Comparison of Android-based Operating Systems

This is a comparison of popular Android “ROMs” (better term: AOSP distributions or Android-based OS). Please note I’m not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.

DivestOS was originally included in this comparison but it was discontinued at the end of 2024.

Comparison of Android-based Operating Systems

Last updated: 2 August 2025

 GrapheneOSCalyxOSIodéOS/e/LineageOS“Stock” Android
 
Based onAOSPAOSPLineageOSLineageOSAOSPAOSP
Freedom      
Free and open source (FOSS)?JaJaJaJaJaGeen
Deblobbed?Yes, significantlyYes, significantlyYes, minimalYes, minimalYes, minimalGeen
Kenmerken      
Network controls for appsDirect and indirect accessDirect access onlyDirect access onlyDirect access onlyDirect access onlyGeen
Network-based location (without GNSS)Opt-in with server choiceYes, using microG locationYes, using microG locationYes, using microG locationGeenYes, using Play Services
System-wide connection/tracker blockingPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appiode-snort app, Private DNS, or VPNPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN appPrivate DNS setting, or via VPN app
E2E-encrypted phone backupsYes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes (Seedvault)Yes, but requires Google login
Notification forwarding from other user profilesJaGeenGeenGeenGeenGeen
Duress PIN (to wipe device)Yes, see hereGeenGeenGeenGeenGeen
Android Auto compatibleYes (sandboxed), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereYes (w/ privileged permissions), see hereGeenYes (w/ privileged permissions)
Google Pay compatibleGeenGeenGeenGeenGeenYes (w/ privileged permissions)
Call recordingJaOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereOnly in selected regions, see hereDepends on regions and manufacturer
Option to enable screenshots in all appsGeenGeenGeenGeenGeenGeen

