Comparison of Android-based Operating Systems

This is a comparison of popular Android “ROMs” (better term: AOSP distributions or Android-based OS). Please note I’m not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.

DivestOS was originally included in this comparison but it was discontinued at the end of 2024.

Comparison of Android-based Operating Systems

Last updated: 2 August 2025

 GrapheneOSCalyxOSIodéOS/e/LineageOS“Stock” Android
 
Based onAOSPAOSPLineageOSLineageOSAOSPAOSP
Freedom      
Free and open source (FOSS)?YesYesYesYesYesNo
Deblobbed?Yes, significantlyYes, significantlyYes, minimalYes, minimalYes, minimalNo
Features      
Network controls for appsDirect and indirect accessDirect access onlyDirect access onlyDirect access onlyDirect access onlyNo
Network-based location (without GNSS)Opt-in with server choiceYes, using microG locationYes, using microG locationYes, using microG locationNoYes, using Play Services
System-wide connection/tracker blockingPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appiode-snort app, Private DNS, or VPNPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN app
E2E-encrypted phone backupsYes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes, but requires Google login
Notification forwarding from other user profilesYesNoNoNoNoNo
Duress PIN (to wipe device)Yes, see hereNoNoNoNoNo
Android Auto compatibleYes (sandboxed), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereNoYes (w/ privileged permissions)
Google Pay compatibleNoNoNoNoNoYes (w/ privileged permissions)
Call recordingYesOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereDepends on regions and manufacturer
Option to enable screenshots in all appsNoNoNoNoNoNo

