Comparison of Android-based Operating Systems

This is a comparison of popular Android “ROMs” (better term: AOSP distributions or Android-based OS). Please note I’m not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.

DivestOS was originally included in this comparison but it was discontinued at the end of 2024.

Comparison of Android-based Operating Systems

Last updated: 2 August 2025

 GrapheneOSCalyxOSIodéOS/e/LineageOS“Stock” Android
 
Based onAOSPAOSPLineageOSLineageOSAOSPAOSP
Freedom      
Free and open source (FOSS)?JaJaJaJaJaNein
Deblobbed?Yes, significantlyYes, significantlyYes, minimalYes, minimalYes, minimalNein
Eigenschaften      
Network controls for appsDirect and indirect accessDirect access onlyDirect access onlyDirect access onlyDirect access onlyNein
Network-based location (without GNSS)Opt-in with server choiceYes, using microG locationYes, using microG locationYes, using microG locationNeinYes, using Play Services
System-wide connection/tracker blockingPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appiode-snort app, Private DNS, or VPNPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN app
E2E-encrypted phone backupsYes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes, but requires Google login
Notification forwarding from other user profilesJaNeinNeinNeinNeinNein
Duress PIN (to wipe device)Yes, see hereNeinNeinNeinNeinNein
Android Auto compatibleYes (sandboxed), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereNeinYes (w/ privileged permissions)
Google Pay compatibleNeinNeinNeinNeinNeinYes (w/ privileged permissions)
Call recordingJaOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereDepends on regions and manufacturer
Option to enable screenshots in all appsNeinNeinNeinNeinNeinNein