Degoogling (connections to Google) COLOURS

      
eSIM activationGoogle eUICC w/o data sharingGoogle eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)Google eUICC (preinstalled)
Provider for network-based locationNone default, GrapheneOS, Apple, or GooglemicroG locationmicroG locationmicroG locationn/aGoogle
SUPL (for Assisted GNSS)GrapheneOS default, Google or noneGoogle default, or noneGoogle default, or noneNone default, or GoogleGoogle default, or noneGoogle
PSDS/XTRA (“Standard” depends on GPS chipset)
GrapheneOS defaultStandard, or noneStandard (excl. Google) default, or noneStandard (excl. Google) default, or noneNone default, or StandardStandard default, or noneStandard
Connectivity check/captive portalGrapheneOS default, Google, or noneGoogle (can be changed)Kuketz.de (can be changed)Murena.io (related to /e/) (can be changed)Google (can be changed)Google (can be changed)
DNS connectivity checkGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DNS server fallbackCloudflareCloudflareQuad9Quad9GoogleGoogle
Network timeGrapheneOS default, or noneGoogle (can be changed) & carrierNTP.org (can be changed) & carrierNTP.org (can be changed) & carrierGoogle (can be changed) & carrierGoogle (can be changed) & carrier
Hardware attestation provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
DRM (Widevine) provisioningGrapheneOS default, or GoogleGoogleGoogleGoogleGoogleGoogle
Google Play Services      
ImplementationGmsCompat (sandboxed Google Play)microGmicroGmicroGNone by default. It’s possible to install microG manually (LineageOS supports signature spoofing for microG since 2024). Alternatively, there are ROMs with microG preinstalled or one can add Google apps during the installation process, but this is not officially supported by LineageOS.Google Play Services
Optional?Yes (not preinstalled)Yes (preinstalled but opt-out)Yes (preinstalled but opt-out)Can be disabled via developer modeNo (preinstalled without opt-out)
Runs in standard app sandbox?JaGeenGeenGeenGeen
Can be limited to user or work profile?JaJa? (TBC)? (TBC)Geen
Signature spoofing needed/allowed?GeenOnly for Google signatureOnly for Google signatureOnly for Google signatureGeen
Push notifications via Google FCM?JaOptionalOptionalOptionalJa
Google Play Integrity?Passes Basic Integrity only, see herePasses Basic Integrity onlyNo but basic integrity expected soonNo but basic integrity expected soonJa
Option to mark apps as installed by Play Store?Yes if signature matchesDone if installed from Aurora StoreDone if installed from Aurora StoreGeenGeenGeen
Privacy      
Storage scopesYes, see hereGeenGeenGeenGeenGeen
Contact scopesYes, see hereGeenGeenGeenGeenGeen
Per-app sensor controlsYes, see hereGeenGeenGeenGeenGeen
Per-connection DHCP state flushingJaGeenGeenGeenGeenGeen
MAC address randomizationPer connection, see herePer networkPer networkPer networkPer networkPer network
SUPL: IMSI or phone number sent?GeenGeenGeenGeenGeenJa
Qualcomm XTRA: user agent sent?GeenPartially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)Partially (for Qualcomm chips)for Qualcomm GPS chips
Closed cross-profile package leaks?JaGeenGeenGeenGeenGeen
Closed device identifier leaks?Yes, see hereGeenGeenGeenGeenGeen
Metadata stripping for screenshotsYes, see hereYes, see hereGeenGeenGeenGeen
EXIF metadata stripping for photosYes, see hereGeenGeenAvailable as optionGeenGeen
Location tagging for photosOpt-inOpt-in, see here for more infoOpt-inOpt-inOpt-inOpt-out
Tracking through Android Advertising ID?Not part of the systemRandomized IDRandomized IDRandomized IDNot part of the systemYes, but can be deleted in settings
Security      
Verified boot (if supported by device)?Yes, incl. system app updatesYes, but excl. system app updatesYes, but excl. system app updatesw/ test keys; excl. system app updatesGeenYes, but excl. system app updates
Hardware-based security verificationYes, see hereGeenGeenGeenGeenSome devices, see here
System app downgrade protectionFor updates and boot, with fs-verityFor updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)For updates (incomplete)
Secure application spawning?Yes (exec)GeenGeenGeenGeenGeen
Hardware memory tagging?Yes, if supported by deviceGeenGeenGeenGeenGeen
Android Runtime JIT compilation/profilingAOT compilation w/o profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profilingInterpreter/JIT with profiling
Dynamic code loading prevention for appsSystem, opt-in for non-system appsNoneNoneNoneNoneNone
Secure TLS for SUPL?TLSv1.2TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0TLSv1.1 or TLSv1.0
Fallback DNS server with DNSSEC?JaJaGeenJaJaJa
Secure connection to network time server?HTTPS via GrapheneOS serverNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based timeNTP w/o NTS and carrier-based time
Can disable USB-C and pogo pins data?Default (while locked), see hereGeenGeenGeenGeenGeen
Can disable USB-C charging?Opt-in (after boot), see hereGeenGeenGeenGeenGeen
Can disable USB connections?Default (while locked), see hereDefault (while locked), software only? (TBC – like Lineage or stock?)? (TBC – like Lineage or stock?)Opt-in, software onlyDevice admin API
Can auto-disable WiFi if unused?JaJaGeenGeenGeenGeen
Can auto-disable Bluetooth if unused?JaJaGeenGeenGeenGeen
Can auto-disable NFC if unused?JaGeenGeenGeenGeenGeen
Auto-reboot timer for locked devicesJaYes, with flaws (no proper BFU state)GeenGeenGeenGeen
2-factor fingerprint unlockYes (fingerprint + PIN), see hereGeenGeenGeenGeenGeen
Hardened system componentsYes, hardened memory allocator, kernel, libc, webview (Vanadium), SELinux policy, and additional hardening. See hereNo (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)No (same as AOSP)
Updates      
Security update speed (AOSP subset of ASB)
Usually same dayCurrently no updates2-4 weeks, sometimes longer1-2 months, sometimes longer1-2 weeks, sometimes longerDepends on phone vendor
Full patches on fully supported devicesSeveral daysCurrently no updatesSeveral to many monthsMany months to over a yearSeveral to many monthsDepends on phone vendor
Partial security updates (ASB) after EoL dateuntil 5 years from launchCurrently no updatesSeveral yearsSeveral yearsSeveral yearsBy definition: No
Number of Android versions supportedUsually 1 Android versionCurrently no updatesUsually 1 Android version2-3 Android versionsUsually 3 Android versionsUsually 3 Android versions
Webview update speed<2 daysCurrently no updates<2 weeksSeveral weeks/months<2 weeksDepends on phone vendor
Supported devicesHardware requirementsHardware requirements    
Asus*GeenGeenGeenOlder devices onlyOlder devices onlyYes (ZenUI)
FairphoneGeenCurrently not availableJaJaJaJa
GoogleJaCurrently not availableJaJaJaJa
MotorolaGeenCurrently not availableJaJaJaJa
OneplusGeenGeenJaOlder devices onlyJaYes (OxygenOS)
Samsung*GeenGeenOlder devices onlyOlder devices onlyOlder devices onlyYes (OneUI)
SonyGeenGeenJaOlder devices onlyJaJa
XiaomiGeenGeenOlder devices onlyOlder devices onlyJaYes (HyperOS)
* these manufacturers don’t support bootloader unlocking anymore for all or most of their new devices. “Older devices only” = no devices released since 2023.      

