android_comparison.htm

<!DOCTYPE html>
<html lang="en">
<head>
<title>Comparison of Android-based Operating Systems</title>
<meta name="darkreader-lock">
<meta name="description" content="Comparison of Android-based Operating Systems">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="keywords" content="technology, operating systems, Linux distributions, Android ROMs, desktop environments, web browsers, instant messengers, cloud services, privacy, digital freedom, payments, cryptocurrencies, productivity software">
<meta name="author" content="Alphonse Eylenburg">
<link rel="stylesheet" href="style.css">
<style>
:root {
--legendwidth: 280px;
--distrowidth: 268px;
}

table.comparison {
width: calc(var(--legendwidth) + 6 * var(--distrowidth));
}

table.comparison tr td:nth-child(2) {
border-left: 1px dotted lightgrey;
}

table.appendix {
text-align: center;
table-layout: fixed;
width: 100%;
font-size: small;
}

table.appendix td {
border: 1px solid #ddd;
overflow-wrap: break-word;
width: 25%;
border-color: #444;
}

table.appendix td:first-child {
text-align: left;
}

table.appendix thead {
position: sticky;
position: -webkit-sticky;
top: 0px;
z-index: 10;
font-size: small;
}

.foss {
color: white;
border: 1px solid green;
border-radius: 3px;
background: green;
font-size: x-small;
}

img.logo {
max-width: 150px;
max-height: 75px;
}

@media (prefers-color-scheme: dark) {
    #grapheneos-logo {
    filter: invert(88%);
    }
}

sup {
font-size: x-small;
}

</style>

<body>


<script src="top.js"></script>
<header>
<p><a href="index.html">&larr; Sitemap</a></p>
</header>



<h1>Comparison of Android-based Operating Systems</h1>

<p>This is a comparison of popular Android "ROMs" (better term: AOSP distributions or Android-based OS). Please note I'm not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.</p>

<p>DivestOS was originally included in this comparison but it was discontinued at the end of 2024. <a href="old/android_comparison_2024old.htm"><strong>For an older version of this comparison which includes DivestOS, please see here.</a></strong></p>

  
<h2 class="center">Comparison of Android-based Operating Systems</h2>
<p class="center">Source: eylenburg.github.io</p>
<p class="center" style="color: red; font-size: small;">Last updated: 20 March 2026</p>
<p style="font-size: 75%; font-style: italic;"> This table is best viewed on a monitor with 1920px width (Full HD) with 100% display scaling.</p>

<table class="comparison">

<colgroup>
<col style="text-align: left; white-space: nowrap; padding-right: 5px; width: var(--legendwidth);"> <!-- legend -->
<col style="border-left: double; width: var(--distrowidth);">
<col style="border-left: 1px solid lightgrey; width: var(--distrowidth);">
<col style="border-left: 1px solid lightgrey; width: var(--distrowidth);">
<col style="border-left: 1px solid lightgrey; width: var(--distrowidth);">
<col style="border-left: 1px solid lightgrey; width: var(--distrowidth);">
<col style="border-left: 1px solid lightgrey; width: var(--distrowidth);">


<thead>
<tr>
<td class="legend"></td>
<td>GrapheneOS</td>
<td>CalyxOS</td>
<td>IodéOS</td>
<td>/e/</td>
<td>LineageOS</td>
<td>"Stock" Android</td>
</tr>
</thead>

<tbody>

<tr>
<td class="legend"></td>
<td><img class="logo" id="grapheneos-logo" src="pics/logos/android/grapheneos.svg" /></td>
<td style="vertical-align: middle;"><img class="logo" src="pics/logos/android/calyxos.jpg" /></td>
<td style="vertical-align: middle;"><img class="logo" src="pics/logos/android/iodeos.png" /></td>
<td><img class="logo" src="pics/logos/android/eos.png" /></td>
<td style="vertical-align: middle;"><img class="logo" src="pics/logos/android/lineageos.png" /></td>
<td style="vertical-align: middle;"><img class="logo" src="pics/logos/android/android.svg" /></td>
</tr>

<tr>
<td class="legend">Based on</td>
<td>AOSP</td>
<td>AOSP</td>
<td>LineageOS</td>
<td>LineageOS</td>
<td>AOSP</td>
<td>AOSP</td>
</tr>

<tr>
<td class="legend semititle"><br />Freedom</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">Free and open source (FOSS)?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Deblobbed?</td>
<td class="lgreen">Yes, significantly</td>
<td class="lgreen">Yes, significantly</td>
<td class="yellow">Yes, minimal</td>
<td class="yellow">Yes, minimal</td>
<td class="yellow">Yes, minimal</td>
<td class="red">No</td>
</tr>


<tr>
<td class="legend">Can install apps from any source or developer?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="lgreen tooltip">Play Store, whitelist, 24h wait, <code>adb</code><span class="tooltiptext">From September 2026, apps can only be "sideloaded" (installed from an APK file or alternative app store) if the developer has registered with Google. To register, developers need to pay a fee and reveal their identity to Google. The only workarounds to install apps from outside the Play Store from non-approved developers will be: 1. via <code>adb</code> (when connected to a PC or using Shizuku or AnyAPK), or 2. via an "advanced flow" which requires users to enable sideloading in developer options and wait for 24 hours (only once). These restrictions only apply to "certified" Google devices, i.e. those that have Play Services and Play Protect preinstalled, meaning there are <strong>no restrictions on AOSP</strong>, "custom ROMs", or Chinese phones.</span></td>
</tr>

<tr>
<td class="legend semititle"><br />Major Features</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend tooltip">Network controls for apps<span class="tooltiptext">The controls on LineageOS-based operating systems are leaky as their approach only disabled direct network access (socket) but doesn't disable indirect access via the INTERNET permission, which provides multiple ways of bypassing them not requiring collusion between apps. This functionality is regularly used by apps with no malicious intent. Collusion between apps is an issue for all kinds of granted access, permissions, etc. and not specific to the INTERNET permission. If INTERNET permission is not blocked though, no collusion is required.</span></td>
<td class="green">Direct and indirect access</td>
<td class="lgreen">Direct access only</td>
<td class="lgreen">Direct access only</td>
<td class="lgreen">Direct access only</td>
<td class="lgreen">Direct access only</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">System-wide connection/tracker blocking</td>
<td class="green">Private DNS setting, or via VPN app</td>
<td class="green">Private DNS setting, or via VPN app</td>
<td class="green">iode-snort app, Private DNS, or VPN</td>
<td class="green">Private DNS setting, or via VPN app</td>
<td class="green">Private DNS setting, or via VPN app</td>
<td class="green">Private DNS setting, or via VPN app</td>
</tr>

<tr>
<td class="legend">Network-based location (without GNSS)</td>
<td class="green tooltip">Opt-in with server choice<span class="tooltiptext">Network-based location is disabled by default (GNSS-based location is used instead), but if it is enabled the user can choose between the Apple location service or a GrapheneOS proxy to it, or alternatively can use the Google Play location service if sandboxed Google Play is installed</span></td>
<td class="green">Yes, using microG location</td>
<td class="green">Yes, using microG location</td>
<td class="green">Yes, using microG location</td>
<td class="red">No</td>
<td class="green">Yes, using Play Services</td>
</tr>

<tr>
<td class="legend">E2E-encrypted phone backups</td>
<td class="green">Yes (Seedvault)</td>
<td class="green">Yes (Seedvault)</td>
<td class="green">Yes (Seedvault)</td>
<td class="green">Yes (Seedvault)</td>
<td class="green">Yes (Seedvault)</td>
<td class="yellow">Yes, but requires Google login</td>
</tr>

<tr>
<td class="legend">Android Auto compatible</td>
<td class="green tooltip">Yes (sandboxed), <a href="https://grapheneos.org/usage#android-auto" target="_blank">see here</a><span class="tooltiptext">GrapheneOS has permission toggles to enable the user to provide the least amount of permissions necessary (e.g. wired Android Auto requires only USB access).</span></td>
<td class="lgreen">Yes (w/ privileged permissions), <a href="https://calyxos.org/docs/guide/android-auto/" target="_blank">see here</a></td>
<td class="lgreen">Yes (w/ privileged permissions), <a href="https://blog.iode.tech/use-android-auto-with-iodeos/" target="_blank">see here</a></td>
<td class="lgreen">Yes (w/ privileged permissions), <a href="https://doc.e.foundation/support-topics/android-auto" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="lgreen">Yes (w/ privileged permissions)</td>
</tr>