Degoogling (connections to Google) COLOURS

      
eSIM activationGoogle eUICC w/o data sharingGoogle eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)
Provider for network-based locationNone default, GrapheneOS, Apple, or GooglemicroG locationmicroG locationmicroG locationn/aGoogle
SUPL (for Assisted GNSS)GrapheneOS default, Google or noneGoogle default, or noneGoogle default, or noneNone default, or GoogleGoogle default, or noneGoogle
PSDS/XTRA (“Standard” depends on GPS chipset)
GrapheneOS defaultStandard, or noneStandard (excl. Google) default, or noneStandard (excl. Google) default, or noneNone default, or StandardStandard default, or noneStandard
Connectivity check/captive portalGrapheneOS default, Google, or noneGoogle (can be changed)Kuketz.de (can be changed)Murena.io (related to /e/) (can be changed)Google (can be changed)Google (can be changed)
DNS connectivity checkGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DNS server fallbackCloudflareCloudflareQuad9Quad9GoogleGoogle
Network timeGrapheneOS default, or noneGoogle (can be changed) & carrierNTP.org (can be changed) & carrierNTP.org (can be changed) & carrierGoogle (can be changed) & carrierGoogle (can be changed) & carrier
Hardware attestation provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DRM (Widevine) provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
Google Play Services      
ImplementationGmsCompat (sandboxed Google Play)microGmicroGmicroGNone by default. It’s possible to install microG manually (LineageOS supports signature spoofing for microG since 2024). Alternatively, there are ROMs with microG preinstalled or one can add Google apps during the installation process, but this is not officially supported by LineageOS.Google Play Services
Optional?Yes (not preinstalled)Yes (preinstalled but opt-out)Yes (preinstalled but opt-out)Can be disabled via developer modeNo (preinstalled without opt-out)
Runs in standard app sandbox?JaNeinNeinNeinNein
Can be limited to user or work profile?JaJa? (TBC)? (TBC)Nein
Signature spoofing needed/allowed?NeinOnly for Google signatureOnly for Google signatureOnly for Google signatureNein
Push notifications via Google FCM?JaOptionalOptionalOptionalJa
Google Play Integrity?Passes Basic Integrity only, see herePasses Basic Integrity onlyNo but basic integrity expected soonNo but basic integrity expected soonJa
Option to mark apps as installed by Play Store?Yes if signature matchesDone if installed from Aurora StoreDone if installed from Aurora StoreNeinNeinNein
Datenschutz      
Storage scopesYes, see hereNeinNeinNeinNeinNein
Contact scopesYes, see hereNeinNeinNeinNeinNein
Per-app sensor controlsYes, see hereNeinNeinNeinNeinNein
Per-connection DHCP state flushingJaNeinNeinNeinNeinNein
MAC address randomizationPer connection, see herePer networkPer networkPer networkPer networkPer network
SUPL: IMSI or phone number sent?NeinNeinNeinNeinNeinJa
Qualcomm XTRA: user agent sent?NeinPartially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)for Qualcomm GPS chips
Closed cross-profile package leaks?JaNeinNeinNeinNeinNein
Closed device identifier leaks?Yes, see hereNeinNeinNeinNeinNein
Metadata stripping for screenshotsYes, see hereYes, see hereNeinNeinNeinNein
EXIF metadata stripping for photosYes, see hereNeinNeinAvailable as optionNeinNein
Location tagging for photosOpt-inOpt-in, see here for more infoOpt-inOpt-inOpt-inOpt-out
Tracking through Android Advertising ID?Not part of the systemRandomized IDRandomized IDRandomized IDNot part of the systemYes, but can be deleted in settings
Security      
Verified boot (if supported by device)?Yes, incl. system app updatesYes, but excl. system app updatesYes, but excl. system app updatesw/ test keys; excl. system app updatesNeinYes, but excl. system app updates
Hardware-based security verificationYes, see hereNeinNeinNeinNeinSome devices, see here
System app downgrade protectionFor updates and boot, with fs-verityFor updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)
Secure application spawning?Yes (exec)NeinNeinNeinNeinNein
Hardware memory tagging?Yes, if supported by deviceNeinNeinNeinNeinNein
Android Runtime JIT compilation/profilingAOT compilation w/o profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profiling
Dynamic code loading prevention for appsSystem, opt-in for non-system appsNoneNoneNoneNoneNone
Secure TLS for SUPL?TLSv1.2TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0
Fallback DNS server with DNSSEC?JaJaNeinJaJaJa
Secure connection to network time server?HTTPS via GrapheneOS serverNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based time
Can disable USB-C and pogo pins data?Default (while locked), see hereNeinNeinNeinNeinNein
Can disable USB-C charging?Opt-in (after boot), see hereNeinNeinNeinNeinNein
Can disable USB connections?Default (while locked), see hereDefault (while locked), software only? (TBC – like Lineage or stock?)? (TBC – like Lineage or stock?)Opt-in, software onlyDevice admin API
Can auto-disable WiFi if unused?JaJaNeinNeinNeinNein
Can auto-disable Bluetooth if unused?JaJaNeinNeinNeinNein
Can auto-disable NFC if unused?JaNeinNeinNeinNeinNein
Auto-reboot timer for locked devicesJaYes, with flaws (no proper BFU state)NeinNeinNeinNein
2-factor fingerprint unlockYes (fingerprint + PIN), see hereNeinNeinNeinNeinNein
Hardened system componentsYes, hardened memory allocator, kernel, libc, webview (Vanadium), SELinux policy, and additional hardening. See hereNo (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)
Updates      
Security update speed (AOSP subset of ASB)
Usually same dayCurrently no updates2-4 weeks, sometimes longer1-2 months, sometimes longer1-2 weeks, sometimes longerDepends on phone vendor
Full patches on fully supported devicesSeveral daysCurrently no updatesSeveral to many monthsMany months to over a yearSeveral to many monthsDepends on phone vendor
Partial security updates (ASB) after EoL dateuntil 5 years from launchCurrently no updatesSeveral yearsSeveral yearsSeveral yearsBy definition: No
Number of Android versions supportedUsually 1 Android versionCurrently no updatesUsually 1 Android version2-3 Android versionsUsually 3 Android versionsUsually 3 Android versions
Webview update speed<2 daysCurrently no updates<2 weeksSeveral weeks/months<2 weeksDepends on phone vendor
Supported devicesHardware requirementsHardware requirements    
Asus*NeinNeinNeinOlder devices onlyOlder devices onlyYes (ZenUI)
FairphoneNeinCurrently not availableJaJaJaJa
GoogleJaCurrently not availableJaJaJaJa
MotorolaNeinCurrently not availableJaJaJaJa
OneplusNeinNeinJaOlder devices onlyJaYes (OxygenOS)
Samsung*NeinNeinOlder devices onlyOlder devices onlyOlder devices onlyYes (OneUI)
SonyNeinNeinJaOlder devices onlyJaJa
XiaomiNeinNeinOlder devices onlyOlder devices onlyJaYes (HyperOS)
* these manufacturers don’t support bootloader unlocking anymore for all or most of their new devices. “Older devices only” = no devices released since 2023.      