Appendix 1: using different profiles in Android

It is possible to use different profiles to separate apps, files and other data from each other. From least to most separate from the main user profile, the options are: work profile, private space (since Android 15), and secondary users. Below is a comparison how they differ:

 Work profile (with Shelter)Private spaceSecondary user profiles
Privacy & data access
File accessSeparate
Contact accessSeparate
Calendar storageSeparate
ClipboardShared with main profileShared with main profile (GrapheneOS: sharing can be disabled)Separate
VPN connectionsSeparate
Saved WiFi & Bluetooth connectionsShared with main profile
Private DNS (in settings)Shared with main profile
System settingsMostly shared with main profileCompletely separate
Call and SMS historyCannot access calls & SMSOptional access (“turn on phone calls & SMS”)
Communication with other appsLimited to other apps in same profile
See which other apps are installedLimited to other apps in same profile
Convenience
Profile can run in background?Ja
Profile can auto-start after reboot?JaNo (need to unlock profile first)
Clone apps from/to main profileYes, both ways (via Shelter)GrapheneOS only, from main to privateGrapheneOS only, from main to secondary
Can use biometrics in apps?JaOnly if separate biometrics are set up for this profile
Integration with main profile
Quick switch between apps from different profiles?Yes, apps appear in main profile’s recent app listNo, need to switch active user
Integration in file manager as storage locationYes (via Shelter)Geen
Share files across profiles via “Share” menuJaGeen
Can add app shortcut to (main profile’s) home screen?JaGeen
Can add widgets to (main profile’s) home screen?Geen
Can show app notifications in main profile?Yes; same as notifications from apps running in main profileif using device screen lock for private space: Yes;
if using separate PIN/biometrics for private space: Yes, but no notification content is shown, just app name		GrapheneOS only & optional for each profile; no notification content is shown, just app name
Protection & security
PIN & biometricsCan use same as main profile or set up a separate authenticationNeeds to be set up separately but can also use none (“skip”)
Need to enter PIN/fingerprint to unlock profile?Only if separate work profile PIN was set upYes (can be after rebooting or after turning screen off)Optional (only if a PIN was set up for the profile)
After unlocking profile, need to enter PIN/fingerprint to start apps?Geenif using device screen lock for private space: No;
if using separate PIN/biometrics for private space: Yes, after the screen was turned off.		Geen
Profile session can be shut down or paused?Ja

Appendix 2: Which other alternative mobile operating systems are there?

Besides Android and Android-based free & open source operating systems (see the table above), the only viable alternative for most people is Apple’s iOS. There have been many attempts to establish a third mobile OS, but so far none of them have been successful: The below is a non-comprehensive list of mobile operating systems, both those you can try today and those that tried and failed in the past:

  • iOS
  • Android, both preinstalled proprietary distributions like Samsung’s OneUI or Xiaomi’s HyperOS, and open source forks of AOSP, such as GrapheneOS FOSS or LineageOS FOSS
  • Windows Mobile/Phone († 2020)
  • BlackBerry OS († 2018)
  • Symbian († 2012)
  • Mobile Linux distributions which can run generic (desktop) Linux applications, such as postmarketOS FOSS en PureOS FOSS or mobile spins of desktop Linux distros such as Fedora, OpenSUSE, OpenMandriva, Debian (Mobian), Manjaro etc. FOSS (see here for a good list)
  • Other mobile OS using the Linux kernel but unable to run generic (desktop) Linux apps so they need apps specifically developed for them (Android technically also fits in this category):
    • SailfishOS
    • Ubuntu Touch FOSS
    • KaiOS
    • FirefoxOS († 2015) FOSS
    • Tizen († 2017 – for smartphones at least, it’s still used in Smart TVs)
    • Meego († 2012) FOSS
    • Maemo († 2011)
    • webOS († 2011 – for smartphones at least, it’s still used in Smart TVs)
Source: https://eylenburg.github.io/android_comparison.htm