<tr>
<td class="legend">Google Pay compatible</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="lgreen">Yes (w/ privileged permissions)</td>
</tr>

<tr>
<td class="legend tooltip">RCS support in Google Messages<span class="tooltiptext">requires Google Play Services and to work</span></td>
<td class="green">Yes, <a href="https://grapheneos.org/releases#2025092700">see here</a></td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="red">No (blocked by Google)</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend semititle"><br />Advanced &amp; device-specific features</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">Factory reset protection (for stolen devices)</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow tooltip">Yes, but requires Google login<span class="tooltiptext">If the device is stolen and then factory reset, it will not allow setup and use until the original Google account credentials used on the device are entered. To disable FRP before factory reset, one must remove all Google accounts from the device (requiring the passwords). If the device was used without a Google account it will not trigger FRP meaning the device can be reset and reused freely.</span></td>
</tr>

<tr>
<td class="legend">Duress PIN (to wipe device)</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#duress" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Parental controls</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="green"><span class="tooltip">Yes<span class="tooltiptext">IodeOS has built-in parental controls focused on blocking unwanted data transmission rather than detailed activity monitoring like Family Link. The parental controls in IodeOS allow parents to block categories of content and "recipients," such as "Porn" to censor adult websites and "Social" to block social network apps. It also allowed parents to disable Internet access for specified apps (with password protection).</span></span>, <a href="https://iode.tech/documentation/parental-control/" target="_blank">see here</a></td>
<td class="green">Yes, <a href="https://doc.e.foundation/support-topics/parental-control" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="yellow tooltip">Yes, but requires Google login<span class="tooltiptext">Google Family Link requires a Google account but provides a comprehensive parental control experience, including detailed app usage monitoring and screen time management, the ability to remotely approve or block apps from being downloaded, device location tracking, and content and privacy restrictions enforced through Google Play Services.</span></td>
</tr>

<tr>
<td class="legend">Call recording</td>
<td class="green">Yes</td>
<td class="yellow">Only in selected regions, <a href="https://github.com/CalyxOS/platform_packages_apps_Dialer/blob/android13/java/com/android/dialer/callrecord/res/xml/call_record_states.xml" target="_blank">see here</a></td>
<td class="green">Yes</td>
<td class="yellow">Only in selected regions, <a href="https://gitlab.e.foundation/e/os/android_packages_apps_Dialer/-/blob/a14/java/com/android/dialer/callrecord/res/xml/call_record_states.xml" target="_blank">see here</a></td>
<td class="yellow">Only in selected regions, <a href="https://github.com/LineageOS/android_packages_apps_Dialer/blob/lineage-20.0/java/com/android/dialer/callrecord/res/xml/call_record_states.xml" target="_blank">see here</a></td>
<td class="yellow">Depends on regions and manufacturer</td>
</tr>

<tr>
<td class="legend">Notification forwarding from other user profiles</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">Option to enable screenshots in all apps<span class="tooltiptext">including apps blocking screenshots (<code>FLAG_SECURE</code>)</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">Hardware-backed attestation API support<span class="tooltiptext">Hardware-backed attestation works through a standard Android hardware attestation API that is available on every device launched with Android 8 or later. This hardware attestation API can be used by apps independently of Google Play Services, meaning apps do not have to rely on the Play Integrity API or other Google Play Services components for device integrity verification. The Play Integrity API itself is based on this hardware attestation API but adds Google's additional layers, including licensing checks. Using the native hardware attestation API allows for verifying security on devices or OSes that do not license Google Mobile Services.</span></td>
<td class="green">Yes, <a href="https://grapheneos.org/articles/attestation-compatibility-guide" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Charging limit (e.g. 80%) on supported devices</span></td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend tooltip">(Pixel only:) Force VoLTE, VoNR, 5G, VoWiFi<span class="tooltiptext">Previously, users of Pixel phones could change or set carrier network features like VoLTE (Voice over LTE), VoNR (Voice over New Radio, i.e. 5G voice), and WiFi Calling (VoWiFi), which is useful for users of imported Pixel phones in regions where these features are not supported. This carrier settings override was possible using <code>adb</code> shell commands or apps like Pixel IMS. With the December 2025 Android Security Bulletin patches (published in October 2025), Google removed support for these carrier override settings via <code>adb</code>, although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>.<br /><br />Note that this was only possible on Pixel phones as they uniquely allowed this override because Google's implementation of the Android telephony framework granted higher-than-usual privileges to <code>adb</code> on Pixel devices. This was originally intended as a test and debugging mechanism for developers and engineers, making it possible to override carrier-related telephony settings through ADB commands. Google's decision to open this up for Pixels (until Q4 2024) was a quirk and it was never part of general Android policy or documentation for end users.</span></td>
<td class="green tooltip">Yes (for Google Pixel)<span class="tooltiptext">In "Carrier settings overrides" in the Settings app.</span></td>
<td class="yellow tooltip">via Pixel IMS app<span class="tooltiptext">Removed in AOSP code with a security update in October 2025 (which has NOT yet been implemented by CalyxOS); although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>, though it can also be patched by Google in the future.</td>
<td class="yellow tooltip">via Pixel IMS app<span class="tooltiptext">Removed in AOSP code with a security update in October 2025 (which has NOT yet been implemented by IodeOS); although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>, though it can also be patched by Google in the future.</td>
<td class="yellow tooltip">via Pixel IMS app<span class="tooltiptext">Removed in AOSP code with a security update in October 2025 (which has NOT yet been implemented by /e/); although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>, though it can also be patched by Google in the future.</td>
<td class="yellow tooltip">via Pixel IMS app<span class="tooltiptext">Removed in AOSP code with a security update in October 2025 (which has NOT yet been implemented by LineageOS); although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>, though it can also be patched by Google in the future.</td>
<td class="yellow tooltip">via Pixel IMS app<span class="tooltiptext">Removed in AOSP code with a security update in October 2025; although <a href="https://www.androidauthority.com/pixel-ims-update-fix-3606811/" target="_blank">as of 14 October 2025, the developer behind the Pixel IMS app has implemented a workaround</a>, though it can also be patched by Google in the future.</td>
</tr>


<tr>
<td class="legend semititle tooltip"><br />Degoogling (connections to Google)
<span style="font-size: 50%; color: blue;">COLOURS</span><span class="tooltiptext">LOGIC FOR COLOUR SCHEME:
<br /><br />
RED<br />
- connects to Google, no opt-out
<br /><br />
LIGHT RED<br />
- connects to Google by default but function can be turned off (no option of using another provider)
<br /><br />
YELLOW<br />
- function is off by default but can connect to Google if needed (no option of using another provider)
<br /><br />
LIGHT GREEN<br />
- connects to Google by default but can be changed to another provider
<br /><br />
GREEN<br />
- does not connect to Google by default but instead connects to the developer of the operating system (no third party needs to be trusted)<br />
- multiple providers offered and user can decide<br />
- no data shared with any provider
<br /><br />
BLUE<br />
- does not connect to Google by default but instead connects to another (non-Google) third party provider
<br /><br />
WHITE<br />
- function is not supported</span></td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">eSIM activation</td>
<td class="green tooltip">Google eUICC w/o data sharing<span class="tooltiptext">Disabled by default. Unlike the regular Google eUICC management app, it doesn't require Google Play and cannot share data with it. It doesn't communicate with Google servers unless the carrier is hosting with them, which would involve using their servers regardless.</span></td>
<td class="red">Google eUICC (preinstalled)</td>
<td class="green">OpenEUICC (on most devices)</td>
<td class="red">Google eUICC (preinstalled)</td>
<td class="red">Google eUICC (preinstalled)</td>
<td class="red">Google eUICC (preinstalled)</td>
</tr>

