TL;DR: CalyxOS is an ideal choice if this is your first de-googled experience. It is user-friendly and comes with a suite of open-source apps, a complete solution out of the box. However, if you have a higher threat model, looking for enhanced security and you don't mind installing a few more apps, then take a good look at GrapheneOS. The developers provide added layers of encryption for those that need it. if you want a solid de-googled experience on a broad range of devices, or like to experiment with rooting or sideloading and don't mind an unlocked bootloader, then LineageOS is your answer. Next, /e/OS offers a polished user interface similar to iOS and features a complete ecosystem including email service and cloud storage. And finally, DivestOS is a hardened fork of LIneageOS for Pixel 2, 2 XL, and 4a
If that quick introduction didn't convince you, read on for a more in-depth explanation.
CalyxOS was developed by the Calyx Institute, a non-profit organization that advocates for encrypted and private communication online. Its founder, Nicholas Merrill, is well known for filing the first Constitutional challenge against the USA PATRIOT Act National Security Letters statute. In 2004 his company, Calyx Internet Access (a small internet service provider) received a gag order from the FBI in the form of a National Security Letter. He did not comply with the FBI's request for his customers' personal information and he sued the FBI and Department of Justice and became the plaintiff in Doe vs Ashcroft. Ultimately the gag order was lifted in 2010, he was able to reveal his identity as the recipient and thus began his promotion of privacy in digital communications through the Calyx Institute.
operating system has a lot going for it. By taking advantage of
Verified Boot option built into Google Pixel smartphones, CalyxOS is
able to ensure the official signed build of the OS has not been
modified, and therefore the phone is able to receive automatic monthly
over-the-air security updates just like a googled Android. This is
significant because earlier custom ROMs left the bootload unlocked,
meaning few if any security updates for the phone. The limitation is
that CalyxOS can only be installed on a Google Pixel 2 or newer.
Another selling feature is CalyxVPN, a free VPN service that allows you to obfuscate data traffic from your carrier or ISP. You also get a built-in Firewall for limiting system and app network communication, privacy settings that restrict app permissions, secure backups, a private dialer function that uses Signal to make encrypted phone calls, OpenPGP encryption support for email, built in Tor Browser and DuckDuckGo for browsing the internet without being tracked, F-Droid and Aurora Store apps pre-installed, and a bunch more features.
If all that
privacy goodness makes you happy, then CalyxOS is a solid choice. Or...
read on if you want to hear what GrapheneOS and LineageOS have to
GrapheneOS is another non-profit organization. The project's website describes it as being "focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model." Development of GrapheneOS dates back to 2014 when it was known as CopperheadOS. In 2019 the project split and they became known as GrapheneOS. The team's focus is much more on security and reducing potential vulnerabilities than on privacy or anonymity features. This may be attractive if you are in a high-threat environment (journalist, political dissident) or any situation where your information and communication may be actively targeted.
Like CalyxOS, GrapheneOS takes advantage of Verified Boot on Google Pixel hardware and therefore enjoys regular security updates. This limits compatible hardware to Google Pixel 3 or newer.
It is worth noting that the GrapheneOS team states explicitly they "will never include either Google Play services or another implementation of Google services like microG." This is significant for those of us seeking to distance ourselves from Google's unbridled spying and censorship.
GrapheneOS includes a suite of their own apps: Vanadium (a hardened variant of Chromium), Camera, PDF Viewer, and Auditor. To gain a full appreciation of the merits of the OS, it's worth reading about their security features for yourself. Realizing how much development has gone into this project, we can safely say it is one of the most secure Android operating systems available.
LineageOS is an open source variant of Android developed by a community of volunteers. It is the successor to the CyanogenMod custom ROM that was discontinued in 2016. Most notably, it supports a broad range of Android phones and tablets such as OnePlus, Motorola, Sony, and Samsung. For details, see the list of supported devices on their website.
The development of LineageOS is focused on hardware compatibility and less on added privacy features. LineageOS does not advertise itself as a privacy-friendly custom ROM. But because all Google proprietary software is removed, it respects your privacy for that reason alone. With exception of a SIM card (your phone number), there is no account login or identity on the device, making you anonymous just like CalyxOS or GrapheneOS.
While CalyxOS and GrapheneOS take advantage of Verified Boot, LineageOS does not. Once the bootloader is unlocked and LineageOS is installed, the bootloader remains unlocked. Therefore there is no obvious way to verify the OS build has not been modified or tampered with. While some will see this as a risk to security, others see it as purely the nature of custom ROMs. In fact most people that find themselves using LineageOS appreciate the ability to compile and build their own software and modify their operating system at will. Another common trait of LineageOS phones is the ability to be "rooted", or for the owner to gain root access to the system files. This means the owner can modify or "hack" the operating system.
If you are a Linux enthusiast or sysadmin, then rooting your phone and tweaking the software is probably making you excited. In that case, LineageOS is your friend.
Note about LineageOS for microG: LineageOS for microG makes it possible to use apps that depend on Google Play Services, like ebay, Uber, Grubhub, Starbucks, banking apps, basically any app from a business in which financial transactions are processed. It provides a direct but anonymous connection from your device to Google's server. To improve privacy and security, we recommend NOT using these apps, NOT connecting to Google's servers, and instead choosing standard LineageOS (without microG). With standard LineageOS, you'll still be able to install thousands of apps, and the privacy-friendly apps on our recommended apps list all work perfectly.
Key privacy features include replacement of all proprietary Google software with customized open-source apps. microG is used as an alternative to Google Play Services. The connectivity checks, NTP server, DNS default servers, and geo-location no longer communicate in the background to Google servers. So even under the hood, the developers have made sure the operating system is not communicating with Google in any way.
If you're looking for a polished interface, slightly different than the typical look and feel of Android, give /e/OS serious consideration.
Note: We reserve DivestOS as a by-request installation for the Pixel 2, Pixel 2 XL, and Pixel 4a only. Please contact us if you want a device with DivestOS installed.
Advertising itself as a "mobile operating system divested from the norm", DivestOS is an interesting project that deserves consideration. Supported by a small group of volunteers and led by one primary developer, the project is making aggressive strides in the privacy mobile OS arena. The operating system is a soft fork of LineageOS and has privacy and security as specified goals. To that aim, DivestOS offers signed builds, making verified boot and locked bootloaders possible on some Pixel and non-Pixel devices.
With a focus also on security, DivestOS includes kernel patches from GrapheneOS and enables all available kernel security features via defconfig hardening, as well as implementing a handful of system hardening patches developed by GrapheneOS. Additionally notable is the suite of privacy apps developed for DivestOS users.
Unique to DivestOS for the Pixel 2 and Pixel 2 XL, it supports Android 12. After installing with verified boot, and fully testing DivestOS, there are minor bugs to deal with, so be sure you understand that before choosing this as your OS.
There are dozens of other Android variants we could review and install on our devices. But we offer those discussed above because they are mature open-source projects that provide a robust and reliable operating system with privacy-friendly features. Contact us if you have questions about this article or the operating systems we covered.