Appendix 1: using different profiles in Android

It is possible to use different profiles to separate apps, files and other data from each other. From least to most separate from the main user profile, the options are: work profile, private space (since Android 15), and secondary users. Below is a comparison how they differ:

 Work profile (with Shelter)Private spaceSecondary user profiles
Privacy & data access
File accessSeparate
Contact accessSeparate
Calendar storageSeparate
ClipboardShared with main profileShared with main profile (GrapheneOS: sharing can be disabled)Separate
VPN connectionsSeparate
Saved WiFi & Bluetooth connectionsShared with main profile
Private DNS (in settings)Shared with main profile
System settingsMostly shared with main profileCompletely separate
Call and SMS historyCannot access calls & SMSOptional access (“turn on phone calls & SMS”)
Communication with other appsLimited to other apps in same profile
See which other apps are installedLimited to other apps in same profile
Convenience
Profile can run in background?Ja
Profile can auto-start after reboot?JaNo (need to unlock profile first)
Clone apps from/to main profileYes, both ways (via Shelter)GrapheneOS only, from main to privateGrapheneOS only, from main to secondary
Can use biometrics in apps?JaOnly if separate biometrics are set up for this profile
Integration with main profile
Quick switch between apps from different profiles?Yes, apps appear in main profile’s recent app listNo, need to switch active user
Integration in file manager as storage locationYes (via Shelter)Nein
Share files across profiles via “Share” menuJaNein
Can add app shortcut to (main profile’s) home screen?JaNein
Can add widgets to (main profile’s) home screen?Nein
Can show app notifications in main profile?Yes; same as notifications from apps running in main profileif using device screen lock for private space: Yes;
if using separate PIN/biometrics for private space: Yes, but no notification content is shown, just app name		GrapheneOS only & optional for each profile; no notification content is shown, just app name
Protection & security
PIN & biometricsCan use same as main profile or set up a separate authenticationNeeds to be set up separately but can also use none (“skip”)
Need to enter PIN/fingerprint to unlock profile?Only if separate work profile PIN was set upYes (can be after rebooting or after turning screen off)Optional (only if a PIN was set up for the profile)
After unlocking profile, need to enter PIN/fingerprint to start apps?Neinif using device screen lock for private space: No;
if using separate PIN/biometrics for private space: Yes, after the screen was turned off.		Nein
Profile session can be shut down or paused?Ja

Appendix 2: Which other alternative mobile operating systems are there?

Besides Android and Android-based free & open source operating systems (see the table above), the only viable alternative for most people is Apple’s iOS. There have been many attempts to establish a third mobile OS, but so far none of them have been successful: The below is a non-comprehensive list of mobile operating systems, both those you can try today and those that tried and failed in the past:

  • iOS
  • Android, both preinstalled proprietary distributions like Samsung’s OneUI or Xiaomi’s HyperOS, and open source forks of AOSP, such as GrapheneOS FOSS or LineageOS FOSS
  • Windows Mobile/Phone († 2020)
  • BlackBerry OS († 2018)
  • Symbian († 2012)
  • Mobile Linux distributions which can run generic (desktop) Linux applications, such as postmarketOS FOSS und PureOS FOSS or mobile spins of desktop Linux distros such as Fedora, OpenSUSE, OpenMandriva, Debian (Mobian), Manjaro etc. FOSS (see here for a good list)
  • Other mobile OS using the Linux kernel but unable to run generic (desktop) Linux apps so they need apps specifically developed for them (Android technically also fits in this category):
    • SailfishOS
    • Ubuntu Touch FOSS
    • KaiOS
    • FirefoxOS († 2015) FOSS
    • Tizen († 2017 – for smartphones at least, it’s still used in Smart TVs)
    • Meego († 2012) FOSS
    • Maemo († 2011)
    • webOS († 2011 – for smartphones at least, it’s still used in Smart TVs)
Source: https://eylenburg.github.io/android_comparison.htm