<tr>
<td class="legend">Provider for network-based location</td>
<td class="green tooltip">None <sup>default</sup>, GrapheneOS, Apple, or Google<span class="tooltiptext">Network-based location is disabled by default (GNSS-based location is used instead), but if it is enabled the user can choose between the Apple location service or a GrapheneOS proxy to it, or alternatively can use the Google Play location service if sandboxed Google Play is installed</span></td>
<td class="green">microG location</td>
<td class="green">microG location</td>
<td class="green">microG location</td>
<td>n/a</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend">SUPL (for Assisted GNSS)</td>
<td class="green">GrapheneOS <sup>default</sup>, Google or none</td>
<td class="lred">Google <sup>default</sup>, or none</td>
<td class="lred">Google <sup>default</sup>, or none</td>
<td class="yellow">None <sup>default</sup>, or Google</td>
<td class="lred">Google <sup>default</sup>, or none</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend tooltip">PSDS/XTRA <span style="font-size: 75%;">("Standard" depends on GPS chipset)</span><span class="tooltiptext">The standard server used depends on the GPS chipset, which is usually Qualcomm, Broadcom, or Samsung, or in the case of Tensor chips (Google Pixel 6 and later) they connect to a Google server. Some ROMs override these settings.<br /><a href="https://web.archive.org/web/20250111112822/https://divestos.org/misc/gnss.txt" target="_blank" style="color: white;">Click here for details and which device information are sent.</a></span></td>
<td class="green">GrapheneOS <sup>default</sup>, <span class="tooltip">Standard<span class="tooltiptext">Google / Broadcom / Qualcomm / Samsung depending on the device. At the moment, only Google Pixels are supported by GrapheneOS, for which the standard connection is Google (since the Pixel 6)</span></span>, or none</td>
<td class="blue"><span class="tooltip">Standard (excl. Google)<span class="tooltiptext">Broadcom / Qualcomm / Samsung depending on the device, for Google Pixel 6 and later (Tensor chip) the standard connection to Google is replaced with a connection to Broadcom instead <a href="https://www.kuketz-blog.de/calyxos-de-googled-geht-anders-custom-roms-teil2/" target="_blank">(source)</a></span></span> <sup>default</sup>, or none</td>
<td class="blue"><span class="tooltip">Standard (excl. Google)<span class="tooltiptext">Broadcom / Qualcomm / Samsung depending on the device, for Google Pixel 6 and later (Tensor chip) the standard connection to Google is replaced with a connection to Broadcom instead <a href="https://www.kuketz-blog.de/iodeos-datenschutzfreundlich-aber-abstriche-bei-der-sicherheit-custom-roms-teil3/" target="_blank">(source)</a></span></span> <sup>default</sup>, or none</td>
<td class="yellow">None <sup>default</sup>, or <span class="tooltip">Standard<span class="tooltiptext">Google / Broadcom / Qualcomm / Samsung depending on the device</span></span></td>
<td class="lred"><span class="tooltip">Standard<span class="tooltiptext">Google / Broadcom / Qualcomm / Samsung depending on the device</span></span> <sup>default</sup>, or none</td>
<td class="red"><span class="tooltip">Standard<span class="tooltiptext">Google / Broadcom / Qualcomm / Samsung depending on the device</span></span></td>
</tr>

<!--
<tr>
<td class="legend tooltip">PSDS - Google Pixel 6 and later (Tensor SoC)<span class="tooltiptext">The default server used depends on the GPS chipset, e.g. phones with Qualcomm chips (e.g. Snapdragon) connect to a Qualcomm server, while newer Google Pixels with Tensor chips connect to a Google server, and other phones with Broadcom GPS (e.g. Exynos) connect to a Broadcom server. Some ROMs override these settings. <br /><a href="https://web.archive.org/web/20250111112822/https://divestos.org/misc/gnss.txt" target="_blank" style="color: white;">Click here for details and which device information are sent.</a></span></td>
<td class="green">GrapheneOS <sup>default</sup>, Google, or none</td>
<td class="blue">Broadcom <sup>default</sup>, or none</td>
<td class="blue">Broadcom <sup>default</sup>, or none</td>
<td class="yellow">None <sup>default</sup>, or Google</td>
<td class="lred">Google <sup>default</sup>, or none</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend tooltip">PSDS - other phones (no Tensor SoC)<span class="tooltiptext">The default server used depends on the GPS chipset, e.g. phones with Qualcomm chips (e.g. Snapdragon) connect to a Qualcomm server, while newer Google Pixels with Tensor chips connect to a Google server, and other phones with Broadcom GPS (e.g. Exynos) connect to a Broadcom server. Some ROMs override these settings. <br /><a href="https://web.archive.org/web/20250111112822/https://divestos.org/misc/gnss.txt" target="_blank" style="color: white;">Click here for details and which device information are sent.</a></span></td>
<td class="green">GrapheneOS <sup>default</sup>, Standard (Qualcomm/Broadcom/Samsung), or none</td>
<td class="blue">Standard (Qualcomm/Broadcom/Samsung) <sup>default</sup>, or none</td>
<td class="blue">Standard (Qualcomm/Broadcom/Samsung) <sup>default</sup>, or none</td>
<td class="yellow">None <sup>default</sup>, or Standard (Qualcomm/Broadcom/Samsung)</td>
<td class="blue">Standard (Qualcomm/Broadcom/Samsung) <sup>default</sup>, or none</td>
<td class="blue">Standard (Qualcomm/Broadcom/Samsung)</td>
</tr>
-->

<tr>
<td class="legend">Connectivity check/captive portal</td>
<td class="green">GrapheneOS <sup>default</sup>, Google, or none</td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span></td>
<td class="blue"><span class="tooltip">Kuketz.de (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span></td>
<td class="green"><span class="tooltip">Murena.io (related to /e/) (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span></td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span></td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span></td>
</tr>

<tr>
<td class="legend">DNS connectivity check</td>
<td class="green">GrapheneOS <sup>default</sup>, or Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend">DNS server fallback</td>
<td class="blue">Cloudflare</td>
<td class="blue">Cloudflare</td>
<td class="blue">Quad9</td>
<td class="blue">Quad9</td>
<td class="red">Google</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend">Network time</td>
<td class="green">GrapheneOS <sup>default</sup>, or none</td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span> &amp; carrier</td>
<td class="blue"><span class="tooltip">NTP.org (can be changed)<span class="tooltiptext">Server pool with arbitrary providers, which can include Google-hosted servers or even malicious servers. NTP server can be changed with `adb` command.</span></span> &amp; carrier</td>
<td class="blue"><span class="tooltip">NTP.org (can be changed)<span class="tooltiptext">Server pool with arbitrary providers, which can include Google-hosted servers or even malicious servers. NTP server can be changed with `adb` command.</span></span> &amp; carrier</td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span> &amp; carrier</td>
<td class="lgreen"><span class="tooltip">Google (can be changed)<span class="tooltiptext">can be changed with `adb` command</span></span> &amp; carrier</td>
</tr>

<tr>
<td class="legend">Hardware attestation provisioning</td>
<td class="green">GrapheneOS <sup>default</sup>, or Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
</tr>

<tr>
<td class="legend">DRM (Widevine) provisioning</td>
<td class="green">GrapheneOS <sup>default</sup>, or Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
<td class="red">Google</td>
</tr>


<tr>
<td class="legend semititle"><br />Google Play Services</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">Implementation</td>
<td class="tooltip">GmsCompat (sandboxed Google Play)<span class="tooltiptext">GrapheneOS does not include Google Play as a preinstalled app, but it includes an open source compatibility layer for users who choose to use it. Users can alternatively install microG on GrapheneOS, albeit GrapheneOS does not support signature spoofing. Not all microG functionality requires signature spoofing, for example FCM works with microG without signatures spoofing to the extent it works without special privileges (e.g. microG needs to use a privileged API to wake apps and keep them awake for a short period of time to handle FCM messages).</span></td>
<td>microG</td>
<td>microG</td>
<td>microG</td>
<td rowspan="7">None by default. <br />It's possible to install microG manually (LineageOS <a href="https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/383574" target="_blank">supports signature spoofing for microG</a> since 2024). Alternatively, there are <a href="https://lineage.microg.org/" target="_blank">ROMs with microG preinstalled</a> or one can <a href="https://wiki.lineageos.org/gapps" target="_blank">add Google apps</a> during the installation process, but this is not officially supported by LineageOS. <!--Alternatively, there is the <a href="https://lineage.microg.org/" target="_blank">LineageOS for microG</a> project that integrates microG in LineageOS.</td>-->
<td>Google Play Services</td>
</tr>

