Privacy OS Review by Mike Kuketz

Graphene Still In Position One

GrapheneOS / CalyxOS / IodeOS / LineageOS / DivestOS / eOS

Is Graphene Really The Most Secure Privacy OS?

German Security Researcher and Pentester [System Security Penetration Testing] Mike Kuketz, has released a report reviewing major custom secure privacy operating systems for mobile phones, where he compared them in terms of security, privacy and user-friendliness. He tested and reviewed Calyx OS, Iode OS, Lineage OS, Divest OS, eOS, and of course Graphene OS. I have included a summary below, or you can find his full reports online. Happy reading — David

Mike Kuketz "Graphene OS sets standards in terms of security and data protection that are unmatched by any other Mobile OS. There is no doubt that Graphene OS is currently the most secure and privacy-friendly custom OS for mobile phones."

We also DeGoogle Pixel Phones with Graphene OS and express post Australia Wide and to NZ UK EU CA.

View DeGoogled Phones

Graphene OS

GrapheneOS sets standards in terms of security and data protection that are unmatched by any other Mobile OS. Nevertheless, the system is not designed exclusively for security and data protection freaks. It offers an alternative for anyone who wants to have more control over their data and free themselves from dependence on Google. If some apps still rely on Google Play Services, they can simply be installed together with the Sandboxed Play Services in the work profile. This may not be the optimal solution, but it is at least a significant difference from conventional Android systems, where users are constantly monitored. There is no doubt that GrapheneOS is currently the most secure and privacy-friendly custom OS or Android system.

Calyx OS

Overall, CalyxOS is certainly not a bad custom OS, but offers a harmonious overall package with which users who want to [significantly] reduce their dependence on Google should get off to a good start. However, one should also take the disadvantages into account: the delayed provision of [security] updates and an external image that does not quite match what the present analysis revealed.

Iode OS

Overall, iodéOS leaves a relatively privacy-friendly overall impression. However, you should also take the disadvantages into account: Delayed delivery of [security] updates, Older devices do not receive full security updates from proprietary components such as bootloaders or firmware, iodéOS does not support Verified Boot on every device. iodéOS could be improved in particular by providing [security] updates more quickly. Overall, however, some restrictions regarding security must be accepted. Ultimately, iodéOS is primarily aimed at privacy-sensitive users who want to continue using their [older] devices which leaves them exposed to some degree.

Lineage OS

Yes, LineageOS supports many devices. Yes, with LineageOS you can continue to operate older devices in particular. But: If you actually want to do without Google or want to receive security updates for your device promptly, you should look for another custom OS. LineageOS itself is not making any special efforts to break away from Google. The absence of Google Apps or Google Play services does not automatically mean that a custom ROM is Google-free. This requires further steps, which LineageOS cannot do. Ultimately, LineageOS is primarily aimed at users who want to continue using their older devices as they may no longer be provided with the latest Android versions and security updates by the manufacturer.

Divest OS

Overall, DivestOS leaves an extremely privacy-friendly impression. And DivestOS also scores points when it comes to security - although it must be mentioned that not every device supported by DivestOS is anymore provided with manufacturer updates for the proprietary components. However, if you use a current device like a Google Pixel 7a, you are on the safe side with DivestOS for the coming years. Probably only with GrapheneOS will you find greater efforts in terms of security. Ultimately, DivestOS is not only aimed at users who want to continue using their older devices, it is also aimed at those who value privacy and security [assuming they have a recent device]. Overall, DivestOS sets the bar pretty high.

eOS

When it comes to data protection, eOS performs quite well. However, when it comes to security, you have to turn a blind eye and hope that everything goes well. Not only is the delayed delivery of security updates [6 weeks or more] worth mentioning, but above all the slow updating of the WebView components. If no updates are provided here for over 6 months, one can speak of a significant security risk. Summarized: [Severely] delayed delivery of [security] updates and the WebView components. Older devices do not receive full security updates from proprietary components such as bootloaders or firmware. No Verified Boot support except for very few devices. eOS is primarily aimed at privacy-conscious users who want to continue using their older devices as they may no longer be provided with the latest Android versions and security updates by the manufacturer. However, you should be aware that security gaps also undermine data protection if exploited by an attacker. Focusing solely on data protection is therefore no guarantee that this is actually guaranteed. There is still a lot of catching up to do with eOS.

— Mike Kuketz