← Sitemap

Comparison of Android ROMs

This is a comparison of popular Android "ROMs" (or better: AOSP distributions). Please note I'm not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.

Comparison of Android ROMs

Source: eylenburg.github.io

Last updated: 25 June 2024

GrapheneOS DivestOS CalyxOS IodéOS /e/ LineageOS "Stock" Android
Based on AOSP LineageOS AOSP LineageOS LineageOS AOSP AOSP

Freedom
Free and open source (FOSS)? Yes Yes Yes Yes Yes Yes No
Deblobbed? Yes, significantly Yes, extensively Yes, significantly Yes, minimal Yes, minimal Yes, minimal No

Features
Network controls for appsThe controls on LineageOS-based operating systems are leaky as their approach only disabled direct network access (socket) but doesn't disable indirect access via the INTERNET permission, which provides multiple ways of bypassing them not requiring collusion between apps. This functionality is regularly used by apps with no malicious intent. Collusion between apps is an issue for all kinds of granted access, permissions, etc. and not specific to the INTERNET permission. If INTERNET permission is not blocked though, no collusion is required. Direct and indirect accessIn addition to blocking indirect access via INTERNET APIs, the GrapheneOS Network toggle also emulates the network being down and avoids running scheduled jobs which require the network. Direct and indirect access Direct access only Direct access only Direct access only Direct access only No
Network-based location Emulated default, or Play ServicesEmulated by default (redirect to GNSS-based location), can use sandboxed Google Play via toggles when installed No microG location microG location microG location No Play Services
System-wide connection/tracker blocking Private DNS setting, or via VPN app hosts file, Private DNS, or VPN Private DNS setting, or via VPN app iode-snort app, Private DNS, or VPN Private DNS setting, or via VPN app Private DNS setting, or via VPN app Private DNS setting, or via VPN app
E2E-encrypted phone backups Yes (Seedvault) Yes (Seedvault) Yes (Seedvault) Yes (Seedvault) Yes (Seedvault) Yes (Seedvault) Yes, but requires Google login
Notification forwarding from other user profiles Yes No No No No No No
Duress PIN (to wipe device) Yes, see here No No No No No No
Android Auto compatible Yes (sandboxed), see hereGrapheneOS has permission toggles to enable the user to provide the least amount of permissions necessary (e.g. wired Android Auto requires only USB access). No No No Yes, see here No Yes
Google Pay compatible No No No No No No Yes

Degoogling (connections to Google)
eSIM activation Google eUICC w/o data sharingDisabled by default. Unlike the regular Google eUICC management app, it doesn't require Google Play and cannot share data with it. It doesn't communicate with Google servers unless the carrier is hosting with them, which would involve using their servers regardless. OpenEUICC Google eUICC (preinstalled) Google eUICC (preinstalled) Google eUICC (preinstalled) Google eUICC (preinstalled) Google eUICC (preinstalled)
Network location provider Emulated/GNSS default, or GoogleEmulated by default (redirect to GNSS-based location), can use sandboxed Google Play via toggles when installed n/a microG location microG location microG location n/a Google
SUPL GrapheneOS default, Google or none Google default, or none Google default, or none Google default, or none None default, or Google Google default, or none Google
PSDS - Google Pixel 6 and laterThe default server used depends on the GPS chipset, e.g. phones with Qualcomm chips (e.g. Snapdragon) connect to a Qualcomm server, while newer Google Pixels with Tensor chips connect to a Google server, and other phones with Broadcom GPS (e.g. Exynos) connect to a Broadcom server. Some ROMs override these settings.
Click here for details and which device information are sent.
GrapheneOS default, Google, or none Broadcom default, or none Broadcom default, or none Broadcom default, or none None default, or Google Google default, or none Google
Connectivity check/captive portal GrapheneOS default, Google, or none Multiple presets offered Google (can be changed)can be changed with `adb` command Kuketz.de Murena.io Google (can be changed)can be changed with `adb` command Google (can be changed)can be changed with `adb` command
DNS connectivity check GrapheneOS default, or Google Google Google Google Google Google Google
DNS server fallback Cloudflare Quad9 Cloudflare Quad9 Quad9 Google Google
Network time GrapheneOS default, or none NTP.org (can be changed)Server pool with arbitrary providers, which can include Google-hosted servers or even malicious servers. NTP server can be changed with `adb` command. & carrier Google (can be changed)can be changed with `adb` command & carrier NTP.org (can be changed)Server pool with arbitrary providers, which can include Google-hosted servers or even malicious servers. NTP server can be changed with `adb` command. & carrier NTP.org (can be changed)Server pool with arbitrary providers, which can include Google-hosted servers or even malicious servers. NTP server can be changed with `adb` command. & carrier Google (can be changed)can be changed with `adb` command & carrier Google (can be changed)can be changed with `adb` command & carrier
Hardware attestation provisioning GrapheneOS default, or Google Google Google Google Google Google Google
DRM (Widevine) provisioning GrapheneOS default, or Google DRM not supported Google Google Google Google Google

