Privacy friendly OS for mobile

Let’s face it, with Linux not at all an alternative right now for a daily driver full featured mobile OS I was exploring what other alternatives there is, and the options are as it seems the two usual suspects: CalyxOS and GrapheneOS. Now, I’m doing my testing on both but I was wondering what do you think of those, if you have tried it, and what’s your experience.

Will follow in some days with my opinion on both after have tried those a little bit more.

Will leave the link of the two website below for everyone interested.



It could be worth to give this a try :slight_smile:

Thanks but I don’t like /e/ that much, is basically LineageOS, which is not bad per se, but doesn’t give so much more privacy ootb. Also they promote their own cloud solution and related account. Nothing is mandatory mind you and is for sure a step in the right direction but I was searching something more private by default.

GrapheneOS is the best you can have privacywise and with the sandboxed google play is virtually fully functional. I think is far beyond any other alternative and highly recommended.


That’s true. I’ve to say that is basically what I’m thinking for now. The only thing that I really miss from CalyxOS is the firewall app (Datura) with which you can really granularly control the app network access.

You could still control the network access of each app individually from Settings:All apps.
A bit more tedious of course than in Datura where all the apps are gathered in the same UI.

There are also other firewall alternatives like NetGuard for example.

Recently I am becoming more and more inclined to get a phone which is supported by some mobile linux operating system. Perhaps a Fairphone 4 with Ubuntu Touch or something. I need to dig into it a bit more before making up my mind.

Currently I am running happily CalyxOS on a Pixel 4a.

I very much have enjoyed CalyxOS on my Pixel. I don’t miss anything.

1 Like

Well yes and no, Datura as a more precise configuration because for example in the “stock” you cannot configure an app to only have network access when you are connected to a VPN.

I’ll try that and see. Thanks for the tip.

Ah, I see. I have actually never looked into doing this so I don’t know how it is done.

I just saw almost identical set of settings for an app’s network access in Datura and the stock Android settings:

Also, If what you said about VPN is an important feature for you, I am not sure if you could use NetGuard and another VPN app on your phone at the same time as NetGuard sets up itself as VPN.

However, it is possible to use NetGuard in tandem with Orbot in non vpn mode.

Another interesting feature for me to use NetGuard is the possibility of loading a host file for blocking ads, trackers and whatnot for the whole device.

I use GrapheneOS on my Pixel 7 Pro and I’m really loving it. The option to create multiple users that are separate from each other is awesome. Also, the ability to create fake permissions for individual apps is super useful. However, since I need some apps from the Playstore, I have a user profile where I installed these apps via the Aurora Store. I also monitor this profile with Netguard (with Pro license). With the sandboxed Google apps, notifications from these apps are also not a problem (you don’t even have to create a Google account for that). I only can’t get the Pixel Watch, which came as a pre-order gift, to connect to the phone since I have GrapheneOS on it. But since I don’t have much interest in this watch and it was for free anyway, I do not care.


Very interesting but how you arrive to that option precisely? Because in app permissions I don’t see it in GrapheneOS. Maybe is a feature of CalyxOS? VPN is not so important, was just an example.

This is just a very interesting feature to check out instead.

@Neum I agree with you. I’m basically using it like you and between the two I’m more incline to prefer GrapheneOS instead of CalyxOS.

I run GrapheneOS on my Pixel4a. There is nothing comparable in terms of security and privacy.

1 Like

That’s what I’m running on same hardware. I think that in the end it is the better choice (for me).


If I had a Pixel I would install GrapheneOS but I don’t so it’s LineageOS without GApps for me. Not ideal but good enough.


there is still the possibility to install sandboxed google play services. or also to create two user profiles. one for working and one with sandboxed play services for example. with the deepl app i unfortunately can’t use speech without internet access of google speech services. otherwise, the smartphone does for me what it should. phone calls, hardened kernel, synchronization with CALDav and CARDav via nextcloud.

Yes, I’m using sandboxing play service to run the banking app on a separate profile. All the other things are on main profile without Google. Works flawlessly

1 Like

I do have these same settings both on CalyxOS and LineageOS (which I have on another mobile device). Both are on Android 13.

I go to Settings > Apps > All apps then I choose some app (like Bromite as in the example above) and next in the App info screen, Mobile data & Wi-Fi.

Strange, I’ve only background data for mobile instead. Probably is something that they have specifically changed in GrapheneOS. I’ll ask on their matrix then

1 Like

I had an Xperia with LineageOS and MindTheGApps. I disabled every google service except the localization services. It was a bit annoying because some apps would not work because the except google services to be turned on because they are installed.

Now I have a Pixel 6 with Calyx OS. In MicroG I’ve kept everything disabled, but the localization services since I use Waze for driving and the apps that don’t use play services don’t show traffic, road closures and etc. It works better than LineageOS as some apps that didn’t work now work because the play services are not there so they don’t expect them. Quite happy with my decision as everything works nicely beside not being able to have android auto, just gotta use a holder in my 2023 car which kind of looks stupid. Also notifications for some apps don’t work, but seriously I would have disabled them anyway except ProtonMail which is quite funny because Proton Calandar works just fine. The FOSS apps like Signal and Element do have notifications. I know there is GrapheneOS, but the ease of use of Calyx and the support and presence of the devs convinced me to go that route.

1 Like