<tr>
<td class="legend">Optional?</td>
<td class="green">Yes (not preinstalled)</td>
<td class="green">Yes (preinstalled but opt-out)</td>
<td class="green">Yes (preinstalled but opt-out)</td>
<td class="yellow">Can be disabled via developer mode</td>
<!-- skipped -->
<td class="red">No (preinstalled without opt-out)</td>
</tr>

<tr>
<td class="legend">Runs in standard app sandbox?</td>
<td class="green">Yes</td>
<td class="red tooltip">No<span class="tooltiptext">Runs in the `priv_app` SELinux domain instead of `untrusted_app`, which gives it access to internal system APIs and data along with it being much less isolated.</span></td>
<td class="red tooltip">No<span class="tooltiptext">Runs in the `priv_app` SELinux domain instead of `untrusted_app`, which gives it access to internal system APIs and data along with it being much less isolated.</span></td>
<td class="red tooltip">No<span class="tooltiptext">Runs in the `priv_app` SELinux domain instead of `untrusted_app`, which gives it access to internal system APIs and data along with it being much less isolated.</span></td>
<!-- skipped -->
<td class="red tooltip">No<span class="tooltiptext">Runs in the `priv_app` SELinux domain instead of `untrusted_app`, which gives it access to internal system APIs and data along with it being much less isolated.</span></td>
</tr>

<tr>
<td class="legend">Can be limited to user or work profile?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td>? (TBC)</td>
<td>? (TBC)</td>
<!-- skipped -->
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Signature spoofing needed/allowed?</td>
<td class="green">No</td>
<td class="lgreen">Only for Google signature</td>
<td class="lgreen">Only for Google signature</td>
<td class="lgreen">Only for Google signature</td>
<!-- skipped -->
<td class="green">No</td>
</tr>

<tr>
<td class="legend">Push notifications via Google FCM?</td>
<td class="green">Yes</td>
<td class="green">Optional</td>
<td class="green">Optional</td>
<td class="green">Optional</td>
<!-- skipped -->
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend tooltip">Google Play Integrity?<span class="tooltiptext">From Android 13 onwards, MEETS_BASIC_INTEGRITY can only be met if the app was installed through the Play Store, which is only possible when logged in to a Google account. However, even if you later log out from your Google account, or if you install the app from elsewhere but spoof it as installed from Google Play, some apps may still refuse to run as they run additional checks that the user is currently logged in to their Google account.</span></td>
<td class="lgreen tooltip">Passes Basic Integrity only, <a href="https://grapheneos.org/usage#banking-apps" target="_blank">see here</a><span class="tooltiptext">Passes MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY which require a certification from Google.</td>
<td class="lgreen tooltip">Passes Basic Integrity only<span class="tooltiptext">microG v0.3.6.244735, which is part of CalyxOS since 2024-12-31, passes MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY which require a certification from Google.</td>
<td class="lgreen tooltip">Passes Basic Integrity only<span class="tooltiptext">microG v0.3.6.244735 and above pass MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY which require a certification from Google.</td>
<td class="lgreen tooltip">Passes Basic Integrity only<span class="tooltiptext">microG v0.3.6.244735 and above pass MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY which require a certification from Google.</td>
<!-- skipped -->
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend tooltip">Disables Play Integrity install checks?<span class="tooltiptext">These checks, undertaken by Play Store, involve validating the app's developer credentials, authenticity, and confirming the app is a genuine Play Store version via cryptographic signatures or developer verification services provided by Google. These checks are about confirming the app is genuine and unmodified, but they are fundamentally anti-competitive as they enforce the use of Play Store linked to a Google account to download apps. While these checks purport to ensure app authenticity and security, they are fundamentally anti-competitive since they restrict users to obtaining apps only from the Play Store and require Google services licensing, thereby locking out alternative app sources or operating systems. Many apps use the Play Integrity API to block apps installed from alternative sources such as APK sideloads or Aurora Store, which harms user choice and fair competition. Disabling these checks can be useful for use apps that were "sideloaded", e.g. installed from Aurora Store or APK.</span></td>
<td class="green tooltip">Yes (if signature matches)<span class="tooltiptext">GrapheneOS disables or bypasses certain restrictive Play Store install checks after cryptographically verifying the Play Store source stamp signature of the app. This allows apps to run even if installed from alternative sources like Aurora Store or APKs. However, some apps may perform their own installation source (<code>PackageManager.getInstallerPackageName</code>) checks independently, which is why spoofing the install source might still be necessary to pass those app-specific checks.</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">Option to mark apps as installed by Play Store?<span class="tooltiptext">In addition to the the checks undertaken by Play Integrity (see above), apps can check if they were installed by querying the system's installer package name (e.g. <code>com.android.vending</code> for Play Store). Some apps block or restrict functionality if installed from outside the Play Store based on this check.</span></td>
<td class="yellow tooltip">No, only via <code>adb</code><span class="tooltiptext">GrapheneOS is not spoofing the installation source at the moment but there are plans to eventually add such a feature.<br /><code>adb</code> can spoof the installation source, using a command like <code>adb shell pm install -i com.android.vending -r /path/to/app.apk</code>. Shizuku is an Android app that allows users to do it using wireless debugging and without an external device (PC).</span></td>
<td class="lgreen tooltip">Done if installed from Aurora Store<span class="tooltiptext">Apps installed from Aurora Store are automatically marked as installed from Play Store, without further signature checks</span></td>
<td class="lgreen tooltip">Done if installed from Aurora Store<span class="tooltiptext">Apps installed from Aurora Store are automatically marked as installed from Play Store, without further signature checks</span></td>
<td class="yellow tooltip">No, only via <code>adb</code><span class="tooltiptext"><br /><code>adb</code> can spoof the installation source, using a command like <code>adb shell pm install -i com.android.vending -r /path/to/app.apk</code>. Shizuku is an Android app that allows users to do it using wireless debugging and without an external device (PC).</span></td>
<td class="yellow tooltip">No, only via <code>adb</code><span class="tooltiptext"><br /><code>adb</code> can spoof the installation source, using a command like <code>adb shell pm install -i com.android.vending -r /path/to/app.apk</code>. Shizuku is an Android app that allows users to do it using wireless debugging and without an external device (PC).</span></td>
<td class="yellow tooltip">No, only via <code>adb</code><span class="tooltiptext"><br /><code>adb</code> can spoof the installation source, using a command like <code>adb shell pm install -i com.android.vending -r /path/to/app.apk</code>. Shizuku is an Android app that allows users to do it using wireless debugging and without an external device (PC).</span></td>
</tr>


<tr>
<td class="legend semititle"><br />Privacy</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">Storage scopes</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#storage-scopes" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Contact scopes</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#contact-scopes" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Per-app sensor controls</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#sensors-permission-toggle" target="_blank">see here </a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Per-connection DHCP state flushing</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">MAC address randomization</td>
<td class="green">Per connection, <a href="https://grapheneos.org/features#wifi-privacy" target="_blank">see here</a></td>
<td class="lgreen">Per network</td>
<td class="lgreen">Per network</td>
<td class="lgreen">Per network</td>
<td class="lgreen">Per network</td>
<td class="lgreen">Per network</td>
</tr>

<tr>
<td class="legend">SUPL: IMSI or phone number sent?</td>
<td class="green">No</td>
<td class="green">No</td>
<td class="green">No</td>
<td class="green">No</td>
<td class="green">No</td>
<td class="red">Yes</td>
</tr>