Google Play Services
Implementation GmsCompat (sandboxed Google Play)GrapheneOS does not include Google Play as a preinstalled app, but it includes an open source compatibility layer for users who choose to use it. Users can alternatively install microG on GrapheneOS, albeit GrapheneOS does not support signature spoofing. Not all microG functionality requires signature spoofing, for example FCM works with microG without signatures spoofing to the extent it works without special privileges (e.g. microG needs to use a privileged API to wake apps and keep them awake for a short period of time to handle FCM messages). microG microG microG microG None by default. It's possible to install microG manually (LineageOS supports signature spoofing for microG since 2024). Alternatively, there are ROMs with microG preinstalled or one can add Google apps during the installation process, but this is not officially supported by LineageOS. Google Play Services
Optional? Yes (not preinstalled) Yes (not preinstalled) Yes (preinstalled but opt-out) Yes (preinstalled but opt-out) No (preinstalled without opt-out) No (preinstalled without opt-out)
Sandboxed/unprivileged? Yes (regular app sandbox) Yes (regular app sandbox) No No No No
Can be limited to user or work profile? Yes Yes Yes ? (TBC) ? (TBC) No
Signature spoofing needed/allowed? No Only for Google signature Only for Google signature Allowed for any app & signatureClick here for details Allowed for any app & signatureClick here for details No
Push notifications via Google FCM? Yes Optional Optional Optional Optional Yes
Google Play Integrity? Passes Basic Integrity only, see herePasses MEETS_BASIC_INTEGRITY but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY which require a certification from Google. No No No No Yes

Privacy
Storage scopes Yes, see here No No No No No No
Contact scopes Yes, see here No No No No No No
Per-app sensor controls Yes, see here Yes No No No No No
Per-connection DHCP state flushing Yes Yes No No No No No
MAC address randomization Per connection, see here Per connection Per network Per network Per network Per network Per network
SUPL: IMSI or phone number sent? No No No No No No Yes
PSDS: user agent sent?May include chipset serial number, device manufacturer and model, carrier, and Android version. Click here for details and which device information are sent. No No (device-specific), see here Partially for Qualcomm chipsChipset serial number is stripped out but other less unique device information remain Partially for Qualcomm chipsChipset serial number is stripped out but other less unique device information remain Partially for Qualcomm chipsChipset serial number is stripped out but other less unique device information remain Partially for Qualcomm chipsChipset serial number is stripped out but other less unique device information remain for Qualcomm GPS chips
Closed cross-profile package leaks? Yes Partially No No No No No
Closed device identifier leaks? Yes, see here No No No No No No
Metadata stripping for screenshots Yes, see here Yes, see here Yes, see here No No No No
EXIF metadata stripping for photos Yes, see here No No No No No No

