SOVEREIGN

FAQ

Questions.

The things people actually ask before they order.

Pixels are the only Android phones that let you install a custom OS and then re-lock the bootloader. Re-locking restores Verified Boot — the hardware-level check that proves your OS is genuine on every power-on. Without that, you don't have real security. Apple doesn't permit OS replacement. Most other Android manufacturers don't support bootloader re-locking after flashing. Pixels do, which is why GrapheneOS only targets Pixels.

Yes, for most Australian banks. GrapheneOS includes Sandboxed Google Play — a version of Google's services that runs as a normal, fully sandboxed app with no special system privileges. Most banking apps work without modification. Occasionally an individual app requires a per-app compatibility setting, which we apply during setup. If you're unsure about a specific app, contact us before purchasing — or book a right-sizing consult.

No. We install official, unmodified GrapheneOS — the same build available from grapheneos.org. We don't modify the OS. The Verified Boot fingerprint on your device will match the GrapheneOS project's own published values exactly, which you can verify yourself. Our work is configuration and setup, not OS modification.

A factory reset wipes everything — including the SOVEREIGN configuration. This is a security feature of GrapheneOS, not a flaw. If this happens, the phone will still have GrapheneOS installed, but it will be unconfigured. Our Reconfiguration Service will restore it to your original configuration. Send it back to us and we'll have it back to you the next business day.

The duress password is an optional GrapheneOS feature: if you enter this specific PIN or password at the unlock screen, the phone immediately and permanently wipes all data. It's designed for situations where you're compelled to unlock your device and want to ensure your data is destroyed rather than accessed. We configure a temporary duress credential during setup, and your first task on receiving the phone is to set your own. Triggering the duress wipe, like a factory reset, wipes your configuration and will require our reconfiguration service.

We retain order information required for Australian business and tax obligations. We do not retain device contents. The temporary setup credentials we use during configuration are documented on the job sheet and destroyed after the customer confirms first boot. We do not have access to your phone after dispatch.

All sales are final once a phone ships — each is built and configured to order. There are also privacy and security reasons we don't accept phones back; a returned device may contain sensitive personal data. If your phone arrives with a genuine manufacturing defect, contact us and we'll handle it under Australian Consumer Law. Accidentally reset your phone? That's what our Reconfiguration Service is for.

Yes. We ship to New Zealand, UK, and most international destinations. Note that cellular band compatibility and import duties are the customer's responsibility. Contact us before ordering if you're outside Australia.

Yes — contact us. We can configure a Pixel you already own. Note that we'll need to verify the device condition before accepting it, and the price reflects configuration only (no hardware cost).

A threat model is simply an honest assessment of what you're protecting, from whom, and how much friction you're willing to accept to protect it. You don't need a formal threat model to benefit from a SOVEREIGN phone — but understanding yours helps us configure the right setup. Our right-sizing consult and threat-model advisory service exist for exactly this.

Still have a question?