Degoogling (connections to Google) COLOURS

      
eSIM activationGoogle eUICC w/o data sharingGoogle eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)
Provider for network-based locationNone default, GrapheneOS, Apple, or GooglemicroG locationmicroG locationmicroG locationn/aGoogle
SUPL (for Assisted GNSS)GrapheneOS default, Google or noneGoogle default, or noneGoogle default, or noneNone default, or GoogleGoogle default, or noneGoogle
PSDS/XTRA (“Standard” depends on GPS chipset)
GrapheneOS defaultStandard, or noneStandard (excl. Google) default, or noneStandard (excl. Google) default, or noneNone default, or StandardStandard default, or noneStandard
Connectivity check/captive portalGrapheneOS default, Google, or noneGoogle (can be changed)Kuketz.de (can be changed)Murena.io (related to /e/) (can be changed)Google (can be changed)Google (can be changed)
DNS connectivity checkGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DNS server fallbackCloudflareCloudflareQuad9Quad9GoogleGoogle
Network timeGrapheneOS default, or noneGoogle (can be changed) & carrierNTP.org (can be changed) & carrierNTP.org (can be changed) & carrierGoogle (can be changed) & carrierGoogle (can be changed) & carrier
Hardware attestation provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DRM (Widevine) provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
Google Play Services      
ImplementationGmsCompat (sandboxed Google Play)microGmicroGmicroGNone by default. It’s possible to install microG manually (LineageOS supports signature spoofing for microG since 2024). Alternatively, there are ROMs with microG preinstalled or one can add Google apps during the installation process, but this is not officially supported by LineageOS.Google Play Services
Optional?Yes (not preinstalled)Yes (preinstalled but opt-out)Yes (preinstalled but opt-out)Can be disabled via developer modeNo (preinstalled without opt-out)
Runs in standard app sandbox?YesNoNoNoNo
Can be limited to user or work profile?YesYes? (TBC)? (TBC)No
Signature spoofing needed/allowed?NoOnly for Google signatureOnly for Google signatureOnly for Google signatureNo
Push notifications via Google FCM?YesOptionalOptionalOptionalYes
Google Play Integrity?Passes Basic Integrity only, see herePasses Basic Integrity onlyNo but basic integrity expected soonNo but basic integrity expected soonYes
Option to mark apps as installed by Play Store?Yes if signature matchesDone if installed from Aurora StoreDone if installed from Aurora StoreNoNoNo
Privacy      
Storage scopesYes, see hereNoNoNoNoNo
Contact scopesYes, see hereNoNoNoNoNo
Per-app sensor controlsYes, see hereNoNoNoNoNo
Per-connection DHCP state flushingYesNoNoNoNoNo
MAC address randomizationPer connection, see herePer networkPer networkPer networkPer networkPer network
SUPL: IMSI or phone number sent?NoNoNoNoNoYes
Qualcomm XTRA: user agent sent?NoPartially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)for Qualcomm GPS chips
Closed cross-profile package leaks?YesNoNoNoNoNo
Closed device identifier leaks?Yes, see hereNoNoNoNoNo
Metadata stripping for screenshotsYes, see hereYes, see hereNoNoNoNo
EXIF metadata stripping for photosYes, see hereNoNoAvailable as optionNoNo
Location tagging for photosOpt-inOpt-in, see here for more infoOpt-inOpt-inOpt-inOpt-out
Tracking through Android Advertising ID?Not part of the systemRandomized IDRandomized IDRandomized IDNot part of the systemYes, but can be deleted in settings
Security      
Verified boot (if supported by device)?Yes, incl. system app updatesYes, but excl. system app updatesYes, but excl. system app updatesw/ test keys; excl. system app updatesNoYes, but excl. system app updates
Hardware-based security verificationYes, see hereNoNoNoNoSome devices, see here
System app downgrade protectionFor updates and boot, with fs-verityFor updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)
Secure application spawning?Yes (exec)NoNoNoNoNo
Hardware memory tagging?Yes, if supported by deviceNoNoNoNoNo
Android Runtime JIT compilation/profilingAOT compilation w/o profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profiling
Dynamic code loading prevention for appsSystem, opt-in for non-system appsNoneNoneNoneNoneNone
Secure TLS for SUPL?TLSv1.2TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0
Fallback DNS server with DNSSEC?YesYesNoYesYesYes
Secure connection to network time server?HTTPS via GrapheneOS serverNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based time
Can disable USB-C and pogo pins data?Default (while locked), see hereNoNoNoNoNo
Can disable USB-C charging?Opt-in (after boot), see hereNoNoNoNoNo
Can disable USB connections?Default (while locked), see hereDefault (while locked), software only? (TBC – like Lineage or stock?)? (TBC – like Lineage or stock?)Opt-in, software onlyDevice admin API
Can auto-disable WiFi if unused?YesYesNoNoNoNo
Can auto-disable Bluetooth if unused?YesYesNoNoNoNo
Can auto-disable NFC if unused?YesNoNoNoNoNo
Auto-reboot timer for locked devicesYesYes, with flaws (no proper BFU state)NoNoNoNo
2-factor fingerprint unlockYes (fingerprint + PIN), see hereNoNoNoNoNo
Hardened system componentsYes, hardened memory allocator, kernel, libc, webview (Vanadium), SELinux policy, and additional hardening. See hereNo (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)
Updates      
Security update speed (AOSP subset of ASB)
Usually same dayCurrently no updates2-4 weeks, sometimes longer1-2 months, sometimes longer1-2 weeks, sometimes longerDepends on phone vendor
Full patches on fully supported devicesSeveral daysCurrently no updatesSeveral to many monthsMany months to over a yearSeveral to many monthsDepends on phone vendor
Partial security updates (ASB) after EoL dateuntil 5 years from launchCurrently no updatesSeveral yearsSeveral yearsSeveral yearsBy definition: No
Number of Android versions supportedUsually 1 Android versionCurrently no updatesUsually 1 Android version2-3 Android versionsUsually 3 Android versionsUsually 3 Android versions
Webview update speed<2 daysCurrently no updates<2 weeksSeveral weeks/months<2 weeksDepends on phone vendor
Supported devicesHardware requirementsHardware requirements    
Asus*NoNoNoOlder devices onlyOlder devices onlyYes (ZenUI)
FairphoneNoCurrently not availableYesYesYesYes
GoogleYesCurrently not availableYesYesYesYes
MotorolaNoCurrently not availableYesYesYesYes
OneplusNoNoYesOlder devices onlyYesYes (OxygenOS)
Samsung*NoNoOlder devices onlyOlder devices onlyOlder devices onlyYes (OneUI)
SonyNoNoYesOlder devices onlyYesYes
XiaomiNoNoOlder devices onlyOlder devices onlyYesYes (HyperOS)
* these manufacturers don’t support bootloader unlocking anymore for all or most of their new devices. “Older devices only” = no devices released since 2023.      