Security
Verified boot (if supported by device)? Yes, incl. system app updates Yes, but excl. system app updates Yes, but excl. system app updates Yes, but excl. system app updates w/ test keys; excl. system app updates No Yes, but excl. system app updates
Hardware-based security verification Yes, see here No No No No No Some devices, see here
System app downgrade protection For updates and boot, with fs-verity For updates and boot For updates (incomplete) For updates (incomplete) For updates (incomplete) For updates (incomplete) For updates (incomplete)
Secure application spawning? Yes (exec) Yes (exec) No No No No No
Hardened memory allocator? Yes YesPatches taken from GrapheneOS No No No No No
Hardware memory tagging? Yes, if supported by device No No No No No No
Hardened kernel? Yes, highest Yes, high (device-specific)Patches taken from GrapheneOS No No No No No
Hardened libc? Yes, highest Yes, highPatches taken from GrapheneOS No No No No No
Hardened webview? Yes (Vanadium) Yes (Mulch)Patches taken from GrapheneOS No No No No No
Hardened SELinux policy? Yes No No No No No No
Android Runtime JITJust-In-Time compilation/profiling AOTAhead-Of-Time compilation w/o profiling Interpreter/JITJust-In-Time with profiling Interpreter/JITJust-In-Time with profiling Interpreter/JITJust-In-Time with profiling Interpreter/JITJust-In-Time with profiling Interpreter/JITJust-In-Time with profiling Interpreter/JITJust-In-Time with profiling
Additional hardening Highest, see here Medium, see here No No No No No
Secure TLS for SUPL? TLSv1.2 if supported by deviceOlder Pixels with Qualcomm chips only support TLSv1.1 TLSv1.2 if supported by device TLSv1.1 or TLSv1.0 TLSv1.1 or TLSv1.0 TLSv1.1 or TLSv1.0 TLSv1.1 or TLSv1.0 TLSv1.1 or TLSv1.0
Fallback DNS server with DNSSEC? Yes Yes Yes Nouses Quad9's unsecured endpoint (9.9.9.10) with provides no security blacklist and no DNSSEC Yes Yes Yes
Can disable USB-C and pogo pins data?See here for details: [1], [2], [3] Default (while locked), see here No No No No No No
Can disable USB-C charging?See here for details: [1], [2], [3] Opt-in (after boot), see here No No No No No No
Can disable USB connections?See here for details: [1], [2], [3] Default (while locked), see hereHardware and software ? (TBC - like Lineage or stock?) Opt-in, software only (incomplete)Can only disable high level software attack surface. Cannot disable USB until after early boot. Lacks a way to block new USB connections without ending existing connections. The mode for disabling USB connections while locked continues allowing new connections until existing connections end, including a connection through another method such as a pogo pins USB connection to a stand. ? (TBC - like Lineage or stock?) ? (TBC - like Lineage or stock?) Opt-in, software only (incomplete)Can only disable high level software attack surface. Cannot disable USB until after early boot. Lacks a way to block new USB connections without ending existing connections. The mode for disabling USB connections while locked continues allowing new connections until existing connections end, including a connection through another method such as a pogo pins USB connection to a stand. Device admin APIRequires installing a device admin app like Sentry. Can only disable high level software attack surface. Cannot disable USB until after early boot. Lacks a way to block new USB connections without ending existing connections.
Secure connection to network time server? HTTPS via GrapheneOS server NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication NTP w/o NTS and carrier-based timeinsecure because cellular networks lack proper authentication

Updates
Security update speedClick here for details <2 days 1-3 weeks ~1 week, sometimes longer delaysquicker updates in optional "security express" update channel ~1 month, sometimes longer delays ~2 months, sometimes longer delays 1-2 weeks, sometimes longer delays Depends on phone vendor
Partial security updates (ASB) after EoL datemissing most driver and firmware patches after the phone's end of life date until 5 years from launche.g. 2 years of extended support for 4th and 5th generation Pixels Several years 1-3 years Several years Several years Several years By definition: No
Number of Android versions supportedOnly the latest major release of AOSP has full security patches. Most privacy fixes are in fact only included for the new OS versions, not in the security patches. The ASB patches patches rarely include fixes for permission model / sandbox flaws resulting in privacy leaks since they're given Moderate severity and often require invasive changes including potential compatibility breaks. Usually 1 Android version 7 Android versions (incl. backports) Usually 1 Android version Usually 1 Android version 2-3 Android versions Usually 3 Android versions Usually 3 Android versions
Webview update speedClick here for details <2 days <2 days <1 week, sometimes longer delays <2 weeks Several weeks/months <2 weeks Depends on phone vendor

Supported devices
Asus* No Older devices only No No Older devices only Older devices only Yes (ZenUI)
Fairphone No Yes Yes Yes Yes Yes Yes
Google Yes Yes Yes Older devices only Yes Yes Yes
Motorola No Older devices only Yes No Yes Yes Yes
Oneplus No Older devices only No Older devices only Older devices only Yes Yes (OxygenOS)
Samsung* No Older devices only No Older devices only Older devices only Older devices only Yes (OneUI)
Sony No Older devices only No Older devices only Older devices only Yes Yes
Xiaomi No Older devices only No Older devices only Older devices only Yes Yes (HyperOS)
* these manufacturers don't support bootloader unlocking anymore for all or most of their new devices. "Older devices only" = no devices released since 2023.