<tr>
<td class="legend tooltip">Qualcomm XTRA: user agent sent?<span class="tooltiptext">Only relevant for phones with Qualcomm GPS chips. Doesn't apply to Broadcom or Samsung. May include chipset serial number, device manufacturer and model, carrier, and Android version. <a href="https://web.archive.org/web/20250111112822/https://divestos.org/misc/gnss.txt" target="_blank" style="color: white;">Click here for details and which device information are sent.</a></span></td>
<td class="green">No</td>
<td class="yellow tooltip">Partially (for Qualcomm chips)<span class="tooltiptext">Chipset serial number is stripped out but other less unique device information remain</span></td>
<td class="yellow tooltip">Partially (for Qualcomm chips)<span class="tooltiptext">Chipset serial number is stripped out but other less unique device information remain</span></td>
<td class="yellow tooltip">Partially (for Qualcomm chips)<span class="tooltiptext">Chipset serial number is stripped out but other less unique device information remain</span></td>
<td class="yellow tooltip">Partially (for Qualcomm chips)<span class="tooltiptext">Chipset serial number is stripped out but other less unique device information remain</span></td>
<td class="lred">for Qualcomm GPS chips</td>
</tr>

<tr>
<td class="legend">Closed cross-profile package leaks?</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Closed device identifier leaks?</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#closed-device-identifier-leaks" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">Closed VPN leaks?<span class="tooltiptext">when "block connections without VPN" is enabled</span></td>
<td class="yellow tooltip">Partially, <a href="https://grapheneos.org/features#improved-vpn-leak-blocking">see here</a><span class="tooltiptext">Some leaks tied to the Private DNS feature still remain and "finding and resolving all forms of VPN leaks is one of [GrapheneOS's] top priorities at the moment". Some other connections, e.g. WiFi calling (VoWiFi) or WiFi connectivity checks (captive portal) are deliberately allowed by Android to circumvent the VPN and this is not changed in GrapheneOS.</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Metadata stripping for screenshots</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#private-screenshots" target="_blank">see here </a></td>
<td class="green">Yes, <a href="https://calyxos.org/news/2023/10/04/october-security-update/" target="_blank">see here </a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">EXIF metadata stripping for photos</td>
<td class="green">Yes, <a href="https://grapheneos.org/usage#grapheneos-camera-app" target="_blank">see here </a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow">Available as option</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Location tagging for photos</td>
<td class="green">Opt-in</td>
<td class="green">Opt-in, <a href=https://calyxos.org/docs/guide/security/location/#exif-metadata" target="_blank">see here for more info</a></td>
<td class="green">Opt-in</td>
<td class="green">Opt-in</td>
<td class="green">Opt-in</td>
<td class="lgreen">Opt-out</td>
</tr>

<tr>
<td class="legend">Tracking through Android Advertising ID?</td>
<td class="green tooltip">Not part of the system<span class="tooltiptext">if Play Services are installed by the user, the Advertising ID can be deleted in settings</span></td>
<td class="green tooltip">Randomized ID<span class="tooltiptext">microG will generate a random advertising ID for each request</span></td>
<td class="green tooltip">Randomized ID<span class="tooltiptext">microG will generate a random advertising ID for each request</span></td><td class="green tooltip">Randomized ID<span class="tooltiptext">microG will generate a random advertising ID for each request</span></td>
<td class="green tooltip">Not part of the system<span class="tooltiptext">if microG is installed by the user, it will generate a random Advertising ID for each request; if Play Services are installed by the user, the Advertising ID can be deleted in settings</span></td>
<td class="lgreen">Yes, but can be deleted in settings</td>
</tr>



<tr>
<td class="legend semititle"><br />Security</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend">Verified boot (if supported by device)?</td>
<td class="green">Yes, incl. system app updates</td>
<td class="yellow">Yes, but excl. system app updates</td>
<td class="yellow">Yes, but excl. system app updates</td>
<td class="lred">w/ test keys; excl. system app updates</td>
<td class="red">No</td>
<td class="yellow">Yes, but excl. system app updates</td>
</tr>

<tr>
<td class="legend">Hardware-based security verification</td>
<td class="green">Yes, <a href="https://grapheneos.org/features#auditor" target="_blank"> see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="green">Yes, mandatory since Android 8</a></td>
</tr>

<tr>
<td class="legend">System app downgrade protection</td>
<td class="green">For updates and boot, with fs-verity</td>
<td class="red">For updates (incomplete)</td>
<td class="red">For updates (incomplete)</td>
<td class="red">For updates (incomplete)</td>
<td class="red">For updates (incomplete)</td>
<td class="red">For updates (incomplete)</td>
</tr>

<tr>
<td class="legend">Secure application spawning?</td>
<td class="green">Yes (exec)</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Hardware memory tagging?</td>
<td class="green">Yes, if supported by device</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="lred tooltip">Advanced Protection, very limited scope<span class="tooltiptext">If Advanced Protection mode is enabled, it enables hardware memory tagging (when supported by the hardware) but only for apps that are explicitly opting in to it and not for the kernel or most of the base OS.</span></td>
</tr>

<tr>
<td class="legend">Android Runtime <span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> compilation/profiling</td>
<td class="green"><span class="tooltip">AOT<span class="tooltiptext">Ahead-Of-Time</span></span> compilation w/o profiling</td>
<td class="red">Interpreter/<span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> with profiling</td>
<td class="red">Interpreter/<span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> with profiling</td>
<td class="red">Interpreter/<span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> with profiling</td>
<td class="red">Interpreter/<span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> with profiling</td>
<td class="red">Interpreter/<span class="tooltip">JIT<span class="tooltiptext">Just-In-Time</span></span> with profiling</td>
</tr>

<tr>
<td class="legend tooltip">Dynamic code loading prevention for apps<span class="tooltiptext"><a href="https://github.com/eylenburg/eylenburg.github.io/issues/85" target="_blank" style="color: white;">see here for details</a></span></td>
<td class="green">System, opt-in for non-system apps</td>
<td class="red">None</td>
<td class="red">None</td>
<td class="red">None</td>
<td class="red">None</td>
<td class="red">None</td>
</tr>

<tr>
<td class="legend">Secure TLS for SUPL?</td>
<td class="green tooltip">TLSv1.3 or TLSv1.2<span class="tooltiptext">GrapheneOS still uses TLSv1.2-only for SUPL on Broadcom GNSS devices but moved to TLSv1.3-only for SUPL on Samsung GNSS devices.</span></td>
<td class="yellow tooltip">TLSv1.3/1.2/1.1/1.0 depending on device<span class="tooltiptext">Some older end-of-life devices only support TLSv1.1 or TLSv1.0</span></td>
<td class="yellow tooltip">TLSv1.3/1.2/1.1/1.0 depending on device<span class="tooltiptext">Some older end-of-life devices only support TLSv1.1 or TLSv1.0</span></td>
<td class="yellow tooltip">TLSv1.3/1.2/1.1/1.0 depending on device<span class="tooltiptext">Some older end-of-life devices only support TLSv1.1 or TLSv1.0</span></td>
<td class="yellow tooltip">TLSv1.3/1.2/1.1/1.0 depending on device<span class="tooltiptext">Some older end-of-life devices only support TLSv1.1 or TLSv1.0</span></td>
<td class="yellow tooltip">TLSv1.3/1.2/1.1/1.0 depending on device<span class="tooltiptext">Some older end-of-life devices only support TLSv1.1 or TLSv1.0</span></td>
</tr>

<tr>
<td class="legend">Fallback DNS server with DNSSEC?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Secure connection to network time server?</td>
<td class="green">HTTPS via GrapheneOS server</td>
<td class="red">NTP w/o NTS and <span class="tooltip">carrier-based time<span class="tooltiptext">insecure because cellular networks lack proper authentication</span></span></td>
<td class="red">NTP w/o NTS and <span class="tooltip">carrier-based time<span class="tooltiptext">insecure because cellular networks lack proper authentication</span></span></td>
<td class="red">NTP w/o NTS and <span class="tooltip">carrier-based time<span class="tooltiptext">insecure because cellular networks lack proper authentication</span></span></td>
<td class="red">NTP w/o NTS and <span class="tooltip">carrier-based time<span class="tooltiptext">insecure because cellular networks lack proper authentication</span></span></td>
<td class="red">NTP w/o NTS and <span class="tooltip">carrier-based time<span class="tooltiptext">insecure because cellular networks lack proper authentication</span></span></td>
</tr>

