Introduction
When choosing an operating system for your mobile device, CalyxOS is an ideal choice if this is your first de-googled experience. It is user-friendly and comes with a suite of open-source apps, a complete solution out of the box. DivestOS is a particularly good choice for anyone that shares a love of open standards and open-source software. They also offer security features like verified boot and lockable bootloader for specific devices. Next, /e/OS presents a polished user interface similar to iOS, featuring an impressive privacy dashboard, and a complete ecosystem including email service and cloud storage. If you have a higher threat model, and need enhanced security, then take a good look at GrapheneOS. The developers provide added layers of encryption and prioritize timely security updates. Finally, if you simply want to rid yourself of Google, bloatware, and enjoy a basic de-googled experience on a broad range of devices, then LineageOS is your answer.
If that quick introduction didn't convince you, read on for a more in-depth explanation.
CalyxOS was developed by the Calyx Institute, a non-profit organization that advocates for encrypted and private communication online. Its founder, Nicholas Merrill, is well known for filing the first Constitutional challenge against the USA PATRIOT Act National Security Letters statute. In 2004 his company, Calyx Internet Access (a small internet service provider) received a gag order from the FBI in the form of a National Security Letter. He did not comply with the FBI's request for his customers' personal information and he sued the FBI and Department of Justice and became the plaintiff in Doe vs Ashcroft. Ultimately the gag order was lifted in 2010, he was able to reveal his identity as the recipient and thus began his promotion of privacy in digital communications through the Calyx Institute.
The operating system has a lot going for it. By taking advantage of Verified Boot option built into Google Pixel smartphones, CalyxOS is able to ensure the official signed build of the OS has not been modified, and therefore the phone is able to receive automatic monthly over-the-air security updates just like a googled Android. This is significant because earlier custom ROMs left the bootloader unlocked, meaning few if any security updates for the phone. CalyxOS supports mostly newer Pixel devices.
Another selling feature is CalyxVPN, a free VPN service that allows you to obfuscate data traffic from your carrier or ISP. You also get a built-in Firewall for limiting system and app network communication, privacy settings that restrict app permissions, secure backups, a private dialer function that uses Signal to make encrypted phone calls, OpenPGP encryption support for email, built in Tor Browser for browsing the internet without being tracked, and F-Droid and Aurora Store apps pre-installed. To see the full list of privacy apps included, visit the CalyxOS Apps page. If all that privacy goodness makes you happy, then CalyxOS is a solid choice.
DivestOS is an interesting project that deserves consideration. Advertising itself as a "mobile operating system divested from the norm", it is supported by a small group of volunteers and led by one primary developer. The project is making aggressive strides in the privacy mobile OS arena. The operating system is a soft fork of LineageOS and has privacy and security as specified goals. To that aim, DivestOS offers signed builds, making verified boot and locked bootloaders possible on some devices.
With a focus also on security, DivestOS includes kernel patches from GrapheneOS and enables all available kernel security features via defconfig hardening, as well as implementing a handful of system hardening patches developed by GrapheneOS.
Finally, DivestOS places a high standard on free and open source software. In fact, over 700 proprietary blobs are removed during build time in favor of open source alternatives. The icing on the cake is an impressive suite of privacy apps included with ever DivestOS build.
/e/OS is an open source privacy-focused fork of LineageOS introduced in 2018 by Gael Duval (creator of Mandrake Linux) and the e.Foundation. The developers at /e/OS have taken the de-googled phone concept a step further and added an entire ecosystem that includes their own app store, cloud storage, email platform. If the idea of another centralized cloud storage and email service is a turn-off, it is easy to opt-out during setup. A customized launcher called "Bliss Launcher" sets /e/OS apart from the other de-googled Android variants in terms of user interface and user experience. It actually feels more like iOS than Android.
Key privacy features include replacement of all proprietary Google software with customized open-source apps. microG is used as an alternative to Google Play Services. The connectivity checks, NTP server, DNS default servers, and geo-location no longer communicate in the background to Google servers. So even under the hood, the developers have made sure the operating system is not communicating with Google in any way. If you appreciate a polished interface, something slightly different than the typical look and feel of Android, give /e/OS consideration.
We currently offer /e/ OS version R (equivalent to Android 11) on the Pixel 4a and version S (equivalent to Android 12) on Pixel 4, 4 XL, and 5. Also note that /e/ OS does not provide software updates for these devices.
GrapheneOS is another non-profit organization. The project's website describes it as being "focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model." Development of GrapheneOS dates back to 2014 when it was known as CopperheadOS. In 2019 the project split and they became known as GrapheneOS. The team's focus is much more on security and reducing potential vulnerabilities than on privacy or anonymity features. This may be attractive if you are in a high-threat environment (journalist, political dissident) or any situation where your information and communication may be actively targeted.
Like CalyxOS, GrapheneOS takes advantage of Verified Boot on Google Pixel hardware and therefore enjoys regular security updates. This limits compatible hardware to Google Pixel 3 or newer.
It is worth noting that the GrapheneOS team states explicitly they "will never include either Google Play services or another implementation of Google services like microG." This is significant for those of us seeking to distance ourselves from Google's unbridled spying and censorship.
GrapheneOS includes a suite of their own apps: Vanadium (a hardened variant of Chromium), Camera, PDF Viewer, and Auditor. To gain a full appreciation of the merits of the OS, it's worth reading about their security features for yourself. Realizing how much development has gone into this project, we can safely say it is one of the most secure Android operating systems available.
LineageOS is an open source variant of Android developed by a community of volunteers. It is the successor to the CyanogenMod custom ROM that was discontinued in 2016. Most notably, it supports a broad range of Android phones and tablets such as OnePlus, Motorola, Sony, and Samsung. For details, see the list of supported devices on their website.
The development of LineageOS is focused on hardware compatibility and less on added privacy features. LineageOS does not advertise itself as a privacy-friendly custom ROM. But because all Google proprietary software is removed, it respects your privacy for that reason alone. Just like the other de-googled operating systems, with exception of a SIM card (your phone number) there is no account login or identity on the device by default.
While CalyxOS and GrapheneOS take advantage of Verified Boot, LineageOS does not. Once the bootloader is unlocked and LineageOS is installed, the bootloader remains unlocked. Therefore there is no obvious way to verify the OS build has not been modified or tampered with. While some will see this as a risk to security, others see it as purely the nature of custom ROMs. In fact some people choose LineageOS for the ability to compile and build their own software and modify their operating system at will. Another common trait of LineageOS phones is the ability to be "rooted", or for the owner to gain root access to and modify system files.
Note that LineageOS does not include microG or any variant of Google Play Services. This means some apps (banking apps, corporate apps) that depend on handshaking with Play Store will not work.
LineageOS for microG takes regular LineageOS and makes it possible to use apps that depend on Google Play Services, like ebay, Uber, Grubhub, Starbucks, banking apps, basically any app from a business in which financial transactions are processed. It provides a direct but anonymous connection from your device to Google's server. It also makes global notifications possible, which is otherwise removed with regular LineageOS.
If your goal is to get away from Google as much as possible, we recommend not using banking and financial apps on your mobile device, not connecting to Google's servers, and instead choosing regular LineageOS. You'll still be able to install thousands of apps, and the privacy-friendly apps on our recommended apps list all work perfectly without microG.
Conclusion
There are dozens of other Android variants we could review and install on our devices. But we offer those discussed above because they are mature open-source projects that provide a robust and reliable operating system with privacy-friendly features. Contact us if you have questions about this article or the operating systems we covered.