Appendix 1: using different profiles in Android

It is possible to use different profiles to separate apps, files and other data from each other. From least to most separate from the main user profile, the options are: work profile, private space (since Android 15), and secondary users. Below is a comparison how they differ:

 Work profile (with Shelter)Private spaceSecondary user profiles
Privacy & data access
File accessSeparate
Contact accessSeparate
Calendar storageSeparate
ClipboardShared with main profileShared with main profile (GrapheneOS: sharing can be disabled)Separate
VPN connectionsSeparate
Saved WiFi & Bluetooth connectionsShared with main profile
Private DNS (in settings)Shared with main profile
System settingsMostly shared with main profileCompletely separate
Call and SMS historyCannot access calls & SMSOptional access (“turn on phone calls & SMS”)
Communication with other appsLimited to other apps in same profile
See which other apps are installedLimited to other apps in same profile
Convenience
Profile can run in background?Yes
Profile can auto-start after reboot?YesNo (need to unlock profile first)
Clone apps from/to main profileYes, both ways (via Shelter)GrapheneOS only, from main to privateGrapheneOS only, from main to secondary
Can use biometrics in apps?YesOnly if separate biometrics are set up for this profile
Integration with main profile
Quick switch between apps from different profiles?Yes, apps appear in main profile’s recent app listNo, need to switch active user
Integration in file manager as storage locationYes (via Shelter)No
Share files across profiles via “Share” menuYesNo
Can add app shortcut to (main profile’s) home screen?YesNo
Can add widgets to (main profile’s) home screen?No
Can show app notifications in main profile?Yes; same as notifications from apps running in main profileif using device screen lock for private space: Yes;
if using separate PIN/biometrics for private space: Yes, but no notification content is shown, just app name		GrapheneOS only & optional for each profile; no notification content is shown, just app name
Protection & security
PIN & biometricsCan use same as main profile or set up a separate authenticationNeeds to be set up separately but can also use none (“skip”)
Need to enter PIN/fingerprint to unlock profile?Only if separate work profile PIN was set upYes (can be after rebooting or after turning screen off)Optional (only if a PIN was set up for the profile)
After unlocking profile, need to enter PIN/fingerprint to start apps?Noif using device screen lock for private space: No;
if using separate PIN/biometrics for private space: Yes, after the screen was turned off.		No
Profile session can be shut down or paused?Yes

Appendix 2: Which other alternative mobile operating systems are there?

Besides Android and Android-based free & open source operating systems (see the table above), the only viable alternative for most people is Apple’s iOS. There have been many attempts to establish a third mobile OS, but so far none of them have been successful: The below is a non-comprehensive list of mobile operating systems, both those you can try today and those that tried and failed in the past:

  • iOS
  • Android, both preinstalled proprietary distributions like Samsung’s OneUI or Xiaomi’s HyperOS, and open source forks of AOSP, such as GrapheneOS FOSS or LineageOS FOSS
  • Windows Mobile/Phone († 2020)
  • BlackBerry OS († 2018)
  • Symbian († 2012)
  • Mobile Linux distributions which can run generic (desktop) Linux applications, such as postmarketOS FOSS and PureOS FOSS or mobile spins of desktop Linux distros such as Fedora, OpenSUSE, OpenMandriva, Debian (Mobian), Manjaro etc. FOSS (see here for a good list)
  • Other mobile OS using the Linux kernel but unable to run generic (desktop) Linux apps so they need apps specifically developed for them (Android technically also fits in this category):
    • SailfishOS
    • Ubuntu Touch FOSS
    • KaiOS
    • FirefoxOS († 2015) FOSS
    • Tizen († 2017 – for smartphones at least, it’s still used in Smart TVs)
    • Meego († 2012) FOSS
    • Maemo († 2011)
    • webOS († 2011 – for smartphones at least, it’s still used in Smart TVs)
Source: https://eylenburg.github.io/android_comparison.htm