<tr>
<td class="legend tooltip">Can disable USB-C and pogo pins data?<span class="tooltiptext">See here for details: <a href="https://github.com/eylenburg/eylenburg.github.io/issues/60" target="_blank" style="color: white;">[1]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/28" target="_blank" style="color: white;">[2]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/54" target="_blank" style="color: white;">[3]</a></span></td>
<td class="green">Default (while locked), <a href="https://grapheneos.org/features#usb-c-port-and-pogo-pins-control" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">Can disable USB-C charging?<span class="tooltiptext">See here for details: <a href="https://github.com/eylenburg/eylenburg.github.io/issues/60" target="_blank" style="color: white;">[1]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/28" target="_blank" style="color: white;">[2]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/54" target="_blank" style="color: white;">[3]</a></span></td>
<td class="green">Opt-in (after boot), <a href="https://grapheneos.org/features#usb-c-port-and-pogo-pins-control" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>


<tr>
<td class="legend tooltip">Can disable USB connections?<span class="tooltiptext">See here for details: <a href="https://github.com/eylenburg/eylenburg.github.io/issues/60" target="_blank" style="color: white;">[1]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/28" target="_blank" style="color: white;">[2]</a>, <a href="https://github.com/eylenburg/eylenburg.github.io/issues/54" target="_blank" style="color: white;">[3]</a></span></td>
<td class="green tooltip">Default (while locked), <a href="https://grapheneos.org/features#usb-c-port-and-pogo-pins-control" target="_blank">see here</a><span class="tooltiptext">Hardware and software</span></td>
<td class="lgreen tooltip">Default (while locked), software only<span class="tooltiptext">Incomplete implementation. Can only disable high level software attack surface. Lacks a way to block new USB connections without ending existing connections. The mode for disabling USB connections while locked continues allowing new connections until existing connections end, including a connection through another method such as a pogo pins USB connection to a stand.</span></td>
<td class="lred"><em>? (TBC - like Lineage or stock?)</em></td>
<td class="lred"><em>? (TBC - like Lineage or stock?)</em></td>
<td class="yellow tooltip">Opt-in, software only<span class="tooltiptext">Incomplete implementation. Can only disable high level software attack surface. Cannot disable USB until after early boot. Lacks a way to block new USB connections without ending existing connections. The mode for disabling USB connections while locked continues allowing new connections until existing connections end, including a connection through another method such as a pogo pins USB connection to a stand.</span></td>
<td class="yellow"><span class="tooltip">Advanced Protection<span class="tooltiptext">When Advanced Protection Mode is enabled, it blocks new USB connections at a software level after the device is locked</span></span> or <span class="tooltip">Device admin API<span class="tooltiptext">Requires installing a device admin app like Sentry. Can only disable high level software attack surface. Cannot disable USB until after early boot. Lacks a way to block new USB connections without ending existing connections.</span></span></td>
</tr>

<tr>
<td class="legend">Can auto-disable WiFi if unused?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Can auto-disable Bluetooth if unused?</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Can auto-disable NFC if unused?</td>
<td class="red tooltip">No<span class="tooltiptext"><a href="https://grapheneos.org/releases#2025070800" target="_blank">This featured was removed in July 2025 due to bugs</a></span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Auto-reboot timer for locked devices</td>
<td class="green">Yes</td>
<td class="lred tooltip">Yes, but no BFU (before first unlock) state<span class="tooltiptext">CalyxOS has a disabled-by-default port of an older GrapheneOS implementation of the auto-reboot feature, which was determined to not be as robust due to being able to bypass it by crashing <code>system_server</code>. It also lacks the memory clearing required to get the device properly back at rest for reboots. Therefore it can't return the device to a proper BFU (before first unlock) state like the GrapheneOS and iOS implementations.</span></td>
<td class="lred tooltip">Yes, but no BFU (before first unlock) state<span class="tooltiptext">IodeOS has a disabled-by-default port of an older GrapheneOS implementation of the auto-reboot feature, which was determined to not be as robust due to being able to bypass it by crashing <code>system_server</code>. It also lacks the memory clearing required to get the device properly back at rest for reboots. Therefore it can't return the device to a proper BFU (before first unlock) state like the GrapheneOS and iOS implementations.</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="lred tooltip">Advanced Protection mode, but no BFU state<span class="tooltiptext">If Advanced Protection Mode is enabled, it provides a 72 hour auto-reboot timer. However, it appears to lack memory zeroing and therefore can't return the device to a proper BFU (before first unlock) state like the GrapheneOS and iOS implementations. It is unclear if the implementation is protected from a core system process crashing (<code>system_server</code>) preventing a trigger of the auto-reboot.</span></td>
</tr>

<tr>
<td class="legend">2-factor fingerprint unlock</td>
<td class="green">Yes (fingerprint + PIN), <a href="https://discuss.grapheneos.org/d/18585-2-factor-fingerprint-unlock-feature-is-now-fully-implemented" target="_blank">see here</a></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend tooltip">PIN scrambling<span class="tooltiptext">Randomize position of digits on the lockscreen in order to reduce shoulder-surfing and smudge pattern attacks by preventing observers from learning your PIN based on button positions.</span></td>
<td class="green">Yes, <a href="https://grapheneos.org/features#pin-scrambling" target="_blank">see here</a></td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="red">No</td>
<td class="green">Yes</td>
<td class="red">No</td>
</tr>

<tr>
<td class="legend">Hardened system components</td>
<td class="green">Yes, hardened memory allocator, kernel, libc, webview (Vanadium), SELinux policy, and additional hardening. <a href="https://grapheneos.org/features" target="_blank">See here</a></td>
<td class="red">No (same as AOSP)</td>
<td class="red">No (same as AOSP)</td>
<td class="red">No (same as AOSP)</td>
<td class="red">No (same as AOSP)</td>
<td class="red">No (same as AOSP)</td>
</tr>

<tr>
<td class="legend semititle"><br />Updates</td>
<td></td><td></td><td></td><td></td><td></td><td></td>
</tr>

<tr>
<td class="legend tooltip">Security preview releases<span class="tooltiptext">Since 2025 H2, Google will distribute security patches to OEMs (phone manufacturers) 3-4 months before the "official" publication date. Until that date, they are not allowed to publish source codes or details, but it is allowed to publish the binaries and list the fixed CVEs. This change in Google's policy delays getting patches to users and sophisticated attackers will have no issue getting the patches from one of many people at Android OEMs with early access. It furthermore restricts the ability of open source and non-commercial Android distributions to patch security issues on time as the security patches are only distributed to official OEMs and it is not allowed to republish the source code before the embargo ends.</span></td>
<td class="green tooltip">Yes (optional)<span class="tooltiptext">Users can opt in to security patches that are still under the embargo for source code and details. Thanks to a cooperation with an Android OEM, GrapheneOS is able to ship these security patches as binaries before the "offical" publication date. However, the patches can't be included in the regular open-source releases until the embargo ends.</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="red tooltip">No<span class="tooltiptext">As of September 2025, No OEMs are actually publishing updated binaries during the embargo period despite Google's policy allowing a "binary-only exception" to ship patches earlier. This exception exists in theory to allow shipping binary-only patches without the typical source code embargo delay, but it is not being used in practice by OEMs, including Google for Pixels.</span></td>
</tr>
    
