujo and Cake Wallet both publish to F-Droid and ship reproducible or signed builds you can verify. On GrapheneOS, install F-Droid as a normal app — you do not need Sandboxed Google Play for any of the wallets above.
Step-by-Step: Flashing and Configuring
The full setup takes about 30 minutes the first time, most of it waiting on downloads and the OS installer. You will need a supported Pixel, a USB-C cable, and a computer running the browser-based GrapheneOS installer (it works in Chromium-based browsers via WebUSB).
- Back up and wipe the Pixel. Sign out of any Google account on the device first. Everything will be erased during flashing, so move nothing onto it yet.
- Enable OEM unlocking. In stock Android, turn on Developer Options, then enable "OEM unlocking" and "USB debugging." This authorizes the bootloader unlock.
- Run the GrapheneOS web installer. Open install.grapheneos.org on your computer, connect the Pixel, and follow the prompts to unlock the bootloader, flash the OS, and — critically — re-lock the bootloader afterward. Re-locking restores verified boot.
- Finish first-boot setup. Skip the network connection if you want to configure privacy tooling before anything talks to the internet. Set a strong PIN or passphrase; this key encrypts the device storage.
- Create a dedicated wallet profile. Under Settings, add a second user profile (or use a private space). Install your wallet only inside this profile so it is cryptographically isolated from your daily browsing.
- Install Orbot and your wallet. From F-Droid, install Orbot and your chosen wallet. In Orbot, enable "VPN mode" so app traffic routes through Tor. In GrapheneOS app settings, you can also revoke the wallet's direct network permission and allow only Orbot.
- Create the Monero wallet. Open the app, choose "Create new wallet," and let it generate a 25-word mnemonic seed. The 25th word is a checksum, so all 25 matter.
- Connect to a remote node over Tor. Point the wallet at a trusted node — your own, or a reputable .onion node — rather than the first default it offers. The wallet syncs the chain by downloading block data; over Tor this is slower but private.
- Verify before you fund. Send a small test amount first, confirm it arrives and the balance updates, then move larger sums. Generate a fresh subaddress for each incoming payment to keep funds unlinkable.
Write your 25-word seed on paper, never in a screenshot or a cloud note. A photo of your seed in a synced gallery is the single most common way self-custodied Monero gets stolen.
Hardening: Tor, Remote Nodes, and Network Privacy
Getting the wallet installed is half the job. The other half is making sure your network metadata does not undo Monero's on-chain privacy. The chain itself hides amounts, senders, and recipients, but a remote node still sees your IP address and the transactions you broadcast — unless you route around that.
Routing the wallet through Tor with Orbot solves the IP problem: the node sees a Tor exit, not your home connection. Monero's own Dandelion++ propagation adds a second layer at the protocol level, randomizing how a transaction first enters the mempool so observers cannot easily trace it back to an originating node. The two together are far stronger than either alone.
Remote node vs. your own node
A remote node is convenient and, over Tor, reasonably private — but you are trusting that node not to log timing patterns. If your threat model is serious, run your own node on a home server or a cheap VPS, expose it as a hidden service, and point only your phone at it. The wallet then leaks nothing to third parties, because the node is yours. For everyday use, a reputable community .onion node plus Tor is a sensible middle ground.
One more network detail: keep the wallet in its own GrapheneOS profile and consider disabling its sensors and contacts permissions entirely. A wallet has no business reading your microphone or address book. GrapheneOS makes those denials trivial, and denied permissions are returned as empty data rather than triggering a crash.
Worth knowing for the road ahead: Monero's privacy stack is not static. The FCMP++ upgrade (full-chain membership proofs) is set to replace ring signatures with a proof that hides the real input among the entire chain history rather than a ring of 16 decoys, and the longer-term Seraphis and Jamtis work reworks the addressing and transaction format. None of this changes your setup today — wallets will update over F-Droid — but it is why a self-custodied, updatable mobile wallet beats leaving coins on an exchange that might delist XMR next quarter.
FAQ
Do I need a Google account to run a Monero wallet on GrapheneOS?
No. GrapheneOS runs entirely without a Google account, and every Monero wallet recommended here installs from F-Droid or a signed APK. You never touch Google Play Services unless you deliberately install the sandboxed version for some other app.
Is a remote node safe, or must I run my own?
A remote node is safe for the privacy of your funds because it never sees your seed or spend key — it only relays block data and broadcasts your transactions. The risk is metadata: the node sees your IP and timing. Routing through Tor with Orbot closes most of that gap. Running your own node closes the rest and is the gold standard for high-stakes use.
What happens if I lose or break my phone?
Nothing, as long as you wrote down the 25-word mnemonic seed. Your funds live on the Monero blockchain, not on the device. Restore the seed into any Monero wallet on any device and your balance reappears after a sync. This is exactly why the paper backup step is non-negotiable.
Can I use a view key to monitor balances without exposing my funds?
Yes. Monero separates the view key (which can see incoming transactions) from the spend key (which authorizes sending). You can load a view-only wallet onto a second device — say, a laptop — to watch balances while the spend key stays only on your hardened phone.
Why not just keep Monero on an exchange?
Exchanges delist privacy coins under regulatory pressure — Binance and Kraken both cut XMR access for large markets in 2024 — and a custodial balance is only as private as the exchange's logs, which is to say not private at all. Self-custody on GrapheneOS keeps your keys, your privacy, and your access entirely in your hands.
Conclusion
A Pixel running GrapheneOS with Monerujo or Cake Wallet, routed through Tor and backed by a paper seed, is one of the most private and resilient wallet setups available to an ordinary person in 2026 — and it costs nothing but a used phone and half an hour. You get protocol-level privacy from RingCT and stealth addresses, network-level privacy from Tor and Dandelion++, and device-level privacy from an OS that simply does not spy on you.
Once the wallet is live, the last step is funding it without handing your privacy back at the door. MoneroSwapper swaps Bitcoin, USDT, and other assets straight into your Monero address with no account and no KYC, so the coins arrive in the wallet you just locked down. Ready to fill it? Start a swap at buy Monero anonymously and keep custody where it belongs — with you.
🌍 Read in