Introduction

TL;DR: CalyxOS is an obvious choice if this is your first de-googled experience. It is user-friendly and comes with a suite of open-source apps, a complete solution out of the box.  However, if you have a higher threat model, looking for enhanced security and you don't mind installing a few more apps, then take a good look at GrapheneOS. The developers provide added layers of encryption for those that need it. DivestOS is an ideal choice (and the only choice) to enjoy Android 12 on a Google Pixel 2 or Pixel 2 XL.  And finally, if you cannot stand the idea of owning a Google Pixel phone (even if it is de-googled), or if you are more technically savvy and want to experiment with rooting and sideloading, then LineageOS is your answer.

If that quick intro didn't convince you, read on for a more in-depth explanation.

CalyxOS

CalyxOS was developed by the Calyx Institute, a non-profit organization that advocates for encrypted and private communication online.  Its founder, Nicholas Merrill, is well known for filing the first Constitutional challenge against the USA PATRIOT Act National Security Letters statute. In 2004 his company, Calyx Internet Access (a small internet service provider) received a gag order from the FBI in the form of a National Security Letter.  He did not comply with the FBI's request for his customers' personal information and he sued the FBI and Department of Justice and became the plaintiff in Doe vs Ashcroft. Ultimately the gag order was lifted in 2010, he was able to reveal his identity as the recipient and thus began his promotion of privacy in digital communications through the Calyx Institute. 

The operating system has a lot going for it.  By taking advantage of Verified Boot option built into Google Pixel smartphones, CalyxOS is able to ensure the official signed build of the OS has not been modified, and therefore the phone is able to receive automatic monthly over-the-air security updates just like a googled Android.  This is significant because earlier custom ROMs left the bootload unlocked, meaning few if any security updates for the phone.  The limitation is that CalyxOS can only be installed on a Google Pixel 2 or newer.

Another selling feature is CalyxVPN, a free VPN service that allows you to obfuscate data traffic from your carrier or ISP.  You also get a built-in Firewall for limiting system and app network communication, privacy settings that restrict app permissions, secure backups, a private dialer function that uses Signal to make encrypted phone calls, OpenPGP encryption support for email, built in Tor Browser and DuckDuckGo for browsing the internet without being tracked,  F-Droid and Aurora Store apps pre-installed, and a bunch more features. 

If all that privacy goodness makes you happy, then CalyxOS is a solid choice.  Or... read on if you want to hear what GrapheneOS and LineageOS have to offer.

GrapheneOS

GrapheneOS is another non-profit organization.  The project's website describes it as being "focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model." Development of GrapheneOS dates back to 2014 when it was known as CopperheadOS. In 2019 the project split and they became known as GrapheneOS. The team's focus is much more on security and reducing potential vulnerabilities than on privacy or anonymity features. This may be attractive if you are in a high-threat environment (journalist, political dissident) or any situation where your information and communication may be actively targeted. 

Like CalyxOS, GrapheneOS takes advantage of Verified Boot on Google Pixel hardware and therefore enjoys regular security updates. This limits compatible hardware to Google Pixel 3 or newer. 

It is worth noting that the GrapheneOS team states explicitly they "will never include either Google Play services or another implementation of Google services like microG." This is significant for those of us seeking to distance ourselves from Google's unbridled spying and censorship.

GrapheneOS does include a few locally developed apps like Vanadium, a hardened variant of Chromium, WebView, PDF Viewer, and Auditor. To gain a full appreciation of the merits of the OS, it's worth reading about their security features for yourself.  Realizing how much development has gone into this project, we can safely say it is one of the most secure Android operating systems available.

DivestOS

Advertising itself as a "mobile operating system divested from the norm", DivestOS is an interesting project that deserves consideration. Supported by a small group of volunteers and led by one primary developer, the project is making aggressive strides in the privacy mobile OS arena. The operating system is a soft fork of LineageOS and has privacy and security as specified goals. To that aim, DivestOS offers signed builds, making verified boot and locked bootloaders possible on some Pixel and non-Pixel devices.

With a focus also on security, DivestOS includes kernel patches from GrapheneOS and enables all available kernel security features via defconfig hardening, as well as implementing a handful of system hardening patches developed by GrapheneOS. Additionally notable is the suite of privacy apps developed for DivestOS users.

We were excited to see hardware support for the Pixel 2 and 2 XL, especially since it supports Android 12. After installing with verified boot, and fully testing DivestOS on the Pixel 2/2XL, we recommend it specifically for those devices.

LineageOS

We reserve LineageOS to those who are more technically inclined and who may enjoy tinkering with their phone. LineageOS is another variant of Android developed by a community of volunteers. It is the successor to the CyanogenMod custom ROM that was discontinued in 2016. The great thing about LineageOS is it supports a broad range of older Android phones and tablets, over 109 devices to be exact. In fact, check out their list of supported devices on their website.

The development of LineageOS is focused on hardware compatibility and less on added privacy features. LineageOS does not advertise itself as a privacy-friendly custom ROM. But having stripped out all Google proprietary software, it respects your privacy by default. With exception of a SIM card (phone number), you are anonymous. There is no Google account, no Google Play Store, no location tracking, and no personal data being collected and sent back to Big Tech.

While CalyxOS and GrapheneOS take advantage of Verified Boot, LineageOS does not. Once the bootloader is unlocked and LineageOS is installed, the bootloader remains unlocked. Therefore there is no obvious way to verify the OS build has not been modified or tampered with. While some will see this as a risk to security, others see it as purely the nature of custom ROMs. In fact most people that find themselves installing LineageOS appreciate the ability to compile and build their own software and modify their operating system at will. Another common trait of LineageOS phones is the ability to be "rooted", or for the owner to gain root access to the system files. This is a feature that means the owner can modify or "hack" the operating system.

If you are a Linux enthusiast or sysadmin, then rooting your phone and tweaking the software is probably making you excited. In that case, LineageOS is your friend. Then again, if you are using the Linux command line, you may already have a de-googled phone!

Conclusion

There are dozens of other Android variants we could review and install on our devices. But we offer those discussed above because they are mature open-source projects that provide a robust and reliable operating system with privacy-friendly features. If you have questions about this article or the operating systems we covered, feel free to contact us and we'll do our best to answer them for you.