<tr>
<td class="legend tooltip">Security update speed (AOSP subset of ASB)<span class="tooltiptext">It doesn't explain how the device-specific patches in the second half of each Android Security Bulletin are actually delivered, or if they ever make it to end users. Since autumn 2025, Google no longer publishes all security fixes immediately into AOSP each month. Instead, they distribute patches under embargo to OEMs, and the corresponding changes only appear publicly in the source code 3–4 months later. This means that full security patching now depends even more on keeping up with your vendor's own releases, because relying on AOSP directly will always leave you months behind. Falling behind on quarterly or yearly OEM releases results in missing many security fixes until the next major release for that device. The situation varies greatly: Pixels still set the standard because Pixel updates track the embargoed patches promptly, while many vendors are slow to roll out quarterly or yearly releases. Some devices that fail to ship a timely new Android version make it almost impossible for an alternate OS to provide complete patches. If the vendor doesn't ship updated firmware or drivers, alternate OS projects have no path to apply those fixes themselves. For example, Fairphone historically trailed by 1–2 months even before the embargo change, and therefore projects like CalyxOS or LineageOS on Fairphone remain at least that far behind.<br /><a href="https://web.archive.org/web/20240328045058/https://divestos.org/misc/a-dates.txt" target="_blank" style="color: white;">Click here for update speed data</a></span></td>
<td class="green">Usually same day</td>
<!--<td class="lgreen">Days to weeks</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently no updates</td>
<td class="yellow">2-4 weeks, sometimes longer</td>
<td class="lred">1-2 months, sometimes longer</td>
<td class="lgreen">1-2 weeks, sometimes longer</td>
<td>Depends on phone vendor</td>
</tr>

<tr>
<td class="legend tooltip">Full patches on fully supported devices<span class="tooltiptext">Requires 1. being on the latest OS release (as Android doesn't backport all security patches), 2. shipping all the vendor code</span></td>
<td class="green">Several days</td>
<!--<td class="lgreen">Weeks to months</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently no updates</td>
<td class="yellow">Several to many months</td>
<td class="lred">Many months to over a year</td>
<td class="yellow">Several to many months</td>
<td>Depends on phone vendor</td>
</tr>

<tr>
<td class="legend tooltip">Partial security updates (ASB) after EoL date<span class="tooltiptext">missing most driver and firmware patches after the phone's end of life date</span></td>
<td class="lgreen tooltip">until 5 years from launch<span class="tooltiptext">e.g. 2 years of extended support for 4th and 5th generation Pixels</span></td>
<!--<td class="lgreen">1-3 years</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently no updates</td>
<td class="green">Several years</td>
<td class="green">Several years</td>
<td class="green">Several years</td>
<td class="red">By definition: No</td>
</tr>

<tr>
<td class="legend tooltip">Number of Android versions supported<span class="tooltiptext">Only the latest major release of AOSP has full security patches. Most privacy fixes are in fact only included for the new OS versions, not in the security patches. The ASB patches patches rarely include fixes for permission model / sandbox flaws resulting in privacy leaks since they're given Moderate severity and often require invasive changes including potential compatibility breaks.</span></td>
<td>Usually 1 Android version</td>
<!--<td>Usually 1 Android version</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently no updates</td>
<td>Usually 1 Android version</td>
<td>2-3 Android versions</td>
<td>Usually 3 Android versions</td>
<td>Usually 3 Android versions</td>
</tr>

<tr>
<td class="legend tooltip">Webview update speed<span class="tooltiptext"><a href="https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt" target="_blank" style="color: white;">Click here for details</a></span></td>
<td class="green"><1 day</td>
<!--<td class="yellow"><1 week, sometimes longer delays</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently no updates</td>
<td class="yellow"><2 weeks</td>
<td class="red">Several weeks/months</td>
<td class="yellow"><2 weeks</td>
<td>Depends on phone vendor</td>
</tr>


<tr>
<td class="legend semititle"><br />Supported devices*</td>
<td style="vertical-align: bottom;"><a href="https://grapheneos.org/faq#supported-devices" target="_blank">Supported devices</a> | <a href="https://grapheneos.org/faq#future-devices" target="_blank">Hardware requirements</a></td><td style="vertical-align: bottom;"><a href="https://calyxos.org/docs/guide/device-support/" target="_blank">Supported devices</a> | <a href="https://calyxos.org/docs/guide/device-support/#preferences-for-supporting-a-new-device" target="_blank">Hardware requirements</a></td><td style="vertical-align: bottom;"><a href="https://iode.tech/iodeos-official-supported-devices/" target="_blank">Supported devices</a></td><td style="vertical-align: bottom;"><a href="https://doc.e.foundation/devices" target="_blank">Supported devices</a></td><td style="vertical-align: bottom;"><a href="https://wiki.lineageos.org/devices/" target="_blank">Supported devices</a></td><td></td>
</tr>

<tr>
<td class="legend">Fairphone</td>
<td class="red">No</td>
<!--<td class="green">Yes <a href="https://calyxos.org/install/antirollback-update-pending/" target="_blank" style="color: red;">(currently unavailable)</a></td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently not available</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Google</td>
<td class="green">Yes</td>
<!--<td class="green">Yes</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently not available</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Motorola</td>
<td class="red">No</td>
<!--<td class="green">Yes <a href="https://calyxos.org/install/antirollback-update-pending/" target="_blank" style="color: red;">(currently unavailable)</a></td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently not available</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Oneplus</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow">No phones released after 2023</td>
<td class="yellow">No phones released after 2023</td>
<td class="green">Yes</td>
<td class="green">Yes (OxygenOS)</td>
</tr>

<tr>
<td class="legend tooltip">Samsung<span class="tooltiptext">Samsung doesn't support bootloader unlocking anymore for current devices.</span></td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow">No phones released after 2019</td>
<td class="yellow">No phones released after 2022</td>
<td class="yellow">No phones released after 2022</td>
<td class="green">Yes (OneUI)</td>
</tr>

<tr>
<td class="legend">Shiftphone</td>
<td class="red">No</td>
<!--<td class="green">Yes</td>--><td class="red"><a href="https://calyxos.org/news/2025/08/01/a-letter-to-our-community/" target="_blank">Currently not available</td>
<td class="green">Yes</td>
<td class="green">Yes</td>
<td class="yellow">No phones released after 2020</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Sony</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow">No phones released after 2023</td>
<td class="yellow">No phones released after 2023</td>
<td class="yellow">No phones released after 2023</td>
<td class="green">Yes</td>
</tr>

<tr>
<td class="legend">Xiaomi</td>
<td class="red">No</td>
<td class="red">No</td>
<td class="yellow">No phones released after 2022</td>
<td class="yellow">No phones released after 2023</td>
<td class="yellow">No phones released after 2023</td>
<td class="green">Yes (HyperOS)</td>
</tr>

<tr>
<td class="legend">Other supported devices</td>
<td class="line"></td>
<td class="line"></td>
<td class="line">&nbsp;<br />old devices only: Teracube</td>
<td class="line">2024/25: CMF, Teracube, Volla;<br />old devices only: Asus, BQ, Essential, F(x)tec, Gigaset, Lenovo, LG, Nothing, Nubia, Razr, Realme, Solana</td>
<td class="line">&nbsp;<br />old devices only: Asus, Essential, F(x)tec, Lenovo, LG, Nokia, Nothing, Nubia, Razr, Realme, Solana, Vsmart, ZTE</td>
<td class="line">(Yes)</td>
</tr>

<tr>
<td class="legend" style="text-align: left; font-style: italic;" colspan="7">*Support marked as "Yes" if at least one phone model released since 2024 is supported; this does NOT mean all models are supported.</td>
</tr>

</tbody>
</table>

<p><a href="https://customromhardware.miraheze.org/wiki/Main_Page" target="_blank">Here</a> is a community project to put together a list of phones that allow the installation of degoogled Android distributions.</p>

<h3>Appendix 1: using different profiles in Android</h3>
<p>It is possible to use different profiles to separate apps, files and other data from each other. From least to most separate from the main user profile, the options are: work profile, private space (since Android 15), and secondary users. Below is a comparison how they differ:</p>

<table class="appendix">
<thead>
<tr><td></td><td style="font-weight: bold;">Work profile (with Shelter)</td><td style="font-weight: bold;">Private space</td><td style="font-weight: bold;">Secondary user profiles</td></tr>
</thead>

<tr><td colspan="4" style="text-decoration: underline;"><br />Privacy &amp; data access</td></tr>
<tr><td>File access</td><td colspan="3">Separate</td></tr>
<tr><td>Contact access</td><td colspan="3">Separate</td></tr>
<tr><td>Calendar storage</td><td colspan="3">Separate</td></tr>
<tr><td>Clipboard</td><td>Shared with main profile</td><td>Shared with main profile (GrapheneOS: sharing can be disabled)</td><td>Separate</td></tr>
<tr><td>VPN connections</td><td colspan="3">Separate</td></tr>
<tr><td>Saved WiFi &amp; Bluetooth connections</td><td colspan="3">Shared with main profile</td></tr>
<tr><td>Private DNS (in settings)</td><td colspan="3">Shared with main profile</td></tr>
<tr><td class="tooltip">System settings<span class="tooltiptext">including basic settings such as gestures vs buttons, light vs dark mode, sound etc.</span></td><td colspan="2">Mostly shared with main profile</td><td>Completely separate</td></tr>
<tr><td>Call and SMS history</td><td colspan="2">Cannot access calls & SMS</td><td>Optional access ("turn on phone calls &amp; SMS")</td></tr>
<tr><td>Communication with other apps</td><td colspan="3">Limited to other apps in same profile</td></tr>
<tr><td>See which other apps are installed</td><td colspan="3">Limited to other apps in same profile</td></tr>

<tr><td colspan="4" style="text-decoration: underline;"><br />Convenience</td></tr>
<tr><td>Profile can run in background?</td><td colspan="3">Yes</td></tr>
<tr><td>Profile can auto-start after reboot?</td><td>Yes</td><td colspan="2">No (need to unlock profile first)</td></tr>
<tr><td>Clone apps from/to main profile</td><td>Yes, both ways (via Shelter)</td><td>GrapheneOS only, from main to private</td><td>GrapheneOS only, from main to secondary</td></tr>
<tr><td>Can use biometrics in apps?</td><td>Yes</td><td colspan="2">Only if separate biometrics are set up for this profile</td></tr>

<tr><td colspan="4" style="text-decoration: underline;"><br />Integration with main profile</td></tr>
<tr><td>Quick switch between apps from different profiles?</td><td colspan="2">Yes, apps appear in main profile's recent app list</td><td>No, need to switch active user</td></tr>
<tr><td>Integration in file manager as storage location</td><td>Yes (via Shelter)</td><td colspan="2">No</td></tr>
<tr><td>Share files across profiles via "Share" menu</td><td colspan="2">Yes</td><td>No</td></tr>
<tr><td>Can add app shortcut to (main profile's) home screen?</td><td>Yes</td><td colspan="2">No</td></tr>
<tr><td>Can add widgets to (main profile's) home screen?</td><td colspan="3">No</td></tr>
<tr><td>Can show app notifications in main profile?</td><td>Yes; same as notifications from apps running in main profile</td><td>if using device screen lock for private space: Yes; <br />if using separate PIN/biometrics for private space: Yes, but no notification content is shown, just app name</td><td>GrapheneOS only &amp; optional for each profile; no notification content is shown, just app name</td></tr>

<tr><td colspan="4" style="text-decoration: underline;"><br />Protection &amp; security</td></tr>
<tr><td>PIN &amp; biometrics</td><td colspan="2">Can use same as main profile or set up a separate authentication</td><td>Needs to be set up separately but can also use none ("skip")</td></tr>
<tr><td>Need to enter PIN/fingerprint to unlock profile?</td><td>Only if separate work profile PIN was set up</td><td>Yes (can be after rebooting or after turning screen off)</td><td>Optional (only if a PIN was set up for the profile)</td></tr>
<tr><td>After unlocking profile, need to enter PIN/fingerprint to start apps?</td><td>No</td><td>if using device screen lock for private space: No;<br />
if using separate PIN/biometrics for private space: Yes, after the screen was turned off.</td><td>No</td></tr>
<tr><td>Profile session can be shut down or paused?</td><td colspan="3">Yes</td></tr>

</table>

<h3>Appendix 2: Which other alternative mobile operating systems are there?</h3>

<p>Besides <strong>Android</strong> and Android-based free &amp; open source operating systems (see the table above), the only <em>viable</em> alternative for most people is Apple's <strong>iOS</strong>. There have been many attempts to establish a third mobile OS, but so far none of them have been successful:

The below is a non-comprehensive list of mobile operating systems, both those you can try today and those that tried and failed in the past:</p>

<ul>
<li><strong>iOS</strong></li>
<li>Using the Linux kernel:</li>
  <ul>
  <li>Not compatible with desktop GNU/Linux apps and each other, instead they each use their own app ecosystem:</li>
    <ul>
    <li><strong>Android</strong>, both preinstalled proprietary distributions like Samsung's OneUI or Xiaomi's HyperOS, and open source forks of AOSP such as GrapheneOS <span class="foss">FOSS</span> or LineageOS <span class="foss">FOSS</span></li>
    <li><del>FirefoxOS</del> (&dagger; 2015) <span class="foss">FOSS</span></li>
      <ul><li><strong>KaiOS</strong></li></ul>
    <li><del>webOS</del> (&dagger; 2011) - This OS still is used in LG SmartTVs, but it's dead on phones.</li>
      <ul><li><strong>LuneOS</strong> <span class="foss">FOSS</span></li></ul>
    <li><del>Tizen</del> (&dagger; 2017) (successor of MeeGo, see below, but uses its own apps) - This OS still is used in Samsung SmartTVs, but it's dead on phones.</li>
    <li><strong>Sailfish OS</strong> (successor of MeeGo, see below, but uses its own apps)</li>
    <li><strong>Ubuntu Touch</strong> <span class="foss">FOSS</span> (experimental support for desktop Ubuntu apps (.deb and Snap) but normal Ubuntu Touch apps have the "Click" format which is not supported by any other Linux distributions)</li>
    </ul>
  </ul>
  <ul>
  <li>Part of the main GNU/Linux ecosystem - can run desktop Linux apps and each other's apps:</li>
    <ul>
    <li><strong>postmarketOS</strong> <span class="foss">FOSS</span></li>
    <li>Various mobile distributions based on Debian GNU/Linux:</li>
      <ul>
      <li><strong>Mobian</strong> <span class="foss">FOSS</span></li>
        <ul><li><strong>Droidian</strong> <span class="foss">FOSS</span></li></ul>
      <li><strong>PureOS</strong> <span class="foss">FOSS</span> (for the Librem 5 smartphone)</li>
      <li><strong>FuriOS</strong> <span class="foss">FOSS</span> (for the FuriPhone FLX series)</li>
      </ul>
    <li><del>Maemo</del> (&dagger; 2011) <span class="foss">FOSS</span></li>
      <ul>
        <li><strong>Maemo Leste</strong> <span class="foss">FOSS</span></li>
        <li><del>MeeGo</del> (&dagger; 2012) <span class="foss">FOSS</span></li>
          <ul><li><strong>Nemo Mobile</strong> <span class="foss">FOSS</span></li></ul>
      </ul>
    <li>Linux distributions that are mainly focusing on PCs may also be available with a mobile UI, but they usually don't run on any smartphones due to missing hardware compatibility - <em>Fedora KDE Mobile Desktop</em> is one example. Rather, the focus is on other touchscreen devices such as tablets and 2-in-1 laptops that come preinstalled with Windows. Honourable mention goes to <strong>Manjaro ARM</strong> <span class="foss">FOSS</span> which was chosen as the default OS (with Plasma Mobile UI) for the Pinephone.</li>
    </ul>
  </ul>
<li><strong>HarmonyOS</strong> (Huawei's HarmonyOS has not been based on Android since the official launch of HarmonyOS NEXT in October 2024; it now uses its own microkernel and has its own app ecosystem)</li>
<li><del>Windows Pocket PC &rarr; Windows Mobile &rarr; Windows Phone &rarr; Windows 10 Mobile</del> (&dagger; 2020)</li>
<li><del>BlackBerry OS &rarr; BlackBerry 10</del> (&dagger; 2018)</li>
<li><del>Symbian</del> (&dagger; 2012)</li>
<li><del>Palm OS</del> (&dagger; 2007)</li>
</ul>

<p>Sailfish OS, Ubuntu Touch and FuriOS have integrated support for Android apps, though no full compatibility is guaranteed. Other Linux phones usually have the option of running Android apps via the Waydroid compatibility layer, if installed by the user.</p>


<script src="bottom.js "></script>
<script src="https://keepandroidopen.org/banner.js"></script>
</body>
</html>